On Sat, Mar 10, 2018 at 05:16:04PM -0800, Greg Kroah-Hartman wrote: > On Sat, Mar 10, 2018 at 03:01:53PM -0700, Jason Gunthorpe wrote: > > On Sat, Mar 10, 2018 at 12:06:36PM -0800, Greg Kroah-Hartman wrote: > > > On Thu, Mar 08, 2018 at 10:55:28AM -0700, Jason Gunthorpe wrote: > > > > Hi Greg & Co, > > > > > > > > A question has come up in the infiniband/rdma space about what SPDX > > > > license headers to use for some of our files. > > > > > > Which is a huge hint you should probably make it a lot simpler :) > > > > This license text was written in around 2005 and has been copied into > > around 659 files in the kernel. It looks like there are > 15 companies > > listed as copyright holders, some now defunct. > > Any hint as to who wrote it in the very first place? And why was it > copied everywhere? What drove that decision? Around 2005 an industry association called "OpenIB" was founded to consolidate and upstream into Linux what is today drivers/infiniband. That group of companies mutually agreed to use a "dual GPL and BSD license" scheme and the membership agreement obligated the member companies to use such a license. I don't know if OpenIB ever officially published an actual license text or not, anything from that era seems gone. As I understand it: At that point in history many of the member companies were new to this Open Source thing and had propriety systems they wanted to incorporate this software into. (eg Solaris, AIX, FreeBSD, etc have all benefited from this work) So this very permissive BSD license option was selected to give them the most rights to the code they contributed. Somehow when drivers/infiniband was first merged it contained this license text. I don't know where Roland Drier got the text from. >From there all the member companies copy and pasted that text, and it become the cannonical text. After that it appeared to spread into other parts of the kernel, eg crypto, scsi, net, etc all now have files that use it. I can't imagine this was any sort of well thought out act, probably just the same developers 'cargo cult' copying what they had always done. If that wasn't confusing enough, some of the userspace side of the subsystem uses a different variant of the OpenIB.org BSD license that includes the FreeBSD warranty, not the MIT warranty. I have no idea why that is, or where that came from either, I only know about it because I audited the licenses of the userspace side and noticed this difference. > > I don't want to embark on some relicensing quest 12 years after the > > fact just to use SPDX.. I thought the point of SPDX was to document > > the current licensing situation accurately? > > Yes it is, but if you think you have a "brand new" license here, that's > different and everyone needs to be aware of it. I would call it a variation than brand new, but yes. It appears to be yet another BSD 2 clause license what slightly different wording. SPDX has a few of these things already. > Including your lawyers, what do they think about this? I haven't asked Mellanox Lawyers. I had thought the SPDX tag to use should be a mechanical question, not a legal question. I doubt Mellanox lawyers are familiar with SPDX. > > > It really looks like this is BSD-2 to me, if not, please specify the > > > exact license in the SPDX line. > > > > Well, this is why I am writing to you. To ask if BSD-2-Clause is the > > right tag for the license example in include/uapi/rdma/ib_user_sa.h > > (which is copied into around 659 kernel files) > > I'm not a lawyer, so I can't provide legal intrepretation for a license, > sorry. Nor am I. It was your patch that put the tag on in the first place, so I was hoping you or those CC'd would have some advice, perhaps the different text was already noticed and deemed not relevant, for instance. > > If you ignore the preamble and start at "Redistribution" then: > > > > The first 50% of the license text matches the sample license of SPDX > > BSD-2-Clause, up until "THE SOFTWARE IS PROVIDED". > > > > The final paragraph matches the sample license of the SPDX for MIT. > > > > I've grepped through the SPDX database and no SPDX tag includes this > > combination of 2 clauses and warranty text together. > > > > My reading of the matching rules is that this is a 'no match' to > > BSD-2-Clause. > > > > If you say it is BSD-2-Clause then we will keep using that and move > > on. > > > > If you agree it doesn't match then I will request a new tag and use > > that instead. > > I think maybe Kate and Phillipe need to chime in here with what they > think to do, as they are the ones that have examined the thousands of > different variants of license floating in the kernel tree. That would be great. > If the intent is for this to really be bsd-2, then yes, we should be > able to just mark it as such, delete the confusing license text, and be > done with it. But to be sure, I strongly suggest you go ask your > corporate lawyers if they are ok with it, as they are the ones that need > to also agree with this. Well, even if Mellanox lawyers agree to that scheme, OpenIB had something like 15-20 member companies (some now defunct) contributing code and owning copyrights in the kernel with this license. I know blanket changes to licenses can be legally tricky so I wouldn't want to embark on that as a subsystem co-maintainer without support beyond my corporate legal.. Thanks, Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html