On 03/28/2018 05:14 PM, Martin Wilck wrote:

> On Wed, 2018-03-28 at 00:24 +0200, Xose Vazquez Perez wrote:

> Multiple licenses are acceptable for multipath-tools, too. Yet we need
> to understand, and clearly communicate, which license applies to which
> source file, and what that means for the binaries and libraries that
> are part of the package. And, needless to say, reducing the number of
> licenses and getting rid of the obsolete LGPL-2.0 would simplify
> matters significantly, both for us and other parties.

It would be nice to have the old cvs repo, from 2003-09-18 multipath-0.0.1 to
2005-05-23 multipath-tools-0.4.5, online. Or converted to git.

>> And the SPDX License Identifier is being used:
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tr
>> ee/Documentation/process/license-rules.rst
> Yeah, it's probably a good idea to do that. I'm not sure if it should
> replace the boilerplate license header or just be added on top of it.
> Either way, when we do this, we should make sure that we understand
> which license covers the individual files, in particular those that
> currently have no license header. We're assuming that these are covered
> by COPYING, but is that actually true for all 130+ files?
> This shouldn't be taken too lightly. Assume you add an "LGPL-2.1" SPDX
> header to some file. Company X links to the file in it's proprietary
> product. Later, company Y finds some of its own GPL-2.0 licensed code
> in the same file and sues X over 100 million for GPL breakage. Now X
> claims the money back from the person who inserted the misleading
> license header in the file ...
> That sounds paranoid and exaggerated, but I've heard exactly arguments
> like this in discussions about proprietary software using FLOSS. It's
> the kind of thing Black Duck and similar companies make money with.

Kernel guys are replacing boiler plate text with a SPDX tag.
I suppose, by advice and with assistance of the lawyers of The Linux Foundation.

This template could be good enough and neat for multipath-tools:
// SPDX-License-Identifier: <licence(s)>
// File-Originally-From: <project name and <url>>
// <a copyright indicator> <year(s) applicable>, <copyright holder(s)>.
// Author(s): <Name and <e-mail>>
//            ...


// SPDX-License-Identifier: GPL-2.0-or-later
// File-Originally-From: linux-tool <http://linux-tool.org>
// Copyright 1999, 2001-2018, Foo Corp.
// Author(s): Bar <b...@foo.org>

dm-devel mailing list

Reply via email to