Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 18/01/2017 23:06, Alex Rousskov wrote: That Appendix text is not normative because it comes after the END OF TERMS AND CONDITIONS marker. It is a good suggestion, but it is not a part of the Apache licensing terms. More precisely: * the "normative" part is what you can do (or not) with code licensed under Apache/GPL license (it affects the users) * the "How to Apply These Terms to Your New Programs" is what the author of programs had to do, for releasing the software under Apache or GPL license (it must be addressed to producers of the source code, not users) So: * do you want re-use BSD/MIT/ISC code? A unique file crediting the authors, and the used licenses should be fine. I agree. You are following/respecting the "normative" part. * do you want release new/modifie/refactored source code under a certain unique license? Then probably it is better following the common method: add a boilerplate header in each source file with copyright holder, and the license terms. Like required from Apache/GPL, and made from the majority of other OSS projects using BSD/ISC/MIT licenses. Using those suggested boilerplates does not make it 100% clear who the authors are: * Did the listed person A author function X or was it the listed author B? Or do they both hold joint copyright? Or is it their employer(s)? Ok. In any case it's more clear from a legal point of view a copyright and boilerplate license on each file, than only a unique note for the entire project. Otherwise GPL and Apache will not suggest this. That 100% clarity via boilerplates is an illusion Ok. that gets progressively more expensive to support in active open source projects with a non-trivial number of authors. Fortunately, there is no need to pay that price in most cases. I disagree that it is expensive to support. If you don't want change license it is very easy adding yourself to the list of authors. It can be a unique file, with a reference to the file in the header boilerplate, or you had to add yourself to every modified file, but it is very quick. And if you want change license, the cost of scanning the headers and obtaining the complete list of copyright-holders is in any case lesser than rewriting the code from scratch :-) And in 99% of the cases OSS projects does not change license. Regards, Massimo ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 01/18/2017 02:00 PM, Massimo Zaniboni wrote: > On 18/01/2017 21:30, Alex Rousskov wrote: >> AFAIK, neither GPL nor Apache license actually _require_ this. You may >> have missed the "END OF TERMS AND CONDITIONS" markers when reading the >> corresponding web pages. > 1) I'm consulting https://www.apache.org/licenses/LICENSE-2.0 > > "You must cause any modified files to carry prominent notices stating > that You changed the files;" A single prominent notice for a collection of changed files satisfies that requirement. It is normally expressed via implications of various "This Software contains code originally written by X and licensed under Y" notices. The change notice does not have to go inside the changed file itself. Otherwise, there would be no legal way to delete an old licensed file while preserving its code in other/new files! > In APPENDIX: HOW TO APPLY THE APACHE LICENSE TO YOUR WORK > [https://www.apache.org/licenses/LICENSE-2.0#apply] there is the > boilerplate notice, and also if the text is not 100% clear, it seems > that it must be added to every source code file. That Appendix text is not normative because it comes after the END OF TERMS AND CONDITIONS marker. It is a good suggestion, but it is not a part of the Apache licensing terms. > 2) In https://www.gnu.org/licenses/gpl.html it says explicitely > > "How to Apply These Terms to Your New Programs That text is not normative because it comes after the END OF TERMS AND CONDITIONS marker. > Also because a file is a strong container of source code, and so it > is 100% clear who are the authors, and which license is applied to the > code. Using those suggested boilerplates does not make it 100% clear who the authors are: * Did the listed person A author function X or was it the listed author B? Or do they both hold joint copyright? Or is it their employer(s)? * If somebody removes (or does not add) an author's name, for any reason, that author is still the author of her code. * If somebody adds the wrong author name, for any reason, that person does not magically become the author of somebody else code. Similar file scoping problems apply to licenses, especially when a project mixes different ones. That 100% clarity via boilerplates is an illusion that gets progressively more expensive to support in active open source projects with a non-trivial number of authors. Fortunately, there is no need to pay that price in most cases. Alex. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 18/01/2017 21:30, Alex Rousskov wrote: - the AUTHORS (but not who made typos/small bug-fixes) Yes, and a committee of lawyers that determine whether a given contribution warrants adding its author to the source code file(s) I saw OSS projects with the list of authors in each file, in the boilerplate header. In other projects like https://github.com/zeromq/libzmq/blob/master/src/clock.cpp they resolve more in you way, telling simply Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file This file is part of libzmq, the ZeroMQ core engine in C++. Then every year I suspect they have an utility extending the year range. Regards, Massimo ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 18/01/2017 21:30, Alex Rousskov wrote: GPL and Apache License require explicitely to put an header file in each source code file with: AFAIK, neither GPL nor Apache license actually _require_ this. You may have missed the "END OF TERMS AND CONDITIONS" markers when reading the corresponding web pages. 1) I'm consulting https://www.apache.org/licenses/LICENSE-2.0 "You must cause any modified files to carry prominent notices stating that You changed the files;" This seems to suggest to add something like Copyright 2017 m...@example.net to the header of a source code file. In APPENDIX: HOW TO APPLY THE APACHE LICENSE TO YOUR WORK [https://www.apache.org/licenses/LICENSE-2.0#apply] there is the boilerplate notice, and also if the text is not 100% clear, it seems that it must be added to every source code file. 2) In https://www.gnu.org/licenses/gpl.html it says explicitely "How to Apply These Terms to Your New Programs [..] attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright” line and a pointer to where the full notice is found. " and then there is the usual boilerplate. So for Apache and GPL the suggested way is attaching the usual boilerplate header to every source code file. I'm not a lawyer but at this point I suspect that the usual/suggested way is the same also for BSD. Also because a file is a strong container of source code, and so it is 100% clear who are the authors, and which license is applied to the code. Regards, Massimo - the AUTHORS (but not who made typos/small bug-fixes) Yes, and a committee of lawyers that determine whether a given contribution warrants adding its author to the source code file(s) plus a dedicated group of developers that have nothing better to do but move author lines from one source file to another when the code is reshuffled. And an Oracle that remembers who wrote what and removes no longer valid author entries as the code gets deleted. Oh, and do not forget a small group of assistants that change all those duplicated author emails when author employer changes (while following up with the old employer for a permission to change competitorA.com emails to competitorB.com emails in sources). - a short version of the license terms There is no "short version" of GPL or Apache terms. What folks often put in source code files is a reference to a document that contains the actual license(s). It is up to each project to determine the exact text of that reference, keeping various official recommendations (i.e., the stuff _after_ TERMS AND CONDITIONS) and the number of applicable licenses in mind. Alex. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss -- Massimo Zaniboni https://www.asterisell.com web application for showing, and billing VoIP calls. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 01/18/2017 10:33 AM, Massimo Zaniboni wrote: > GPL and Apache License require explicitely to put an header file in each > source code file with: AFAIK, neither GPL nor Apache license actually _require_ this. You may have missed the "END OF TERMS AND CONDITIONS" markers when reading the corresponding web pages. > - the AUTHORS (but not who made typos/small bug-fixes) Yes, and a committee of lawyers that determine whether a given contribution warrants adding its author to the source code file(s) plus a dedicated group of developers that have nothing better to do but move author lines from one source file to another when the code is reshuffled. And an Oracle that remembers who wrote what and removes no longer valid author entries as the code gets deleted. Oh, and do not forget a small group of assistants that change all those duplicated author emails when author employer changes (while following up with the old employer for a permission to change competitorA.com emails to competitorB.com emails in sources). > - a short version of the license terms There is no "short version" of GPL or Apache terms. What folks often put in source code files is a reference to a document that contains the actual license(s). It is up to each project to determine the exact text of that reference, keeping various official recommendations (i.e., the stuff _after_ TERMS AND CONDITIONS) and the number of applicable licenses in mind. Alex. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 18/01/2017 17:29, Alex Rousskov wrote: Again, the license applies to code/software, not some "source file" with ASCII art containing badly copied license text at the top. > There are > many ways to associate code with the copyright/license statement. The > more precise that mapping is, the more expensive maintaining a correct > association becomes. A centralized list of authors and licenses is a > practical approach for most open source projects that incorporate code > from many authors using many simple licenses. I agree on all the rest, but maybe there is a controversial point here... GPL and Apache License require explicitely to put an header file in each source code file with: - the AUTHORS (but not who made typos/small bug-fixes) - a short version of the license terms So the header file for each file is mandatory for Apache and GPL, and I think it is suggested also for other licenses. It states explicitely that all the code inside the file is released under a certain license, and how it can be reused. Obviously the license terms are applied to the code, and the file is only a mere container. I agree on BSD/ISC code reuse: if you want you can cite in a centralized place the authors and the original licenses. This respect the terms of BSD license, if you want reuse BSD code. This can be practical if you want mix different source files, with different compatible licenses. In this case you can choose a unique common license to put in the headers of new source files, refactor all the code base, and cite in only one place the original combined works, with the original compatible licenses. Regards, Massimo ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 01/18/2017 08:50 AM, Massimo Zaniboni wrote: > On 18/01/2017 16:17, Alex Rousskov wrote: >> compatible licenses like BSD and MIT, the easiest thing to do is to >> acknowledge their existence in one place (e.g., NOTICE or COPYING file), >> under a general "this Software contains code licensed under the >> following licenses:" header. > So probably to comply 100% with the requirement of the license, if you > have 10 source files, with the license header in them, for reusing the > code in these files, you need to extract all the different authors, and > list them in some place as you said, and they must be acknowledged also > from the binary application in some LICENSE/CREDIT menu. So for every > author of every source file, you should mention them. Yes, and I can provide all that information in one document (and "dialog") distributed with (and "displayed" by) Software. Many projects do exactly that. The fact that 100 authors placed their code in 1000 source files is irrelevant here; I can remove the license text from those source files and still comply with their licensing terms by other means because their generous license allows me to do that. Again, the license applies to code/software, not some "source file" with ASCII art containing badly copied license text at the top. There are many ways to associate code with the copyright/license statement. The more precise that mapping is, the more expensive maintaining a correct association becomes. A centralized list of authors and licenses is a practical approach for most open source projects that incorporate code from many authors using many simple licenses. Alex. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 18/01/2017 16:17, Alex Rousskov wrote: The authors licensed their code. Where you place that licensed code is up to you, and you may mix "code pieces" as needed. Ok. In fact BSD says "use in source and binary forms, with or without modification, are permitted", so "use" implies that you can transform/move/reorganize the source code. When dealing with a project containing a complex mixture of simple, "simple" :-) More I read BSD license text, and less I think it is simple. I prefer complex but clear licenses :-) compatible licenses like BSD and MIT, the easiest thing to do is to acknowledge their existence in one place (e.g., NOTICE or COPYING file), under a general "this Software contains code licensed under the following licenses:" header. Sorry if I'm (maybe) too much pedantic, but BSD requires also that: * redistributions of source code retain the above copyright notice * redistributions in binary form must reproduce the above copyright notice So probably to comply 100% with the requirement of the license, if you have 10 source files, with the license header in them, for reusing the code in these files, you need to extract all the different authors, and list them in some place as you said, and they must be acknowledged also from the binary application in some LICENSE/CREDIT menu. So for every author of every source file, you should mention them. I doubt there are many projects doing so, but reading the license it should be the path to follow. But it is obviously mainly an academic discussion, because from a practical point of view if you cite the original project, and the main authors, all the minor authors are indirectly and automatically acknowledged, because you can retrieve the original project source code, and I doubt they will sue you :-) Regarding the fact to leave the BSD license header in the source file or not, I think the same thing of you, but in any case the BSD license is not crystal clear on this because it says: "Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer." "retain" is a rather strong word. It's meaning is "continue to have", "keep in a particular place", so if we read it literally, you should take the header in this position, and then the BSD license still apply to the source file, and by consequence you can not use a different license, but this should be absurd. So I'm still convinced that BSD license text is not very precise. Regards, Massimo ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On 01/18/2017 04:20 AM, Henrik Ingo wrote: > The only annoying part when mixing two of them together is that you > must still correctly retain the license for each piece of code. So the > source code file that was originally BSD licensed must retain the BSD > license in its header, and likewise for the file that is MIT license. > You must just be careful not to mix them. Fortunately, "retaining the license for each piece of code" does not imply segregating the licensed code on a file level (or any other specific technical level). The authors did not license "files". Their licenses say nothing about "headers". The authors licensed their code. Where you place that licensed code is up to you, and you may mix "code pieces" as needed. When dealing with a project containing a complex mixture of simple, compatible licenses like BSD and MIT, the easiest thing to do is to acknowledge their existence in one place (e.g., NOTICE or COPYING file), under a general "this Software contains code licensed under the following licenses:" header. This will satisfy BSD and MIT license requirements. Many open source projects do that because tracking individual license X or author Y "code pieces" for licensing purposes quickly becomes impractical, has no value for a typical open source project, and may actually harm development. I can only imagine one scenario where a centralized disclaimer does not work well for simple licenses like MIT and BSD: If the projects finds significant value in eventually removing all code licensed under license X or by author Y. Such situations are rare exceptions for genuine open source projects. HTH, Alex. ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
Ah, that's very nice! I had the same understanding, that you could generally mix'n'match BSD and MIT licenses as long as you kept licenses and credited original authors. In the specific case, the 2 different libraries will for sure be phased out by time, since their implementations are old and not really well designed/coded - but I might as well publish my ongoing work since we've been using this in production for quite some time, and hopefully I could join forces with the rest of the community instead of being a one-man-army - and it's a great improvement over the abandoned software which now has 22 open PR's and 200+ issues on Github - mostly without *any* feedback. Thank you very much for your answer @Henrik! PS: Ah, that's quite funny - I'm from a "farmer-family" as well :-D On 18 January 2017 at 12:20, Henrik Ingowrote: > On Wed, Jan 18, 2017 at 1:00 PM, Mikkel Bonde wrote: > > I've been maintaining a private piece of package on Github lately, > that's composed from software that's MIT licensed and BSD2 licensed and my > own source code. > > > > The original author(s) abandoned the project(s) and are not answering > neither mails nor "issues" on Github. > > > > Am I allowed to publish this as OSS on eg. Github, and if so - is it > enough to include the original licenses and give credit to original > authors? I think it gets a bit hard to figure out whenever you mix licenses. > > > > Yes: Taking over abandoned source code is one of the major points of > open source! > > Some licenses mix well with others and some don't. The general point > is that if two licenses have contradictory requirements, you cannot > satisfy the combination of them. For the so called "short permissive" > licenses like BSD and MIT, the general consensus is that they can be > mixed with pretty much anything else. > > The only annoying part when mixing two of them together is that you > must still correctly retain the license for each piece of code. So the > source code file that was originally BSD licensed must retain the BSD > license in its header, and likewise for the file that is MIT license. > You must just be careful not to mix them. For example, you may not > want to mix MIT code and BSD code into the same file, just to keep > things simple. > > > henrik > PS: I like your name! In my ancestral line some hundred years ago > there was a sequence of men called Mikkel. And they were of course > farmers. One was even called Mikkel Mikkelsson, as his father was > Mikkel too. > > > -- > henrik.i...@avoinelama.fi > +358-40-5697354skype: henrik.ingoirc: hingo > www.openlife.cc > > My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7 > ___ > License-discuss mailing list > License-discuss@opensource.org > https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss > -- Mvh, Mikkel Bonde Reberbansgade 52 2. mf 9000 Aalborg Kontakt: #: 28 68 01 33 @: mikbo...@gmail.com ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS
On Wed, Jan 18, 2017 at 1:00 PM, Mikkel Bondewrote: > I've been maintaining a private piece of package on Github lately, that's > composed from software that's MIT licensed and BSD2 licensed and my own > source code. > > The original author(s) abandoned the project(s) and are not answering neither > mails nor "issues" on Github. > > Am I allowed to publish this as OSS on eg. Github, and if so - is it enough > to include the original licenses and give credit to original authors? I think > it gets a bit hard to figure out whenever you mix licenses. > Yes: Taking over abandoned source code is one of the major points of open source! Some licenses mix well with others and some don't. The general point is that if two licenses have contradictory requirements, you cannot satisfy the combination of them. For the so called "short permissive" licenses like BSD and MIT, the general consensus is that they can be mixed with pretty much anything else. The only annoying part when mixing two of them together is that you must still correctly retain the license for each piece of code. So the source code file that was originally BSD licensed must retain the BSD license in its header, and likewise for the file that is MIT license. You must just be careful not to mix them. For example, you may not want to mix MIT code and BSD code into the same file, just to keep things simple. henrik PS: I like your name! In my ancestral line some hundred years ago there was a sequence of men called Mikkel. And they were of course farmers. One was even called Mikkel Mikkelsson, as his father was Mikkel too. -- henrik.i...@avoinelama.fi +358-40-5697354skype: henrik.ingoirc: hingo www.openlife.cc My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7 ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss