Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Massimo Zaniboni]

On 18/01/2017 23:06, Alex Rousskov wrote:


That Appendix text is not normative because it comes after the END OF
TERMS AND CONDITIONS marker. It is a good suggestion, but it is not a
part of the Apache licensing terms.


More precisely:

* the "normative" part is what you can do (or not) with code licensed 
under Apache/GPL license (it affects the users)


* the "How to Apply These Terms to Your New Programs" is what the author 
of programs had to do, for releasing the software under Apache or GPL 
license (it must be addressed to producers of the source code, not users)


So:

* do you want re-use BSD/MIT/ISC code? A unique file crediting the 
authors, and the used licenses should be fine. I agree. You are 
following/respecting the "normative" part.


* do you want release new/modifie/refactored source code under a certain 
unique license? Then probably it is better following the common method: 
add a boilerplate header in each source file with copyright holder, and 
the license terms. Like required from Apache/GPL, and made from the 
majority of other OSS projects using BSD/ISC/MIT licenses.



Using those suggested boilerplates does not make it 100% clear who the
authors are:

* Did the listed person A author function X or was it the listed author
B? Or do they both hold joint copyright? Or is it their employer(s)?


Ok. In any case it's more clear from a legal point of view a copyright 
and boilerplate license on each file, than only a unique note for the 
entire project. Otherwise GPL and Apache will not suggest this.



That 100% clarity via boilerplates is an illusion


Ok.


that gets
progressively more expensive to support in active open source projects
with a non-trivial number of authors. Fortunately, there is no need to
pay that price in most cases.


I disagree that it is expensive to support. If you don't want change 
license it is very easy adding yourself to the list of authors. It can 
be a unique file, with a reference to the file in the header 
boilerplate, or you had to add yourself to every modified file, but it 
is very quick.


And if you want change license, the cost of scanning the headers and 
obtaining the complete list of copyright-holders is in any case lesser 
than rewriting the code from scratch :-) And in 99% of the cases OSS 
projects does not change license.


Regards,
Massimo
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Alex Rousskov]

On 01/18/2017 02:00 PM, Massimo Zaniboni wrote:
> On 18/01/2017 21:30, Alex Rousskov wrote:
>> AFAIK, neither GPL nor Apache license actually _require_ this. You may
>> have missed the "END OF TERMS AND CONDITIONS" markers when reading the
>> corresponding web pages.

> 1) I'm consulting https://www.apache.org/licenses/LICENSE-2.0
> 
> "You must cause any modified files to carry prominent notices stating
> that You changed the files;"

A single prominent notice for a collection of changed files satisfies
that requirement. It is normally expressed via implications of various
"This Software contains code originally written by X and licensed under
Y" notices.  The change notice does not have to go inside the changed
file itself. Otherwise, there would be no legal way to delete an old
licensed file while preserving its code in other/new files!


> In APPENDIX: HOW TO APPLY THE APACHE LICENSE TO YOUR WORK
> [https://www.apache.org/licenses/LICENSE-2.0#apply] there is the
> boilerplate notice, and also if the text is not 100% clear, it seems
> that it must be added to every source code file.

That Appendix text is not normative because it comes after the END OF
TERMS AND CONDITIONS marker. It is a good suggestion, but it is not a
part of the Apache licensing terms.


> 2) In https://www.gnu.org/licenses/gpl.html it says explicitely
> 
> "How to Apply These Terms to Your New Programs

That text is not normative because it comes after the END OF TERMS AND
CONDITIONS marker.


> Also because a file is a strong container of source code, and so it
> is 100% clear who are the authors, and which license is applied to the
> code.

Using those suggested boilerplates does not make it 100% clear who the
authors are:

* Did the listed person A author function X or was it the listed author
B? Or do they both hold joint copyright? Or is it their employer(s)?

* If somebody removes (or does not add) an author's name, for any
reason, that author is still the author of her code.

* If somebody adds the wrong author name, for any reason, that person
does not magically become the author of somebody else code.

Similar file scoping problems apply to licenses, especially when a
project mixes different ones.

That 100% clarity via boilerplates is an illusion that gets
progressively more expensive to support in active open source projects
with a non-trivial number of authors. Fortunately, there is no need to
pay that price in most cases.

Alex.

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Massimo Zaniboni]

On 18/01/2017 21:30, Alex Rousskov wrote:


- the AUTHORS (but not who made typos/small bug-fixes)


Yes, and a committee of lawyers that determine whether a given
contribution warrants adding its author to the source code file(s)


I saw OSS projects with the list of authors in each file, in the 
boilerplate header.


In other projects like

  https://github.com/zeromq/libzmq/blob/master/src/clock.cpp

they resolve more in you way, telling simply

Copyright (c) 2007-2016 Contributors as noted in the AUTHORS file
This file is part of libzmq, the ZeroMQ core engine in C++.

Then every year I suspect they have an utility extending the year range.

Regards,
Massimo
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Massimo Zaniboni]

On 18/01/2017 21:30, Alex Rousskov wrote:


GPL and Apache License require explicitely to put an header file in each
source code file with:


AFAIK, neither GPL nor Apache license actually _require_ this. You may
have missed the "END OF TERMS AND CONDITIONS" markers when reading the
corresponding web pages.


1) I'm consulting https://www.apache.org/licenses/LICENSE-2.0

"You must cause any modified files to carry prominent notices stating 
that You changed the files;"


This seems to suggest to add something like

  Copyright 2017 m...@example.net

to the header of a source code file.

In APPENDIX: HOW TO APPLY THE APACHE LICENSE TO YOUR WORK 
[https://www.apache.org/licenses/LICENSE-2.0#apply] there is the 
boilerplate notice, and also if the text is not 100% clear, it seems 
that it must be added to every source code file.


2) In https://www.gnu.org/licenses/gpl.html it says explicitely

"How to Apply These Terms to Your New Programs
[..]
attach the following notices to the program. It is safest to attach them 
to the start of each source file to most effectively state the exclusion 
of warranty; and each file should have at least the “copyright” line and 
a pointer to where the full notice is found.

"

and then there is the usual boilerplate.

So for Apache and GPL the suggested way is attaching the usual 
boilerplate header to every source code file. I'm not a lawyer but at 
this point I suspect that the usual/suggested way is the same also for 
BSD. Also because a file is a strong container of source code, and so it 
is 100% clear who are the authors, and which license is applied to the 
code.


Regards,
Massimo









- the AUTHORS (but not who made typos/small bug-fixes)


Yes, and a committee of lawyers that determine whether a given
contribution warrants adding its author to the source code file(s) plus
a dedicated group of developers that have nothing better to do but move
author lines from one source file to another when the code is
reshuffled. And an Oracle that remembers who wrote what and removes no
longer valid author entries as the code gets deleted. Oh, and do not
forget a small group of assistants that change all those duplicated
author emails when author employer changes (while following up with the
old employer for a permission to change competitorA.com emails to
competitorB.com emails in sources).



- a short version of the license terms


There is no "short version" of GPL or Apache terms. What folks often put
in source code files is a reference to a document that contains the
actual license(s). It is up to each project to determine the exact text
of that reference, keeping various official recommendations (i.e., the
stuff _after_ TERMS AND CONDITIONS) and the number of applicable
licenses in mind.

Alex.

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss



--
Massimo Zaniboni
https://www.asterisell.com

web application for showing, and billing VoIP calls.
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Alex Rousskov]

On 01/18/2017 10:33 AM, Massimo Zaniboni wrote:
> GPL and Apache License require explicitely to put an header file in each
> source code file with:

AFAIK, neither GPL nor Apache license actually _require_ this. You may
have missed the "END OF TERMS AND CONDITIONS" markers when reading the
corresponding web pages.


> - the AUTHORS (but not who made typos/small bug-fixes)

Yes, and a committee of lawyers that determine whether a given
contribution warrants adding its author to the source code file(s) plus
a dedicated group of developers that have nothing better to do but move
author lines from one source file to another when the code is
reshuffled. And an Oracle that remembers who wrote what and removes no
longer valid author entries as the code gets deleted. Oh, and do not
forget a small group of assistants that change all those duplicated
author emails when author employer changes (while following up with the
old employer for a permission to change competitorA.com emails to
competitorB.com emails in sources).


> - a short version of the license terms

There is no "short version" of GPL or Apache terms. What folks often put
in source code files is a reference to a document that contains the
actual license(s). It is up to each project to determine the exact text
of that reference, keeping various official recommendations (i.e., the
stuff _after_ TERMS AND CONDITIONS) and the number of applicable
licenses in mind.

Alex.

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Massimo Zaniboni]

On 18/01/2017 17:29, Alex Rousskov wrote:


Again, the license applies to code/software, not some "source file" with
ASCII art containing badly copied license text at the top.

> There are
> many ways to associate code with the copyright/license statement. The
> more precise that mapping is, the more expensive maintaining a correct
> association becomes. A centralized list of authors and licenses is a
> practical approach for most open source projects that incorporate code
> from many authors using many simple licenses.

I agree on all the rest, but maybe there is a controversial point here...

GPL and Apache License require explicitely to put an header file in each 
source code file with:

- the AUTHORS (but not who made typos/small bug-fixes)
- a short version of the license terms

So the header file for each file is mandatory for Apache and GPL, and I 
think it is suggested also for other licenses. It states explicitely 
that all the code inside the file is released under a certain license, 
and how it can be reused. Obviously the license terms are applied to the 
code, and the file is only a mere container.


I agree on BSD/ISC code reuse: if you want you can cite in a centralized 
place the authors and the original licenses. This respect the terms of 
BSD license, if you want reuse BSD code. This can be practical if you 
want mix different source files, with different compatible licenses. In 
this case you can choose a unique common license to put in the headers 
of new source files, refactor all the code base, and cite in only one 
place the original combined works, with the original compatible licenses.


Regards,
Massimo
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Alex Rousskov]

On 01/18/2017 08:50 AM, Massimo Zaniboni wrote:
> On 18/01/2017 16:17, Alex Rousskov wrote:
>> compatible licenses like BSD and MIT, the easiest thing to do is to
>> acknowledge their existence in one place (e.g., NOTICE or COPYING file),
>> under a general "this Software contains code licensed under the
>> following licenses:" header.

> So probably to comply 100% with the requirement of the license, if you
> have 10 source files, with the license header in them, for reusing the
> code in these files, you need to extract all the different authors, and
> list them in some place as you said, and they must be acknowledged also
> from the binary application in some LICENSE/CREDIT menu. So for every
> author of every source file, you should mention them.

Yes, and I can provide all that information in one document (and
"dialog") distributed with (and "displayed" by) Software. Many projects
do exactly that. The fact that 100 authors placed their code in 1000
source files is irrelevant here; I can remove the license text from
those source files and still comply with their licensing terms by other
means because their generous license allows me to do that.

Again, the license applies to code/software, not some "source file" with
ASCII art containing badly copied license text at the top. There are
many ways to associate code with the copyright/license statement. The
more precise that mapping is, the more expensive maintaining a correct
association becomes. A centralized list of authors and licenses is a
practical approach for most open source projects that incorporate code
from many authors using many simple licenses.

Alex.

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Massimo Zaniboni]

On 18/01/2017 16:17, Alex Rousskov wrote:


The authors licensed their code.
Where you place that licensed code is up to you, and you may mix "code
pieces" as needed.


Ok. In fact BSD says "use in source and binary forms, with or without 
modification, are permitted", so "use" implies that you can 
transform/move/reorganize the source code.



When dealing with a project containing a complex mixture of simple,


"simple" :-) More I read BSD license text, and less I think it is 
simple. I prefer complex but clear licenses :-)



compatible licenses like BSD and MIT, the easiest thing to do is to
acknowledge their existence in one place (e.g., NOTICE or COPYING file),
under a general "this Software contains code licensed under the
following licenses:" header.


Sorry if I'm (maybe) too much pedantic, but BSD requires also that:
* redistributions of source code retain the above copyright notice
* redistributions in binary form must reproduce the above copyright notice

So probably to comply 100% with the requirement of the license, if you 
have 10 source files, with the license header in them, for reusing the 
code in these files, you need to extract all the different authors, and 
list them in some place as you said, and they must be acknowledged also 
from the binary application in some LICENSE/CREDIT menu. So for every 
author of every source file, you should mention them.


I doubt there are many projects doing so, but reading the license it 
should be the path to follow. But it is obviously mainly an academic 
discussion, because from a practical point of view if you cite the 
original project, and the main authors, all the minor authors are 
indirectly and automatically acknowledged, because you can retrieve the 
original project source code, and I doubt they will sue you :-)


Regarding the fact to leave the BSD license header in the source file or 
not, I think the same thing of you, but in any case the BSD license is 
not crystal clear on this because it says:


"Redistributions of source code must retain the above copyright notice, 
this list of conditions and the following disclaimer."


"retain" is a rather strong word. It's meaning is "continue to have", 
"keep in a particular place", so if we read it literally, you should 
take the header in this position, and then the BSD license still apply 
to the source file, and by consequence you can not use a different 
license, but this should be absurd.


So I'm still convinced that BSD license text is not very precise.

Regards,
Massimo
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Alex Rousskov]

On 01/18/2017 04:20 AM, Henrik Ingo wrote:

> The only annoying part when mixing two of them together is that you
> must still correctly retain the license for each piece of code. So the
> source code file that was originally BSD licensed must retain the BSD
> license in its header, and likewise for the file that is MIT license.
> You must just be careful not to mix them.

Fortunately, "retaining the license for each piece of code" does not
imply segregating the licensed code on a file level (or any other
specific technical level). The authors did not license "files". Their
licenses say nothing about "headers". The authors licensed their code.
Where you place that licensed code is up to you, and you may mix "code
pieces" as needed.

When dealing with a project containing a complex mixture of simple,
compatible licenses like BSD and MIT, the easiest thing to do is to
acknowledge their existence in one place (e.g., NOTICE or COPYING file),
under a general "this Software contains code licensed under the
following licenses:" header. This will satisfy BSD and MIT license
requirements. Many open source projects do that because tracking
individual license X or author Y "code pieces" for licensing purposes
quickly becomes impractical, has no value for a typical open source
project, and may actually harm development.

I can only imagine one scenario where a centralized disclaimer does not
work well for simple licenses like MIT and BSD: If the projects finds
significant value in eventually removing all code licensed under license
X or by author Y. Such situations are rare exceptions for genuine open
source projects.


HTH,

Alex.

___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Mikkel Bonde]

Ah, that's very nice! I had the same understanding, that you could
generally mix'n'match BSD and MIT licenses as long as you kept licenses and
credited original authors.

In the specific case, the 2 different libraries will for sure be phased out
by time, since their implementations are old and not really well
designed/coded - but I might as well publish my ongoing work since we've
been using this in production for quite some time, and hopefully I could
join forces with the rest of the community instead of being a one-man-army
- and it's a great improvement over the abandoned software which now has 22
open PR's and 200+ issues on Github - mostly without *any* feedback.

Thank you very much for your answer @Henrik!

PS: Ah, that's quite funny - I'm from a "farmer-family" as well :-D

On 18 January 2017 at 12:20, Henrik Ingo  wrote:

> On Wed, Jan 18, 2017 at 1:00 PM, Mikkel Bonde  wrote:
> > I've been maintaining a private piece of package on Github lately,
> that's composed from software that's MIT licensed and BSD2 licensed and my
> own source code.
> >
> > The original author(s) abandoned the project(s) and are not answering
> neither mails nor "issues" on Github.
> >
> > Am I allowed to publish this as OSS on eg. Github, and if so - is it
> enough to include the original licenses and give credit to original
> authors? I think it gets a bit hard to figure out whenever you mix licenses.
> >
>
> Yes: Taking over abandoned source code is one of the major points of
> open source!
>
> Some licenses mix well with others and some don't. The general point
> is that if two licenses have contradictory requirements, you cannot
> satisfy the combination of them. For the so called "short permissive"
> licenses like BSD and MIT, the general consensus is that they can be
> mixed with pretty much anything else.
>
> The only annoying part when mixing two of them together is that you
> must still correctly retain the license for each piece of code. So the
> source code file that was originally BSD licensed must retain the BSD
> license in its header, and likewise for the file that is MIT license.
> You must just be careful not to mix them. For example, you may not
> want to mix MIT code and BSD code into the same file, just to keep
> things simple.
>
>
> henrik
> PS: I like your name! In my ancestral line some hundred years ago
> there was a sequence of men called Mikkel. And they were of course
> farmers. One was even called Mikkel Mikkelsson, as his father was
> Mikkel too.
>
>
> --
> henrik.i...@avoinelama.fi
> +358-40-5697354skype: henrik.ingoirc: hingo
> www.openlife.cc
>
> My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
> ___
> License-discuss mailing list
> License-discuss@opensource.org
> https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
>



-- 

Mvh,
Mikkel Bonde
Reberbansgade 52 2. mf
9000 Aalborg

Kontakt:
#: 28 68 01 33
@: mikbo...@gmail.com
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] Fwd: Yet another question about using libraries with different licensed in OSS

[Henrik Ingo]

On Wed, Jan 18, 2017 at 1:00 PM, Mikkel Bonde  wrote:
> I've been maintaining a private piece of package on Github lately, that's 
> composed from software that's MIT licensed and BSD2 licensed and my own 
> source code.
>
> The original author(s) abandoned the project(s) and are not answering neither 
> mails nor "issues" on Github.
>
> Am I allowed to publish this as OSS on eg. Github, and if so - is it enough 
> to include the original licenses and give credit to original authors? I think 
> it gets a bit hard to figure out whenever you mix licenses.
>

Yes: Taking over abandoned source code is one of the major points of
open source!

Some licenses mix well with others and some don't. The general point
is that if two licenses have contradictory requirements, you cannot
satisfy the combination of them. For the so called "short permissive"
licenses like BSD and MIT, the general consensus is that they can be
mixed with pretty much anything else.

The only annoying part when mixing two of them together is that you
must still correctly retain the license for each piece of code. So the
source code file that was originally BSD licensed must retain the BSD
license in its header, and likewise for the file that is MIT license.
You must just be careful not to mix them. For example, you may not
want to mix MIT code and BSD code into the same file, just to keep
things simple.


henrik
PS: I like your name! In my ancestral line some hundred years ago
there was a sequence of men called Mikkel. And they were of course
farmers. One was even called Mikkel Mikkelsson, as his father was
Mikkel too.


-- 
henrik.i...@avoinelama.fi
+358-40-5697354skype: henrik.ingoirc: hingo
www.openlife.cc

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
___
License-discuss mailing list
License-discuss@opensource.org
https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss