Re: [OE-core] gnutls/nettle/gmp licensing and versions
On 18 August 2015 at 11:35, Martin Jansa martin.ja...@gmail.com wrote: On Thu, Aug 13, 2015 at 03:42:45PM +0300, Jussi Kukkonen wrote: On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote: Hi, I realise I'm a bit late (with the commit in master already) but I'm looking at upgrading this recipe and had some questions on this patch and the recipe in general. On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote: adding the license definitions on the few packages that deviate from the overall package license. based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright and spot checking files. Signed-off-by: Armin Kuster akuster...@gmail.com --- meta/recipes-support/nettle/nettle_2.7.1.bb | 9 + 1 file changed, 9 insertions(+) diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb index f53afcc..f9d331f 100644 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/; SECTION = libs LICENSE = LGPLv2.1 GPLv2 I think this is wrong, whichever version you look at -- our current version is just LGPLv2.1+, the current upstream release is LGPLv3+ | GPLv2+ I'm going to send a patch upgrading the recipe to the current upstream release (and setting license to LGPLv3+ | GPLv2+): it might seem like this makes gnutls effectively LGPLv3 but that actually happened last year with the gmp upgrade. Comments on this welcome. Alexander just pointed out to me that there was a discussion on gnutls and nettle already in July (which I missed in my back-from-holiday-email-binge). It seems that the consensus was to preserve LGPLv2 versions. This is what the current situation looks to me -- please correct if I'm wrong: * gmp is GPLv2+ | LGPLv3+ * nettle is LGPLv2.1+ but depends on gmp * gnutls LGPLv2.1+ but depends on nettle This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see. If we want to preserve a LGPLv2 gnutls, we need to bring back an older version of gmp (I think 4.2.1). I agree, recently we had to downgrade gmp to 4.2.1 in our layer to pass our license check. Similarly we had to check that all nettle libraries used in our image are LGPLv2.1 not GPLv2.0 - that's why I've suggested to package them separately, so that we'll see only LGPLv2.1 nettle package in our image. Reading the commit log, it looks like gmp 4.2.1 was removed by accident (the license problem was not understood at the time). I've filed https://bugzilla.yoctoproject.org/show_bug.cgi?id=8197 for this issue: we can continue there. Bringing back 4.2.1 seems like the least worst option: if you have a useful patch (other than just a revert of the removal), please let me know. Cheers, Jussi Regards, +LICENSE_${PN}-cast = CC0 +LICENSE_${PN}-gosthash = MIT + +# both public and GPL license listed +LICENSE_${PN}-md2 = CC0 LGPLv2.1+ +LICENSE_${PN}-md4 = CC0 LGPLv2.1+ From the reference I had the impression this LICENSE_something construct would imply there is a package something. But the nettle recipe does not produce nettle-cast or any of these. What is the purpose here? Thanks, Jussi + + LIC_FILES_CHKSUM = file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d -- 2.3.5 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] gnutls/nettle/gmp licensing and versions
On Thu, Aug 13, 2015 at 03:42:45PM +0300, Jussi Kukkonen wrote: On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote: Hi, I realise I'm a bit late (with the commit in master already) but I'm looking at upgrading this recipe and had some questions on this patch and the recipe in general. On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote: adding the license definitions on the few packages that deviate from the overall package license. based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright and spot checking files. Signed-off-by: Armin Kuster akuster...@gmail.com --- meta/recipes-support/nettle/nettle_2.7.1.bb | 9 + 1 file changed, 9 insertions(+) diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb index f53afcc..f9d331f 100644 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/; SECTION = libs LICENSE = LGPLv2.1 GPLv2 I think this is wrong, whichever version you look at -- our current version is just LGPLv2.1+, the current upstream release is LGPLv3+ | GPLv2+ I'm going to send a patch upgrading the recipe to the current upstream release (and setting license to LGPLv3+ | GPLv2+): it might seem like this makes gnutls effectively LGPLv3 but that actually happened last year with the gmp upgrade. Comments on this welcome. Alexander just pointed out to me that there was a discussion on gnutls and nettle already in July (which I missed in my back-from-holiday-email-binge). It seems that the consensus was to preserve LGPLv2 versions. This is what the current situation looks to me -- please correct if I'm wrong: * gmp is GPLv2+ | LGPLv3+ * nettle is LGPLv2.1+ but depends on gmp * gnutls LGPLv2.1+ but depends on nettle This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see. If we want to preserve a LGPLv2 gnutls, we need to bring back an older version of gmp (I think 4.2.1). I agree, recently we had to downgrade gmp to 4.2.1 in our layer to pass our license check. Similarly we had to check that all nettle libraries used in our image are LGPLv2.1 not GPLv2.0 - that's why I've suggested to package them separately, so that we'll see only LGPLv2.1 nettle package in our image. Regards, +LICENSE_${PN}-cast = CC0 +LICENSE_${PN}-gosthash = MIT + +# both public and GPL license listed +LICENSE_${PN}-md2 = CC0 LGPLv2.1+ +LICENSE_${PN}-md4 = CC0 LGPLv2.1+ From the reference I had the impression this LICENSE_something construct would imply there is a package something. But the nettle recipe does not produce nettle-cast or any of these. What is the purpose here? Thanks, Jussi + + LIC_FILES_CHKSUM = file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d -- 2.3.5 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com signature.asc Description: Digital signature -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] gnutls/nettle/gmp licensing and versions
On 12 August 2015 at 17:14, Jussi Kukkonen jussi.kukko...@intel.com wrote: Hi, I realise I'm a bit late (with the commit in master already) but I'm looking at upgrading this recipe and had some questions on this patch and the recipe in general. On 9 August 2015 at 08:28, Armin Kuster akuster...@gmail.com wrote: adding the license definitions on the few packages that deviate from the overall package license. based on http://www.lysator.liu.se/~nisse/nettle/nettle.html#Copyright and spot checking files. Signed-off-by: Armin Kuster akuster...@gmail.com --- meta/recipes-support/nettle/nettle_2.7.1.bb | 9 + 1 file changed, 9 insertions(+) diff --git a/meta/recipes-support/nettle/nettle_2.7.1.bb b/meta/recipes-support/nettle/nettle_2.7.1.bb index f53afcc..f9d331f 100644 --- a/meta/recipes-support/nettle/nettle_2.7.1.bb +++ b/meta/recipes-support/nettle/nettle_2.7.1.bb @@ -2,6 +2,15 @@ SUMMARY = A low level cryptographic library HOMEPAGE = http://www.lysator.liu.se/~nisse/nettle/; SECTION = libs LICENSE = LGPLv2.1 GPLv2 I think this is wrong, whichever version you look at -- our current version is just LGPLv2.1+, the current upstream release is LGPLv3+ | GPLv2+ I'm going to send a patch upgrading the recipe to the current upstream release (and setting license to LGPLv3+ | GPLv2+): it might seem like this makes gnutls effectively LGPLv3 but that actually happened last year with the gmp upgrade. Comments on this welcome. Alexander just pointed out to me that there was a discussion on gnutls and nettle already in July (which I missed in my back-from-holiday-email-binge). It seems that the consensus was to preserve LGPLv2 versions. This is what the current situation looks to me -- please correct if I'm wrong: * gmp is GPLv2+ | LGPLv3+ * nettle is LGPLv2.1+ but depends on gmp * gnutls LGPLv2.1+ but depends on nettle This effectively makes gnutls GPLv2+ | LGPLv3+ as far as I can see. If we want to preserve a LGPLv2 gnutls, we need to bring back an older version of gmp (I think 4.2.1). +LICENSE_${PN}-cast = CC0 +LICENSE_${PN}-gosthash = MIT + +# both public and GPL license listed +LICENSE_${PN}-md2 = CC0 LGPLv2.1+ +LICENSE_${PN}-md4 = CC0 LGPLv2.1+ From the reference I had the impression this LICENSE_something construct would imply there is a package something. But the nettle recipe does not produce nettle-cast or any of these. What is the purpose here? Thanks, Jussi + + LIC_FILES_CHKSUM = file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 \ file://serpent-decrypt.c;beginline=53;endline=67;md5=bcfd4745d53ca57f82907089898e390d \ file://serpent-set-key.c;beginline=56;endline=70;md5=bcfd4745d53ca57f82907089898e390d -- 2.3.5 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core