[libvirt PATCH 00/20] Use SPDX-License-Identifier

Pavel Hrdina phrdina at redhat.com
Wed Aug 5 09:18:01 UTC 2020


On Tue, Aug 04, 2020 at 08:37:25PM +0200, Ján Tomko wrote:
> On a Tuesday in 2020, Daniel P. Berrangé wrote:
> > On Tue, Aug 04, 2020 at 08:10:02PM +0200, Ján Tomko wrote:
> > > On a Tuesday in 2020, Eric Blake wrote:
> > > > On 8/4/20 12:33 PM, Daniel P. Berrangé wrote:
> > > > > On Tue, Aug 04, 2020 at 07:22:40PM +0200, Ján Tomko wrote:
> > > > > > Replace the license blurb in every single file with:
> > > > > >   SPDX-License-Identifier: <human-readable-string>
> > > > > > Coincidentally, this is also machine readable.
> > > > >
> > > > > I've requested legal clarification previously on whether doing this
> > > > > kind of replacement is possible.
> > > 
> > > Thank you for asking that.
> > > I was assmuing based on https://gitlab.com/libvirt/libvirt-ci/-/merge_requests/39
> > > where you only objected to the copyright change that such change in
> > > the license blurb is okay.
> > 
> > I should have been clearer in that review. I looked at the git log
> > history and foiund that all except 1 contributor was doing so as a
> > Red Hat employee, and so we could assume Red Hat copyright for all
> > the code.
> 
> Is that true for all Red Hat contracts? I don't think it's fair
> to assume that.
> 
> > As a representative of Red Hat, we can make such changes
> > if Red Hat holds *exclusive* copyright on the file changed.
> 
> That sounds presumptuous. And a last effort measure. I certainly would
> not expect any Red Hat associate to change the licensing for content
> submitted by other Red Hat associates, unless the legal team and
> some committee get involved.
> 
> > There
> > is one non-Red Hat contributor we still needed an ACK from though.
> > 
> > > > > The response I got was that it is
> > > > > NOT acceptable unless you have the permission of all copyright
> > > > > holders on the source files. The terms of the GPL require that
> > > > > license notices are not modified. Replacing this header with the
> > > > > SPDX tag counts as modification, even though its essentially
> > > > > just a different way of presenting the same information.
> > > > >
> > > > > NB, the fact that the kernel did such a conversion is not on its
> > > > > own, a sufficient ok for doing it in libvirt, as we don't see
> > > > > the prep work/analysis/discussions that led into the kernel's
> > > > > change.
> > > 
> > > I'm sorry, I haven't been following the kernel lists. Given that
> > > the consent of *all* the contributors is needed, should I just
> > > drop the idea or would you be open to acking the changes where
> > > you are one of the contributors (IOW: libvirt)
> > 
> > For libvirt.git we've such a broad contributor base, and we've
> > copy+pasted code between files so frequently, that its very
> > difficult to prove who holds copyright on individual files.
> > Especially due to our early CVS days, we can't trust the git
> > logs either, since alot of code was committed on behalf of
> > other people.
> 
> Can we somehow encourage this for new files? The repetitive
> blurb really hurts human copmrehension.

I did not add any of the license blurb in any of the meson files so
feel free to add the new fancy blurb there. :)

Pavel

> 
> > For any brand new projects people start though, I'd encourage
> > usage of only SPDX tags. For libvirt-devaddr.git for example,
> > I intend to only use SPDX.
> > 
> > There might be some other easy repos such as lang bindings
> > where we can see all the contributors are Red Hat copyright
> > and make a similar change without difficulty.
> > 
> > > > > So NACK to this change.
> > > >
> > > > While wholesale replacement of the text is legally problematic, _adding_
> > > > the SPDX tag (in addition to what is already present), should not be an
> > > > issue, if you want to respin a lighter-weight patch along those lines.
> > > 
> > > That might be beneficial in the GPL-v3+ cases. Possibly GPL-v2+ cases
> > > (as opposed to LGPL-v2+ cases) to single them out.
> > > 
> > > I don't see the point in libvirt adding more of cruft while not removing
> > > any.
> 
> > 
> > There's a potential benefit of having SPDX, even if license text is not
> > removed in that it allows for easier machine interrogation fo the source.
> > ....as long  as the tags are consistent with the license header of course
> > 
> 
> Yes, which is I'd rather have one or the other.
> 
> > For example FSF has a tool called "reuse" helps to audit code
> > https://reuse.software/
> > 
> > Overall I have a slight bias in favour of having SPDX tags, even with the
> > license text still present, but I agree the benefit is marginal.
> > 
> 
> Yeah, my main motivation was deleting lines.
> OTOH, we see the GPLv3 files.
> 
> Jano
> 
> > Regards,
> > Daniel
> > -- 
> > |: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
> > |: https://libvirt.org         -o-            https://fstop138.berrange.com :|
> > |: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
> > 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200805/12d0ad59/attachment-0001.sig>


More information about the libvir-list mailing list