You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nuttx.apache.org by Justin Mclean <ju...@classsoftware.com> on 2019/12/15 05:43:18 UTC
ICLA needed?
Hi,
I asked on legal discuss if we needed ICLAs from previous committers. [1] My reading of that so far is the grant is OK, and we won’t need ICLAs from all committers.
Greg if you have something to add you can reply to that thread.
Thanks,
Justin
1. https://lists.apache.org/thread.html/d58f8edd36eff155f061e84229dc035a71ea5cd7f0fa622bdd1a5dd0%40%3Clegal-discuss.apache.org%3E
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
> Perhaps it would be more efficient if you could forward my reply now.
> I can add more if I am granted access.
Nevermind, I see that I don't have to join the list to post. Everything
should be there (although I do not see my long response yet).
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
>
>> Greg if you have something to add you can reply to that thread.
> I did reply in this list. I have attempted to subscribed to the
> legal-discuss thread but still have not received a welcome. If/when I
> have been accepted, I will send that reply there as well.
Perhaps it would be more efficient if you could forward my reply now. I
can add more if I am granted access.
They would problem need a little background in formation to understand
the terminology: NuttX consists of two repositories: (1) A very large
nuttx/ repository and (2) a small apps/ respository. Statistics were
collected only from the large repository but should reflect the body of
code in general.
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
> Greg if you have something to add you can reply to that thread.
I did reply in this list. I have attempted to subscribed to the
legal-discuss thread but still have not received a welcome. If/when I
have been accepted, I will send that reply there as well.
Re: ICLA needed?
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> You mean like Samsung did (and Motorola and project Ara an on and on..).
Not really in the spirit of OS there, sorry that happened.
> Samsung took the code from me first. I would not be taking any of their code at all. Just their license.
They may of made changes and we would need to check, but I don’t think there any need for this as the BSD license is compatible.
Thanks,
Justin
Re: File headers [was Re: ICLA needed?]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> The BSD license (except for the BSD 4-clause) is friendly towards the ALv2 one
Correct and even then I’ve deal with that in the past in Mynewt.
> I suppose that the worst case is that we keep that contributed code under the BSD license, and make necessary references, like in NOTICE?
They get added to LICENSE not NOTICE. [1]
Given the large number of file I was think of asking Infra for a VM and set up fossology on it [2] to help with this process.
Thanks,
Justin
1. http://www.apache.org/dev/licensing-howto.html
2. https://www.fossology.org
Re: File headers [was Re: ICLA needed?]
Posted by Flavio Junqueira <fp...@apache.org>.
The BSD license (except for the BSD 4-clause) is friendly towards the ALv2 one:
https://www.apache.org/legal/resolved.html#category-b <https://www.apache.org/legal/resolved.html#category-b>
I suppose that the worst case is that we keep that contributed code under the BSD license, and make necessary references, like in NOTICE?
-Flavio
> On 15 Dec 2019, at 22:18, Gregory Nutt <sp...@gmail.com> wrote:
>
>
>>> So, could we just remove the original BSD header
>>> from Samsung modified files and just keep their Apache license into
>>> those file?
>> I don’t recommend we do that as they may of made changes or the files may of changed since they copied them. They probably also used teh 3rd party header not the ASF one.
>
> No Samsung files could be brought in until they are made to conform to the NuttX coding standard (Yes, Samsung changed the coding standard too). If they are reconverted to the NuttX standard, it should be pretty easy to see any differences.
>
> I think we are talking about a doomsday scenario here. We need to get creative only if there is a snag. Let's assume that there will be no snag (but also be prepared with Plan B).
>
> Greg
>
>
Re: File headers [was Re: ICLA needed?]
Posted by Gregory Nutt <sp...@gmail.com>.
>> So, could we just remove the original BSD header
>> from Samsung modified files and just keep their Apache license into
>> those file?
> I don’t recommend we do that as they may of made changes or the files may of changed since they copied them. They probably also used teh 3rd party header not the ASF one.
No Samsung files could be brought in until they are made to conform to
the NuttX coding standard (Yes, Samsung changed the coding standard
too). If they are reconverted to the NuttX standard, it should be
pretty easy to see any differences.
I think we are talking about a doomsday scenario here. We need to get
creative only if there is a snag. Let's assume that there will be no
snag (but also be prepared with Plan B).
Greg
File headers [was Re: ICLA needed?]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> When Samsung got the NuttX files they put an Apache license header
> over the BSD header, now the original BSD Header will disappear from
> NuttX project files.
Correct we’ll replace, where needed, the original BSD header with an ASF one. Note that the ASF has a different header for it’s projects. [1]
> So, could we just remove the original BSD header
> from Samsung modified files and just keep their Apache license into
> those file?
I don’t recommend we do that as they may of made changes or the files may of changed since they copied them. They probably also used teh 3rd party header not the ASF one.
Thanks,
Justin
1. https://www.apache.org/legal/src-headers.html
Re: ICLA needed?
Posted by Alan Carvalho de Assis <ac...@gmail.com>.
Hi Greg and Justin,
On 12/15/19, Gregory Nutt <sp...@gmail.com> wrote:
>
>> Well it possible to use the code and both licenses are compatible. You
>> would generally want have people be involved and donate code rather than
>> just taking it.
>
> You mean like Samsung did (and Motorola and project Ara an on and
> on..). Samsung took the code from me first. I would not be taking any
> of their code at all. Just their license. My BSD headers and
> Copyrights are fully intact in the Samsung files.
>
When Samsung got the NuttX files they put an Apache license header
over the BSD header, now the original BSD Header will disappear from
NuttX project files. So, could we just remove the original BSD header
from Samsung modified files and just keep their Apache license into
those file?
It is very strange to see a file with an Apache license and the the
BSD license under it.
BR,
Alan
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
> Well it possible to use the code and both licenses are compatible. You would generally want have people be involved and donate code rather than just taking it.
You mean like Samsung did (and Motorola and project Ara an on and
on..). Samsung took the code from me first. I would not be taking any
of their code at all. Just their license. My BSD headers and
Copyrights are fully intact in the Samsung files.
Re: ICLA needed?
Posted by Justin Mclean <ju...@me.com.INVALID>.
Hi,
> But I suppose, since it is done under Samsungs legal responsibility, we could bring any code back from Samsung? (as if I had a clue what I am talking about).
Well it possible to use the code and both licenses are compatible. You would generally want have people be involved and donate code rather than just taking it.
Thanks,
Justin
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
Most of the files in NuttX are also already available under the Apache
license in TizenRT. There they simply "slapped" the Apache license on
the NuttX BSD code with asking for any permissions. It was never
discussed with me.
But I suppose, since it is done under Samsungs legal responsibility, we
could bring any code back from Samsung? (as if I had a clue what I am
talking about).
Greg
On 12/15/2019 7:59 AM, Gregory Nutt wrote:
>
>> 1.https://lists.apache.org/thread.html/d58f8edd36eff155f061e84229dc035a71ea5cd7f0fa622bdd1a5dd0%40%3Clegal-discuss.apache.org%3E
>
> Some general comments on that thread:
>
> "It would be more accurate to say that Gregory Nutt *claims* copyright
> over the whole code. However, the facts you give — that he reviewed
> contributions, committed them, and slapped his own copyright notice on
> top — do not imply that the copyright notice is accurate." -- That has
> never happened. I insist that contributions of new files have the
> copy right notice and author on them. I have never "slapped" my on
> copyright on anything.
>
> "* the Foundation claims copyright on the _distribution_ rather than the individual files/contributions/commits. ... If we accept that GNutt did the same, then we're good to go. (I can't answer that statement)" -- There are copyrights ONLY on individual files. There is no copyright at all on the distributions. Modifications to files do not change the copyright by default UNLESS the commit/patch modifies the copyright. Basically copyright claims are managed entirely be the people that create and modify the code and no one else.
>
> "If there's someone else who holds a significant copyright interest — e.g., if someone contributed large amounts of code that were merged without significant alteration — then SGAs from that party would be required too."
>
> In the nuttx/ repository, there are a total 10,626 .c and .h files with copyrights in the header (which should be all of them). Build-related files may also have copyrights but are excluded here. I hold the copyright on 8,328 of them (78%). Sony holds the copyright 401 files on (<4%) and Pinecone holds the copyright on 86 (<1%). That accounts for 82% of such files. Looking at the remaining files, I do no see anyone holding large number of copyrights. Perhaps Nick Johnson who did the original math library? I doubt any there is any other copyright holder that exceeds the 1% range.
>
> The apps/ directory should be similar, but I did not look at it.
>
> "Might be worth asking Gregory Nutt if there was a NuttX contributor's agreement (expressed or implied) that assigned copyright. My employee agreement assigns copyright, for example." -- No, no contributor agreements.
>
Re: File headers on 3rd party files [was Re: ICLA needed?]
Posted by Gregory Nutt <sp...@gmail.com>.
>> I would never permit anything that was not BSD or MIT into the repositories on into the build (and now Apache). It is our policy that there will be no licensing surprises to the end-user. There should be no concerns there.
> When I did a quick review of the last release I did find one GPL file. But no issue we’ll fix this later and double check the dependancies.
And I removed it! It was only needed for a 2000-ish era board:
commit 897378bc292fc1ff5bbcd3ba616e2cafb8cd5f90
Author: Gregory Nutt <gn...@nuttx.org>
Date: Mon Dec 9 11:29:12 2019 -0600
Remove support for generation of RRLOAD binary files. The RRLOAD
binary format was used with Linux BSPs from www.ridgerun.com circa
2000-2001. It is still need by the the c5471 board if that bootloader
is used. Removes the CONFIG_RRLOAD_BINARY option and tools/mkimage.sh
This change was motivated by the presence of the mkimage.sh file
under tools. That is the tool that created the RRLOAD binary format.
That bash script has a GPL license and, hence, may not be included in an
Apache-licensed project.
Re: File headers on 3rd party files [was Re: ICLA needed?]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> I would never permit anything that was not BSD or MIT into the repositories on into the build (and now Apache). It is our policy that there will be no licensing surprises to the end-user. There should be no concerns there.
When I did a quick review of the last release I did find one GPL file. But no issue we’ll fix this later and double check the dependancies.
Thanks,
Justin
Re: File headers on 3rd party files [was Re: ICLA needed?]
Posted by Gregory Nutt <sp...@gmail.com>.
>> We also do a less common thing that you should be aware of: We have build scripts that download 3rd party code from the source repositories or releases, apply patches to it, and build it into NuttX.
> That's fine as long as the licenses are not Category X.[2]
I would never permit anything that was not BSD or MIT into the
repositories on into the build (and now Apache). It is our policy that
there will be no licensing surprises to the end-user. There should be
no concerns there.
File headers on 3rd party files [was Re: ICLA needed?]
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> Also, there are no unmodified 3rd party files. Third party files were used as starting points for the development of NuttX-specific applications. All were highly modified and converted to the NuttX coding standard.
See here for how to treat 3rd party works [1]. In general the changes need to be significant for the header to change. reformatting or even rewriting in another language is not a significant change as far a copyright/licensing is concerned.
> We also do a less common thing that you should be aware of: We have build scripts that download 3rd party code from the source repositories or releases, apply patches to it, and build it into NuttX.
That's fine as long as the licenses are not Category X.[2]
> The 3rd party code itself is never included in a NuttX release but the scripts that will install it are.
Thanks,
Justin
1. https://www.apache.org/legal/src-headers.html#3party
2 https://www.apache.org/legal/resolved.html#category-x
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
>> In the nuttx/ repository, there are a total 10,626 .c and .h files with copyrights in the header (which should be all of them). Build-related files may also have copyrights but are excluded here. I hold the copyright on 8,328 of them (78%). Sony holds the copyright 401 files on (<4%) and Pinecone holds the copyright on 86 (<1%).
> In those count Did you exclude 3rd party files?
Also, there are no unmodified 3rd party files. Third party files were
used as starting points for the development of NuttX-specific
applications. All were highly modified and converted to the NuttX
coding standard. But we do retain the original BSD copyrights as
required by the license. But it is not really 3rd party code anymore.
It was adopted.
We also do a less common thing that you should be aware of: We have
build scripts that download 3rd party code from the source repositories
or releases, apply patches to it, and build it into NuttX. The 3rd
party code itself is never included in a NuttX release but the scripts
that will install it are.
Re: ICLA needed?
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> In the nuttx/ repository, there are a total 10,626 .c and .h files with copyrights in the header (which should be all of them). Build-related files may also have copyrights but are excluded here. I hold the copyright on 8,328 of them (78%). Sony holds the copyright 401 files on (<4%) and Pinecone holds the copyright on 86 (<1%).
In those count Did you exclude 3rd party files?
Thanks,
Justin
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
> 1. https://lists.apache.org/thread.html/d58f8edd36eff155f061e84229dc035a71ea5cd7f0fa622bdd1a5dd0%40%3Clegal-discuss.apache.org%3E
Some general comments on that thread:
"It would be more accurate to say that Gregory Nutt *claims* copyright
over the whole code. However, the facts you give — that he reviewed
contributions, committed them, and slapped his own copyright notice on
top — do not imply that the copyright notice is accurate." -- That has
never happened. I insist that contributions of new files have the copy
right notice and author on them. I have never "slapped" my on copyright
on anything.
"* the Foundation claims copyright on the _distribution_ rather than the individual files/contributions/commits. ... If we accept that GNutt did the same, then we're good to go. (I can't answer that statement)" -- There are copyrights ONLY on individual files. There is no copyright at all on the distributions. Modifications to files do not change the copyright by default UNLESS the commit/patch modifies the copyright. Basically copyright claims are managed entirely be the people that create and modify the code and no one else.
"If there's someone else who holds a significant copyright interest — e.g., if someone contributed large amounts of code that were merged without significant alteration — then SGAs from that party would be required too."
In the nuttx/ repository, there are a total 10,626 .c and .h files with copyrights in the header (which should be all of them). Build-related files may also have copyrights but are excluded here. I hold the copyright on 8,328 of them (78%). Sony holds the copyright 401 files on (<4%) and Pinecone holds the copyright on 86 (<1%). That accounts for 82% of such files. Looking at the remaining files, I do no see anyone holding large number of copyrights. Perhaps Nick Johnson who did the original math library? I doubt any there is any other copyright holder that exceeds the 1% range.
The apps/ directory should be similar, but I did not look at it.
"Might be worth asking Gregory Nutt if there was a NuttX contributor's agreement (expressed or implied) that assigned copyright. My employee agreement assigns copyright, for example." -- No, no contributor agreements.
Re: ICLA needed?
Posted by Gregory Nutt <sp...@gmail.com>.
> 1. https://lists.apache.org/thread.html/d58f8edd36eff155f061e84229dc035a71ea5cd7f0fa622bdd1a5dd0%40%3Clegal-discuss.apache.org%3E
To be clear, I am the copyright holder on by far the majority, but there
are others as well. People who submit code have the option of declaring
how they wanted present the copyright. Much of the code attributes the
copyrighted since it derives from code that I originally produced. Many
people granted me the copyright just for situations like the present.
There are several cases of other copyrights was well. Most changes
generated by businesses like Pinecone or Sony are copyright by them.
Some individuals wanted to hold the copyright themselves.
Greg
Re: ICLA needed?
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Question that need to answered on the legal discuss list:
A) Was the copyright assignment to Greg implied or explicitly stated somewhere? From a quick look at the docs I was unable to find anything.
B) If the answer is no above who are teh list of people who have made significant contributions? Are all of these people on the PPMC?
Thanks,
Justin
Re: ICLA needed?
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
OK it now seems that we may need more than just Greg's SGA. I’ve give the thread a couple of days and see what happens.
Thanks,
Justin