Message ID | HE1PR0902MB1801D263944083BC60D94282A8EC9@HE1PR0902MB1801.eurprd09.prod.outlook.com |
---|---|
State | Accepted, archived |
Commit | 5184e651651ed949d198882a10f406cef5939b7b |
Headers | show |
Series | git: correct license | expand |
Hi Konrad Weihmann <kweihmann@outlook.com> escreveu no dia quarta, 13/04/2022 à(s) 17:34: > by default git pulls in several code fragments not being licensed > under just GPL-2.0-only. > In fact obstack and poll are taken from glib, being licensed > under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead > > Furthermore > reftable being BSD-3-Clause > sha1dc and inet_ntop being MIT > netmalloc being Bosst-1.0 aka BSL-1.0 > regex being LGPL-2.1-or-later > > Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> > --- > meta/recipes-devtools/git/git_2.35.1.bb | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-devtools/git/git_2.35.1.bb > b/meta/recipes-devtools/git/git_2.35.1.bb > index 47c2211864..f8756b6dec 100644 > --- a/meta/recipes-devtools/git/git_2.35.1.bb > +++ b/meta/recipes-devtools/git/git_2.35.1.bb > @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system" > HOMEPAGE = "http://git-scm.com" > DESCRIPTION = "Git is a free and open source distributed version control > system designed to handle everything from small to very large projects with > speed and efficiency." > SECTION = "console/utils" > -LICENSE = "GPL-2.0-only" > +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & > LGPL-2.1-or-later" > DEPENDS = "openssl zlib" > > PROVIDES:append:class-native = " git-replacement-native" > @@ -14,7 +14,16 @@ SRC_URI = > "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ > > S = "${WORKDIR}/git-${PV}" > > -LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" > +LIC_FILES_CHKSUM = "\ > + file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \ > + file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \ > + file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \ > + > file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ > + > file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \ > + > file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \ > + > file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \ > + > file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 > \ > +" > I don't know if it is possible but if we can add a compat PACKAGECONFIG will be great so we can disable this part which simplifies a little the license. Jose > > CVE_PRODUCT = "git-scm:git" > > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164341): > https://lists.openembedded.org/g/openembedded-core/message/164341 > Mute This Topic: https://lists.openembedded.org/mt/90444706/5052612 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > quaresma.jose@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
On 13.04.22 18:56, Jose Quaresma wrote: > Hi > > Konrad Weihmann <kweihmann@outlook.com <mailto:kweihmann@outlook.com>> > escreveu no dia quarta, 13/04/2022 à(s) 17:34: > > by default git pulls in several code fragments not being licensed > under just GPL-2.0-only. > In fact obstack and poll are taken from glib, being licensed > under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead > > Furthermore > reftable being BSD-3-Clause > sha1dc and inet_ntop being MIT > netmalloc being Bosst-1.0 aka BSL-1.0 > regex being LGPL-2.1-or-later > > Signed-off-by: Konrad Weihmann <kweihmann@outlook.com > <mailto:kweihmann@outlook.com>> > --- > meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> | > 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-devtools/git/git_2.35.1.bb > <http://git_2.35.1.bb> b/meta/recipes-devtools/git/git_2.35.1.bb > <http://git_2.35.1.bb> > index 47c2211864..f8756b6dec 100644 > --- a/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> > +++ b/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> > @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system" > HOMEPAGE = "http://git-scm.com <http://git-scm.com>" > DESCRIPTION = "Git is a free and open source distributed version > control system designed to handle everything from small to very > large projects with speed and efficiency." > SECTION = "console/utils" > -LICENSE = "GPL-2.0-only" > +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & > LGPL-2.1-or-later" > DEPENDS = "openssl zlib" > > PROVIDES:append:class-native = " git-replacement-native" > @@ -14,7 +14,16 @@ SRC_URI = > "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ > > S = "${WORKDIR}/git-${PV}" > > -LIC_FILES_CHKSUM = > "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" > +LIC_FILES_CHKSUM = "\ > + file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \ > + file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \ > + file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \ > + > file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ > + > file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \ > + > file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \ > + > file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \ > + > file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 \ > +" > > > I don't know if it is possible but if we can add a compat PACKAGECONFIG > will be great > so we can disable this part which simplifies a little the license. That would be indeed nice to have - from my understanding of the makefile those are build unconditionally, so it would require a upstream work first I guess. For now my patch is just reflecting what is actually used > > Jose > > > CVE_PRODUCT = "git-scm:git" > > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164341): > https://lists.openembedded.org/g/openembedded-core/message/164341 > <https://lists.openembedded.org/g/openembedded-core/message/164341> > Mute This Topic: https://lists.openembedded.org/mt/90444706/5052612 > <https://lists.openembedded.org/mt/90444706/5052612> > Group Owner: openembedded-core+owner@lists.openembedded.org > <mailto:openembedded-core%2Bowner@lists.openembedded.org> > Unsubscribe: > https://lists.openembedded.org/g/openembedded-core/unsub > <https://lists.openembedded.org/g/openembedded-core/unsub> > [quaresma.jose@gmail.com <mailto:quaresma.jose@gmail.com>] > -=-=-=-=-=-=-=-=-=-=-=- > > > > -- > Best regards, > > José Quaresma
> -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Konrad Weihmann > Sent: den 13 april 2022 18:59 > To: Jose Quaresma <quaresma.jose@gmail.com> > Cc: OE-core <openembedded-core@lists.openembedded.org> > Subject: Re: [OE-core] [PATCH] git: correct license > > On 13.04.22 18:56, Jose Quaresma wrote: > > Hi > > > > Konrad Weihmann <kweihmann@outlook.com <mailto:kweihmann@outlook.com>> > > escreveu no dia quarta, 13/04/2022 à(s) 17:34: > > > > by default git pulls in several code fragments not being licensed > > under just GPL-2.0-only. > > In fact obstack and poll are taken from glib, being licensed > > under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead No, it's the other way around. You can use GPL-2.0-or-later as GPL-2.0-only, but you *cannot* use GPL-2.0-only as GPL-2.0-or-later without relicensing the code, and, unless you are the owner of the code, you cannot do that. However, it is probably better to be explicit and actually state the LICENSE as "GPL-2.0-only & GPL-2.0-or-later & ..." since those are the licenses that are actually being used. > > > > Furthermore > > reftable being BSD-3-Clause > > sha1dc and inet_ntop being MIT > > netmalloc being Bosst-1.0 aka BSL-1.0 > > regex being LGPL-2.1-or-later > > > > Signed-off-by: Konrad Weihmann <kweihmann@outlook.com > > <mailto:kweihmann@outlook.com>> > > --- > > meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> | > > 13 +++++++++++-- > > 1 file changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-devtools/git/git_2.35.1.bb > > <http://git_2.35.1.bb> b/meta/recipes-devtools/git/git_2.35.1.bb > > <http://git_2.35.1.bb> > > index 47c2211864..f8756b6dec 100644 > > --- a/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> > > +++ b/meta/recipes-devtools/git/git_2.35.1.bb <http://git_2.35.1.bb> > > @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system" > > HOMEPAGE = "http://git-scm.com <http://git-scm.com>" > > DESCRIPTION = "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency." > > SECTION = "console/utils" > > -LICENSE = "GPL-2.0-only" > > +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later" > > DEPENDS = "openssl zlib" > > > > PROVIDES:append:class-native = " git-replacement-native" > > @@ -14,7 +14,16 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ > > > > S = "${WORKDIR}/git-${PV}" > > > > -LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" > > +LIC_FILES_CHKSUM = "\ > > + file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \ > > + file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \ > > + file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \ > > + file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ > > + file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \ > > + file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \ > > + file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \ > > + file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 \ > > +" > > > > > > I don't know if it is possible but if we can add a compat PACKAGECONFIG > > will be great > > so we can disable this part which simplifies a little the license. > > That would be indeed nice to have - from my understanding of the > makefile those are build unconditionally, so it would require a upstream > work first I guess. > > For now my patch is just reflecting what is actually used > > > Jose > > > > CVE_PRODUCT = "git-scm:git" > > > > -- > > 2.25.1 > > -- > > Best regards, > > > > José Quaresma //Peter
diff --git a/meta/recipes-devtools/git/git_2.35.1.bb b/meta/recipes-devtools/git/git_2.35.1.bb index 47c2211864..f8756b6dec 100644 --- a/meta/recipes-devtools/git/git_2.35.1.bb +++ b/meta/recipes-devtools/git/git_2.35.1.bb @@ -2,7 +2,7 @@ SUMMARY = "Distributed version control system" HOMEPAGE = "http://git-scm.com" DESCRIPTION = "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency." SECTION = "console/utils" -LICENSE = "GPL-2.0-only" +LICENSE = "GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later" DEPENDS = "openssl zlib" PROVIDES:append:class-native = " git-replacement-native" @@ -14,7 +14,16 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ S = "${WORKDIR}/git-${PV}" -LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" +LIC_FILES_CHKSUM = "\ + file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1 \ + file://reftable/LICENSE;md5=1a6424cafc4c9c88c689848e165af33b \ + file://sha1dc/LICENSE.txt;md5=9bbe4c990a9e98ea4b98ef5d3bcb8a7a \ + file://compat/nedmalloc/License.txt;md5=e4224ccaecb14d942c71d31bef20d78c \ + file://compat/inet_ntop.c;md5=76593c6f74e8ced5b24520175688d59b;endline=16 \ + file://compat/obstack.h;md5=08ad25fee5428cd879ceef451ce3a22e;endline=18 \ + file://compat/poll/poll.h;md5=9fc00170a53b8e3e52157c91ac688dd1;endline=19 \ + file://compat/regex/regex.h;md5=30cc8af0e6f0f8a25acec6d8783bb763;beginline=4;endline=22 \ +" CVE_PRODUCT = "git-scm:git"
by default git pulls in several code fragments not being licensed under just GPL-2.0-only. In fact obstack and poll are taken from glib, being licensed under GPL-2.0-or-later - as this includes GPL-2.0-only, use this instead Furthermore reftable being BSD-3-Clause sha1dc and inet_ntop being MIT netmalloc being Bosst-1.0 aka BSL-1.0 regex being LGPL-2.1-or-later Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> --- meta/recipes-devtools/git/git_2.35.1.bb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)