search

Open-Source-Compliance / package-analysis

This repo contains license and copyright analysis results of open source packages. It further contains other license compliance relevant artifacts, which might be of value for others
https://www.osselot.org/
Other
35 stars 20 forks source link

Why is U-Boot GPL-3.0-or-later WITH Font-exception-2.0? #68

Closed RobertBerger closed 7 months ago

RobertBerger commented 7 months ago

================================================================================

u-boot-2023.10

================================================================================

LICENSES

GPL-3.0-or-later WITH Font-exception-2.0 GNU GENERAL PUBLIC LICENSE ...

OliverFendt commented 7 months ago

@RobertBerger Thanks for asking. U-Boot contains many files under different licenses. One of those files is the file u-boot-2023.10/drivers/video/fonts/rufscript010.ttf At the end of the file you will find among others the following information (in my Editor it starts around line 270)

Licensed under GNU GPL version 3 or more with font exception. Copyright (c) 2007 Lithu K Kumar, Hiran Venugopalan <hiran.in |hiran.v@gmail.com>

Licensed under GNU GPL version 3 or more with font exception. RufscriptRufscriptRegularRegularFontForge : Rufscript : 17-10-2008FontForge : Rufscript : 17-10-2008RufscriptRufscriptVersion 0.100;PS 000.001;hotconv 1.0Version 0.100;PS 000.001;hotconv 1.0RufscriptRufscriptRufscript Font

(c)Hiran Venugopalan, Lithu K Kumar

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software

Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

Font Exception

As a special exception, if you create a document which uses this font, and embed this font or unaltered portions of this font into the document, this font does not by itself cause the resulting document to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the document might be covered by the GNU General Public License. If you modify this font, you may extend this exception to your version of the font, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.

Rufscript Font

(c)Hiran Venugopalan, Lithu K Kumar

Given this information in the file, I concluded GPL-3.0-or-later WITH Font-exception-2.0 as license of this file. This does not mean that the entire U-boolt is licensed under GPL-3.0-or-later WITH Font-exception-2.0 .

I hope that helps

RobertBerger commented 7 months ago

I see. Wow I guess this font will somehow be linked together with U-Boot in some cases, so this might be a case which is not covered by the exception "if you create a document which uses this font". Very interesting, since I guess that the GPL-3.0-or-later is pretty much unsuitable for most business cases where U-Boot is used, hence the "overall license is GPL-2.0-or-later,

OliverFendt commented 7 months ago

It might be that in some cases the font file is contained in the delivered binary. In case you can track the files which are used to generate the u-boot binary, you can use the spdx tag-value file to determine all licenses which are "in use" for this particular build u-boot binary.

@RobertBerger I will close the issue, if you agree to it

RobertBerger commented 7 months ago

I understand the issue, but probably there should be some explanation somewhere. I mean, it's very easily possible that people use e.g. meta-osselot[1] which uses your repo and are excited about the fact that e.g. the same u-boot version they use is also available in your repo, but, as we just saw, more license compliance work is needed.

the disclosure.txt seems to contain all the licenses found in all the sources of a specific repo. Further analysis needs to be done with respect to the specific build and which source files are actually used.

[1] https://github.com/iris-GmbH/meta-osselot/

RobertBerger commented 7 months ago

... and probably it's already there: https://github.com/Open-Source-Compliance/package-analysis/blob/main/README.md

OliverFendt commented 7 months ago

@RobertBerger, you are right the README file contains already the information in "Provided Artifacts":

The OSS-disclosure files contain all applicable licenses and all copyright notices of the entire package.

As I said you perhaps want to use SPDX files when you want to build an Open Source disclosure document, which consists only of the license texts and copyright notices of the used files in a "build". But you also can use the disclosure document for providing the binaries, you know - you are always allowed to do to much, but you are never allowed to do to less. ;-) In case you provide the source code of let's say u-boot to others again you simply can use the disclosure file because you probably provide the vanilla package, with all files ("complete machine-readable copy of the corresponding source code") and the disclosure document for the source delivery needs to reflect the situation of the devliered source package.

I know meta-osselot, I like this project very much, because osselot and meta-osselot really implement automation in license compliance work.

OliverFendt commented 7 months ago

I think, there is nothing more to do, so I close the issue