Closed petoluk closed 5 years ago
euank
commented
5 years ago Conventionally, most projects that use an open source copyright license, such as this one, include it in the file LICENSE at the root of the project, and it applies to all files that aren't specifically denoted otherwise.
In the case of this project, the LICENSE file at the root of the repository (here) covers all files and provides a quite permissive set of copyright terms.
petoluk
commented
5 years ago Thanks for your input! The problem here [as our Legal Dept. sees it] is that the LICENSE file in question does not contain any actual copyright - there's just the "placeholder" line:
Copyright {yyyy} {name of copyright owner}
Normally what I see in open source projects is that besides the LICENSE file [which may be a generic license without any actual copyright], there's also a NOTICE(S) file that includes the copyright info. Or sometimes the source files themselves contain headers where the copyright holder is named (which is the case for evp.lua I mentioned above but not for any other files here).
cdbattags
commented
5 years ago So the issue here is that @dhiltgen personally committed this file 4 years ago. I'm gonna guess this was just an IDE thing but I'm going to have to wait til he adds a PR to remove that line if he'd be ok with removing his copyright.
euank
commented
5 years ago Disclaimer, not a lawyer, just a free software/oss enthusiast; this is not legal advice.
@petoluk As I see it, the LICENSE file contains a copyright license in the form of:
The {yyyy} line is a usual part of the apache license; most people include that subsection talking about how to use it (meta, I know, but quite normal to not change that line since it's generic instructions that are included in the license text).
@cdbattags I think rather than remove that copyright, the most explicit/clear thing to do would be have @dhiltgen clarify it with "Copyright $name, Licensed under the Apache License, Version 2. (etc, the template from the LICENSE file).
An open source license doesn't mean the copyright holder/authors of the code don't retain copyright (CLAs exist for that reason), they rather mean the author retains their copyright, but extends a free unrevocable license to their copyright to others. Daniel has copyright of the code he wrote whether that line is included or not. What matters is whether he offers a license to others or not.
In my mind, the LICENSE file at the root added by him is enough to to conclude such a license is offered, but it is definitely more clear to also include the license header comments clarifying who owns the copyright and what license it is offered under.
petoluk
commented
5 years ago @cdbattags The @dhiltgen copyright in evp.lua is not a problem, but the lack of copyrights in the other files is. And normally the latter would be solved by a NOTICE file in the root of the project listing all copyright holders / authors.
@euank Not a lawyer myself, just trying to get the use of this handy little project approved by some. ;-) Going by other open source projects that we've already got approved, a NOTICE file containing something like this would solve our problem:
lua-resty-jwt
=============
Copyright (c) 2015-2019 lua-resty-jwt contributors
*lua-resty-jwt contributors listed at <https://github.com/cdbattags/lua-resty-jwt/graphs/contributors>*
lua-resty-jwt is distributed under the Apache-2.0 License.(Listing the actual contributor names would be better, but I think a "generic" notice like this will do.)
Thank you very much!
euank
commented
5 years ago @petoluk
And normally the latter would be solved by a NOTICE file in the root of the project
My understanding of the NOTICE file is that it is an optional portion of the apache 2.0 license and only matters for derivative works, not the project itself.
To quote a portion of the Apache 2.0 license, section 4.d: "The contents of the NOTICE file are for informational purposes only and do not modify the License".
That being said, such a notice file seems quite reasonable to include for informational purposes. In my understanding, it doesn't make any different for this project's license, but if it makes your approver happy and unblocks you then that's great all the same.
@cdbattags, WDYT about adding such a notice file?
cdbattags
commented
5 years ago @petoluk, I’m open adding that as is. Can you open a PR?
As @euank said, this won't be a modification of the current license but if it makes your legal team happy, not a problem!
petoluk
commented
5 years ago @cdbattags @euank Thank you very much for your being so helpful! Yes, the Notice does not change the terms of the license in any way, it's just a "FYI", but should make our Legal Dept. happy.
The PR I opened for this is #17 (I hope it's alright).
I was looking for a copyright notice, but found only this one line in evp.lua:
-- Copyright (C) by Daniel Hiltgen (daniel.hiltgen@docker.com)
Would it be possible to add a copyright notice for the whole project as such? (We would like to use this code in our company, but our Legal Dept. requires a copyright notice be present.)
Thank you very much!