Question about licensing

[furkanmustafa]

How does this licensing work?

For now, many parts of NeoPG are licensed by the upstream authors under various licenses, including GPL and LGPL variants. Please refer to the copyright notice at the top of every file.

New source code contributed by the NeoPG authors is licensed under the permissive Simplified BSD license (the same license as Botan, the cryptography library we want to use).

Wouldn't that make this project (and any new source code addition on this project) a "derivative work" of those "upstream" projects ?

[lambdafu]

New source code, if written from scratch, is never a derivative work by itself. If added to an existing project, the sum of the whole will be a derivative work of the original code and the contribution, and then the license for the work as a whole needs to be compatible with the licenses of the parts. This is why many free software projects require contributor agreements for non-trivial changes (more than a couple of lines), so they can take ownership over the contribution.

To make this easier to track, all (L)GPL code is in the folder legacy/. All files outside legacy/ (specifically include/, lib/, src/) are written from scratch, and licensed under the permissive license of the NeoPG project. You can convince yourself by studying the code that it is unrelated to the legacy code base.

For changes within legacy/, which are often cosmetic and/or semi-automatic, it may be difficult to understand which parts of it are original and which are my contribution. That's ok, because I will never copy code from legacy/ to any of the other parts (include/, lib/, src/) outside of it. All of this code will eventually be removed once new code has been written that supersedes it.

In fact, almost all changes in legacy/ are related to refactoring to make it possible to replace or delete more code without breaking the program. Eventually, all code will have been replaced or deleted.

This is not different from other projects, where sometimes existing code is rewritten or replaced to allow for a license change, although I admit it rarely happens at this scale.

Apart from the source code, the architecture and interfaces NeoPG will be very different as well, so there can hardly be any confusion. If there will be compatibility interfaces, they will be written from scratch, too.

Does this answer your question?

[furkanmustafa]

Wow. much detailed explanation than I've expected.

sometimes existing code is rewritten or replaced to allow for a license change

I believe these case has to be a rewrite with completely zero (re-)distribution of GPL'd code as a part of the project, if wanted to move away from GPL.

Does this answer your question?

Yes, this answers my question. Because, rather than if this works or not (which I cannot say for sure), I only wanted to understand/talk the opinion behind it. Afterall I'm not expert in licensing and I may not understand some red/gray lines.

Thanks for the explanation.

[lambdafu]

You are right about the GPL: As long as we contain any GPL code, the whole is distributed under the GPL. The license.txt file states as much, but the readme could be clearer on this point.

[furkanmustafa]

Ah, okay. Now with this, I completely understand and it makes complete sense.

[lambdafu]

I noticed that the config.h settings were not in legacy. Just a couple of flags, but to be extra sure, I moved them back to legacy/ where they belong. With this, I think we are done here. Thanks for your interest!