Please clarify the license

[voxik]

The license file contains BSD-2-Clause license, while gemspec specifies Ruby OR BSD-2-Clause. Assuming the latter is correct, how to capture this information? Is COPYING file similar to Ruby the way to go?

[nobu]

Or add links like https://github.com/ruby/ruby2_keywords/blob/master/README.md#license?

[voxik]

Or add links like https://github.com/ruby/ruby2_keywords/blob/master/README.md#license?

That is certainly good start, but I don't think that is complete solution. At least Fedora packaging guidelines recommends to ask upstream to actually provide the license file containing the license text.

https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text https://docs.fedoraproject.org/en-US/packaging-guidelines/ReviewGuidelines/

BTW there are emerging standards to capture the licensing situation in greater detail:

https://reuse.software/ https://dep-team.pages.debian.net/deps/dep5/

Maybe I should open generic ticket in the main Ruby repo to discuss their adoption.

[hsbt]

Do you want to add two license files for only Fedora's guideline for all repositories under the ruby org?

I have no strong opinion to against that. Please submit pull-request by yourself. It's good to file Ruby license to LICENSE.txt or COPYING, BSDL license to BSDL.

[hanazuki]

Because the Ruby license is incompatible with BSD-2-Clause (it's more permissive than BSD-2-Clause), we need all the contributors' agreement to incorporate the works of this project into ruby/ruby and ship as a combined product. So, IMHO, it'd be better to explicitly and clearly state that the software in this repository is and will be distributed under the Ruby OR BSD-2-Clause dual license so that contributors to this project know that before submitting their patches.

I have no strong opinion to against that. Please submit pull-request by yourself.

Software license is an agreement among the authors, and cannot be changed just by a patch. I think we need a discussion in the community. As a contributor to Resolv, I'd be happy if my works were distributed with a clear license and a bit of respect. Thank you.

[hsbt]

Software license is an agreement among the authors, and cannot be changed just by a patch.

I'm wondering what you concerned. ruby/resolv is "Ruby OR BSD-2-Clause dual license" now from this repository created. I only said about LICENSE files. I didn't say about changing license.

[hanazuki]

ruby/resolv is "Ruby OR BSD-2-Clause dual license" now from this repository created.

No. The Resolv library was licensed under the dual license at the moment it was extracted from ruby/ruby repository, which is governed by the license. However, the repository ruby/resolv, has the LICENSE file of BSD-2-Clause since the beginning, and the GitHub UI has been displaying so. Therefore, for the patches accepted after the splitting of the repository, we don't know if the patch authors acknowledged giving their works under the dual license. You (and I) have no privilege to declare the license of the other contributors. I'm concerned with this problem.

[hanazuki]

So, my argument is that the problem is in the unclarity of the license itself, not just the LICENSE file.

[hanazuki]

To clarify the license, I think we can either:

1. Switch ruby/resolv to Ruby OR BSD-2-Clause dual license as ruby/ruby, by obtaining consent from all the contributors since the repository splitting, or
2. Go with BSD-2-Clause single license. In this case, ruby/ruby packagers should mention that the Ruby license does not govern the Resolv library.

[hsbt]

However, the repository ruby/resolv, has the LICENSE file of BSD-2-Clause since the beginning, and the GitHub UI has been displaying so.

But I'm now sure above section is correct, or not. Because I'm not lawyer.

---

いまいち、何を問題視しているのかわかりません。ファイル配置の問題ではなく、ライセンスが不明瞭というのはどういうことですか? ruby/resolv は ruby/ruby と同一であり、https://github.com/ruby/resolv/commit/4510f94894b41d738f459647f12c3efbe66a8881 この時から Ruby と BSDL-2-Clause です。ライセンスファイルが無いことで、それは保証されないという主張はわからなくもないですが、法律家でもないのでそれが正当かどうかはわかりません。

[hsbt]

I update license files with #51. @voxik Is it enough for your request?

[sorah]

To clarify the license, I think we can either:

1. Switch ruby/resolv to Ruby OR BSD-2-Clause dual license as ruby/ruby, by obtaining consent from all the contributors since the repository splitting, or
2. Go with BSD-2-Clause single license. In this case, ruby/ruby packagers should mention that the Ruby license does not govern the Resolv library.

51 is filed against the request of present copyright holder (since repository extraction) and definitely has a concern of copyright issue.

cc @nurse

——

I don’t think we can assume such contributors (copyright holders) were composing their pull request under the dual license of ruby/ruby (and as written in this repo’s gemspec) because it was unclear due to license file. We need to make this clear to avoid future copyright claims.

[sorah]

We need to go with the option (1) with clear consent of copyright holders since repo extraction, and this relicence must be agreed for past versions as it is released as a part of ruby/ruby.

[hsbt]

Feel free to handle this. I'm very tired and frustrated for this.

[sorah]

I don’t think we can assume such contributors (copyright holders) were composing their pull request under the dual license of ruby/ruby (and as written in this repo’s gemspec) because it was unclear due to license file. We need to make this clear to avoid future copyright claims.

I think both of us are agreed about the above in https://github.com/ruby/resolv/issues/45#issuecomment-2083881359 (Japanese part) and as we are not a lawyer, there might be reasonable rationale to justify the license clarification without clear consent of contributors.

The force process in #52 made while @hsbt understand the one of the concern, sounds risky and disrespectful for me. If we can safely proceed the clarification without copyright holders’ consent, the change must have rationale to explain.

[hanazuki]

I'm pretty disappointed that one of the Ruby committers ignored a community member begging for a discussion, saying "I don't get the point," and forced a license change against the member's claim. Honestly, I have no idea why they are so bold in making a legal change when they say they are not a lawyer. I'm not a lawyer too, so my legal view on copyright may be wrong, in which case please correct me. But, just ignoring a copyright complaint keeps the license in an unclear state forever, which means the end of life as an OSS.

I'm not hesitant to agree to relicensing the past releases of Resolv bundled in Ruby if it is ultimately necessary to restore the license sanity of already released Ruby versions (But, that decision should be of my free will, not the way as in #51). Alternatively, can you issue some errata to amend the previous Ruby releases, mentioning that the correct license of Resolv was BSDL? Or you can remove all of my patches and withdraw the releases, saying farewell to me 😭

[voxik]

I update license files with #51. @voxik Is it enough for your request?

That would cover my request.

Software license is an agreement among the authors, and cannot be changed just by a patch. I think we need a discussion in the community. As a contributor to Resolv, I'd be happy if my works were distributed with a clear license and a bit of respect. Thank you.

Doing just external review and trying to orient in the licensing situation, I totally support @hanazuki that the licenses (or license changes) should not be taken lightly and the original authors of the code should be involved. Although I don't think there was intent to relicense the code. It was just oversight.

[sorah]

Feel free to handle this. I'm very tired and frustrated for this.

@hsbt While I'm happy to take this over... BUT at least we know that we made a problematic behaviour, as @hanazuki clearly explains at the earlier comment https://github.com/ruby/resolv/issues/45#issuecomment-2084332200 (I totally agree on this view).

I remember you've been working hard on extracting stdlibs into individual repos. I don't think it is appropriate to ignore the lack of knowledge regarding how copyright works and instead choose risky choice blindly while expressing unconfident on their decision (by not being a lawyer). It still can't be passed over to other people like me, by saying I'm very tired and frustrated if you still intend to work on this stdlib related effort.

Plus, such behavior also seems inappropriate and disrespectful against our contributors and I cannot accept. Please don't leave the discussion and be blind to what was wrong by just saying that you're tired, because this went worse due to your change made at #51.

I just noticed this issue could be on other stdlib repos as well. I can handle this issue only for this repo; due to my bandwidth reason, but if @hsbt you still intend to work on this stdlib extraction effort, I believe you'd be the right person to handle this. https://github.com/orgs/ruby/repositories?q=license%3Absd-2-clause

[sorah]

Doing just external review and trying to orient in the licensing situation, I totally support @hanazuki that the licenses (or license changes) should not be taken lightly and the original authors of the code should be involved. Although I don't think there was intent to relicense the code. It was just oversight.

My understanding is: we intend to ship this code on BSDL-or-Ruby's as written in Gemspec, but it's unclear for contributions made through this separate repository (extracted from ruby/ruby) due to missing Ruby's license in textfile and GitHub decorates this repo as licensed under bsd-2-clause. By viewing conservatively, all such contributions should be considered available under bsd-2-clause, and applying the dual license with Ruby's as intended requires relicensing process.

[voxik]

GitHub decorates this repo as licensed under bsd-2-clause. By viewing conservatively, all such contributions should be considered available under bsd-2-clause, and applying the dual license with Ruby's as intended requires relicensing process.

While I personally don't take the GH provided information very seriously, you are right that it might be confusing for contributors. From that point speaking about "relicensing" might be the right "conservative" approach as you said 👍

[fdiary]

Software license is an agreement among the authors, and cannot be changed just by a patch.

Exactly. If we respect the authors, it should be reasonable to assume that ruby/resolv code is dual-licensed from the very beginning of this repository even before and after @hsbt made a small mistake (mentioning dual license in 1 file, single licence in another file) in 4510f94894b41d738f459647f12c3efbe66a8881.

[kou]

I think that .gemspec information is the right information and this is "clarifying" not "relicensing" but let's use a conservative approach for now.

Here are patch authors since 4510f94:

$ git shortlog -sn 4510f94.. | cat
    32  Hiroshi SHIBATA
     8  Jeremy Evans
     7  Nobuyoshi Nakada
     5  Kasumi Hanazuki
     4  Sorah Fukumori
     3  KJ Tsanaktsidis
     3  Olle Jonsson
     3  Takashi Kokubun
     2  dependabot[bot]
     1  David Rodríguez
     1  John Bond
     1  Kazuhiro NISHIYAMA
     1  Kazuki Yamaguchi
     1  Yusuke Endoh
     1  akr

@hsbt @jeremyevans @nobu @hanazuki @sorah @KJTsanaktsidis @olleolleolle @k0kubun @deivid-rodriguez @b4ldr @znz @rhenium @mame @akr If you object that we use Ruby license or BSD-2-Clause license (dual-license), could you mention it here in this month? (Is one month enough period? Should we choose more long period?) (Should we collect "agree" not "object" explicitly?)

If there are any people who object it, let's discuss how to proceed this.

[hsbt]

@kou I appreciate to handle this. I agreed to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[KJTsanaktsidis]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

——

maybe my opinion here isn’t really useful, but I’ll give it anyway.

I acknowledge that it’s important to get these legal details right. However, I think it’s obvious that this was a “documentation mistake” rather than a genuine relicensing of stdlib components under “BSD only and not Ruby license”. The fact that these gems are still mirrored into ruby/ruby with no mention of a different license in the ruby/ruby LEGAL file supports this.

These legal issues are important, but maintainers time is also very important! We shouldn’t waste it trying to chase down minor individual contributors to clarify something that should have been obvious to everyone. Let’s just update the licence files to reflect that they are and always were BSD+Ruby and move on.

[hanazuki]

So ruby-core devs want to keep this repo under the Ruby+BSD-2-Clause dual license. I agree to put my patches under it. Whether we call this a "clarifying" or "relicensing" process, I have never acknowledged the Ruby license for the Resolv project before. That was my concern and is now resolved. Thank you for sorting out the situation. @kou

[kou]

Thanks for confirming it. Anyway, we'll wait for responses from others at least in this month before we proceed this.

[jeremyevans]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[k0kubun]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[rhenium]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[znz]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[sorah]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[sorah]

I acknowledge that it’s important to get these legal details right. However, I think it’s obvious that this was a “documentation mistake” rather than a genuine relicensing of stdlib components under “BSD only and not Ruby license”. The fact that these gems are still mirrored into ruby/ruby with no mention of a different license in the ruby/ruby LEGAL file supports this.

This is also right as at least we had ‘Ruby’s’ in the gemspecs - my view was given by conservative perspective, as the land of the first change appeared to be adventurous (unknown whether actor is taking a risk, or just doesn’t aware of)

[olleolleolle]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[nobu]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[hanazuki]

I forgot to mention that one of the patches I submitted (https://github.com/ruby/resolv/pull/48) was co-authored with @aeris. This patch was posted as https://github.com/ruby/ruby/pull/1732 by the original author, and I rebased it on ruby/resolv with non-trivial changes. Because the original patch was submitted before the code extraction, I think we have no license ambiguity here.

[kou]

Thanks for sharing the note. I agree with you.

[b4ldr]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

thanks for clarifying

[deivid-rodriguez]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[olleolleolle]

I agree to apply "Ruby license or BSD-2-Clause license (dual-license)" to my commits.

[kou]

Thanks all. Let's clarify our license as "Ruby license or BSD-2-Clause license (dual-license)": #55