Open HenrikBengtsson opened 3 months ago
mwdavis2
commented
3 months ago Sounds fine. There's some included code from Tcllib for the sha. I don't know right now what Tcllib has as a license (but it's listed in ApEs licenses if you want to check), and if it's compatible with MIT. I don't know the ins and outs of the MIT license.
I'm out of town this week, so I'll check when I get back.
mwdavis2
commented
3 months ago https://core.tcl-lang.org/tcllib/doc/trunk/embedded/md/tcllib/files/devdoc/tcllib_license.md
It's under BSD. I'm using both the sha and base64 code, so I'll look at the ApE license for the authors of those modules to credit.
Is BSD compatible with MIT?
HenrikBengtsson
commented
3 months ago Thx
There's some included code from Tcllib for the sha.
Good point. For our records, the code that is from Tcllib is https://github.com/seguid/seguid-tcl/blob/1a25893712234a1638bcbf72e8ed23f88848cb8e/seguid#L278-L423.
Another note for our records: (Disclaimer, I'm super rusty on Tcl) There is a sha1 package part of the Tcllib collection, so technically one could use package require sha1 instead of copying the code. However, that would add friction to end users who wish to use seguid in Tcl. FWIW, that design question is related to https://github.com/seguid/seguid-tcl/issues/8.
I don't know right now what Tcllib has as a license ...
'Tcllib' is distributed under the BSD license, per https://core.tcl-lang.org/tcllib/doc/trunk/embedded/md/tcllib/files/devdoc/tcllib_license.md, which says:
"Welcome to Tcllib, the Tcl Standard Library. Note that Tcllib is not a package itself. It is a collection of (semi-independent) Tcl packages that provide utility functions useful to a large collection of Tcl programmers.
The collection is under the BSD license."
We also have https://core.tcl-lang.org/tcllib/file?name=license.terms.
It's not clear to me if it's formally BSD-2 or BSD-3.
UPDATE 2024-05-08: According to ChatGPT 4, this is BSD-2 and not BSD-3.
As a starter, I think we could clarify the origin of sha1::sha1() even further than the current source code comment sha1 hashing from tcllib. For instance, we could, in our codebase, specify the source from where it originates (I guess from https://core.tcl-lang.org/tcllib/file?name=modules/sha1/sha1.tcl), the version of 'sha1' that was copied, and the license and copyright holders of that code. This would help make this dependency explicit to anyone who reads the code, either right now or years from now.
Then the remaining question is: Can we redistribute these injected BSD code snippets under MIT license? This is rather new territory for me, but I think I've read about this case before elsewhere and that the answer would be "yes". FWIW, when search with ChatGPT v4, I get the reply: "Integrating BSD-licensed code into an MIT-licensed project is a common practice and is generally compatible, provided you adhere to the terms of both licenses."
HenrikBengtsson
commented
3 months ago I wrote and submitted my long comment before seeing your follow up.
I'm using both the sha and base64 code ...
Got it. For our records, the base64 code included, which I think stems from https://core.tcl-lang.org/tcllib/file?name=modules/base64/base64.tcl&ci=tip, is:
https://github.com/seguid/seguid-tcl/blob/1a25893712234a1638bcbf72e8ed23f88848cb8e/seguid#L124-L274
The TCL code base needs a license. @mwdavis2 , did we agree on MIT for this one too during our call, or do you prefer something else?