search

spdx / license-list-XML

This is the repository for the master files that comprise the SPDX License List
Other
355 stars 288 forks source link

New license request: generic-xts [SPDX-Online-Tools] #2558

Closed imciner2 closed 6 days ago

imciner2 commented 2 months ago

1. License Name: Generic XTS license 2. Short identifier: generic-xts 3. License Author or steward: Unknown 4. Comments: This license is used in Fedora and was found during a license audit of the Zulucrypt (https://github.com/mhogomchungu/zuluCrypt) software. It is bundled from the upstream tcplay (https://github.com/bwalex/tc-play). 5. License Request Url: http://tools.spdx.org/app/license_requests/389 6. URL(s): https://github.com/mhogomchungu/zuluCrypt/blob/master/external_libraries/tcplay/generic_xts.c 7. OSI Status: Unknown 8. Example Projects: https://github.com/bwalex/tc-play/blob/master/generic_xts.c

xsuchy commented 2 months ago

For convenience here is full text of license:

/*
 * Copyright (C) 2008, Damien Miller
 * Copyright (C) 2011, Alex Hornung
 *
 * Permission to use, copy, and modify this software with or without fee
 * is hereby granted, provided that this entire notice is included in
 * all copies of any software which is or includes a copy or
 * modification of this software.
 * You may use this code under the GNU public license if you so wish. Please
 * contribute changes back to the authors under this freer than GPL license
 * so that we may further the use of strong encryption without limitations to
 * all.
 *
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
 * PURPOSE.
 */
karsten-klein commented 2 months ago

{metæffekt} Universe canonical name: Generic XTS License short name: generic-xts-license markers: No Warranty Marker category: Generic XTS License OSI status: none

ScanCode matched id: other-permissive OR gpl-1.0-plus

Comment We will add this to the universe as yet another permission terms instance. No vote to add it to SPDX.

jlovejoy commented 1 month ago

this is another one of those permissive grant or GPL all-in-one, but then adds a bit on the project's preferred license for contributions.

Given its use, does this lean towards inclusion?

Pizza-Ria commented 2 weeks ago

No right to distribute - that runs counter to the OSD - vote "no" to include in SPDX. I also don't get the whole GPL line - is that a dual license grant within a license????

jlovejoy commented 1 week ago

@xsuchy is there a Fedora issue?

This looks like one of the old licenses when the grants were a bit "loose". I think there have been discussions in the past on "use" which is not a specific copyright act grant, but could be interpreted to include "distribute". I feel like @richardfontana has some opinion on this topic...

[edited] Nevermind! found it https://gitlab.com/fedora/legal/fedora-license-data/-/issues/561.

and pasting pertinent Richard's quote from that issue: "This license does not include explicit permission to distribute, but refers to "use" which was undoubtedly intended to cover this (cf. the paragraph on the GPL which refers to it as "freer than GPL"). We had a theoretical working approach for a long time to view "sufficiently old" permissive licenses with permission to "use" but no permission to distribute (and sometimes no permission to modify or copy) as tolerably informal free software licenses, since it is clear both historically and on textual analysis that such permissions were intended to be encompassed by "use" as a general matter."

jlovejoy commented 1 week ago

note: This license is just contained inside two files (generic_xts.c/h) of the bundled tcplay library for ZuluCrypt. The main tcplay is under a BSD-2-clause, but these files have a different header that doesn't match that and instead mentioned using it under the GPL (and something freer than the GPL).

swinslow commented 1 week ago

I think @richardfontana's comment pasted by @jlovejoy above does a much better job of articulating what I was trying to say during the legal team call just now :)

Based on the presence in Fedora, I believe this meets the substantial use prong; and although I think the language is not in any world the way that I would ideally want this language to be drafted, I'm +1 to add it to the license list.

Pizza-Ria commented 1 week ago

Still objecting to this being categorized as "open source" due to the misalignment with the OSD but given other factors that SPDX considers including the weight of use due to its inclusion in Fedora, I'll give a grudging +1 to adding it to SPDX.

github-actions[bot] commented 6 days ago

This new license/exception request has been accepted and the information for the license/exception has been merged to the repository. Thank you to everyone who has participated! The license/exception will be published at https://spdx.org/licenses/ as part of the next SPDX License List release, which is expected to be in three months' time or sooner. In the interim, the new license will appear on the license list preview site at https://spdx.github.io/license-list-data/. This is an automated message.