passff-host
passff-host copied to clipboard
Please clarify the copyright
I wasn't able to find any clear copyright notice in the code. Could you please add one to the passff.py
file indicating who owns the copyright and under what exact license terms is it distributed? In particular, I'm wondering whether this project is 'GPL v2 only' or 'GPL v2 or later', as the latter is more common amongst open source projects.
I'm not knowledgeable in licensing. (I'm trying to understand the issue with gnu.org, and stackexchange!)
PassFF is licensed under GPLv2. However, our source files don't have the copyright & license notice, while the GPLv2 requires it. Therefore, the source files are not clearly under a license right now, which is an issue. Right now, the LICENSE is quite useless.
Thus, we should choose a license (GPLv2 or GPLv3) and preppend it in the source files. As a consequence, anybody (read you) would know under which license a piece of code is distributed.
I see that Gentoo is released under GPLv2. Besides, the development team states in their social contract that Gentoo is licensed under GNU General Public License version 2 (or later, at [their] discretion).
I understand the concern since GPLv2 or later gives the maximum compatibility with other GPL licenses. See https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility
Accordingly, we should clarify the copyright policy (e.g. in the README) of the passff team, on the model of the Gentoo team, and specify that the license affect the whole project, unless specified otherwise.
Am I correct? I'm pretty confident I got it quite right though.
Raised Issues
Can I include GPLv2 code in GPLv3 Is a repo GPLv2 or later with just the GPLv2 LICENSE file?
PassFF is licensed under GPLv2. However, our source files don't have the copyright & license notice, while the GPLv2 requires it. Therefore, the source files are not clearly under a license right now, which is an issue. Right now, the LICENSE is quite useless.
Well, IANAL but I think in this context it's clear that GPLv2 is meant to cover those files. But yes, having a proper copyright notice in files with code would be much better.
Thus, we should choose a license (GPLv2 or GPLv3) and preppend it in the source files. As a consequence, anybody (read you) would know under which license a piece of code is distributed.
License or multiple licenses. For example, you can choose 'GPL version 2 or later'. However, note that if others have already contributed to this repository, you may need to ask them for permission to change license.
I see that Gentoo is released under GPLv2. Besides, the development team states in their social contract that Gentoo is licensed under GNU General Public License version 2 (or later, at [their] discretion).
I understand the concern since GPLv2 or later gives the maximum compatibility with other GPL licenses. See https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility
In our case we're not integrating passff into our repositories but merely letting our users install it, so the compatibility problem is irrelevant to us (but it might be relevant if others choose to combine passff directly into their project). In our case it's about informing our users what the license is (and letting them choose whether they want to install software using the specific license), and we can't inform them properly if we aren't sure ;-).
Accordingly, we should clarify the copyright policy (e.g. in the README) of the passff team, on the model of the Gentoo team, and specify that the license affect the whole project, unless specified otherwise.
That's one way to do it. However, what's really important for us is whether you allow newer versions of GPL or version 2 only, because we distinguish those two options and express them appropriately.
That said, I think having copyright notices in source files would actually be better, especially that GPL seems to indeed require them. Copyright is a very slick topic, so we always prefer to stay on the safe side.
I think in this context it's clear that GPLv2 is meant to cover those files.
According to section 4.7 of the EUPL Guidelines (which has been checked by lawyers):
[Stating the choice of license where the software is provided] is not sufficient for legal purposes. For that, the software code itself must refer to the licence or contain the licence.
Also note that those guidelines state the following:
There is no need to include the actual text of the licence [where the software is provided], a name and a link to the original licence text will better ensure the reference to a single source.
However, this does not apply to the GPL, because article 1 of the GPL explicitly states a copy of the license document must be provided.
you may need to ask them for permission to change license.
Well, if we follow the above guidelines, there is no license on the code whatsoever, because the code itself does not specify a license. Therefore, all contributors have to be asked for permission.
That said, and having checked the compatibility matrix, I'd go for 'GPL v2 or later'
Hey, who contributed to PassFF?
PassFF-host
To modify the license of PassFF-host, we may ask to our 6 contributors.
5bentz, tuxor1337, shtrom, wezm, vizv, khinsen
PassFF
To modify the license of PassFF, we have more contributors. And the project is also older, and many contributions are now obsolete.
$ for i in src/modules/*.js; do git blame $i; done | awk '{print $2}' | sort | uniq -c | sort -rn | less
2701 (Thomas Vogt
126 (5bentz
117 (Tobias Umbach
57 (tuxor1337
13 (Nathan Wallace
12 (girst
7 (Philip Rinn
7 (jvenant
7 (Eric Culp
4 (Bendik R.
2 (Dan
2 (cs
Besides passff-host, Tobias Umbach, Nathan Wallace and girst have more than 10 lines of code reported by git-blame.
Other more-or-less older major contributors are: jvenant (first maintainer of the project), U8NWXD, Philip Rinn (recent commits), drmoose and phryneas (substantial contributions).
In the translations:
295 (5bentz
283 (Thomas Vogt
165 (Eric Culp
82 (tuxor1337
49 (cs
39 (Paul Peregud
14 (Nathan Wallace
7 (girst
5 (swarnk
5 (Philip Rinn
1 (Evan Klitzke
More than 10 lines besides the code: Eric Culp, cs, Paul Peregud.
Other contributors: horosgrisa (substantial contributions), swarnk (recent contribution).
Mapping user -> GitHub
Thomas Vogt -> tuxor1337 Tobias Umbach -> sometoby Nathan Wallace -> nwallace Philip Rinn -> innir Eric Culp -> singron Paul Peregud -> paulperegud
All in all, I'd say we could (should?) ask:
PassFF-host: 6 contributors: 5bentz, tuxor1337, shtrom, wezm, vizv, khinsen PassFF: 15 contributors: 5bentz, tuxor1337, sometoby, nwallace, girst, jvenant, U8NWXD, innir, drmoose, phryneas, singron, cs, paulperegud, horosgrisa, swarnk.
Total: 19 contributors.
Of course, the notion of substantial contribution is arbitrary.
Other resources:
-
For Clarity's Sake, Please Don't Say “Licensed under GNU GPL 2”! The fact that "GNU GPL 2" is unclear and should be avoided.
We need:
- [ ] A license notice in each file, mentioning the name of the software PassFF/PassFF-host and the versions version 2 or later (todo)
- [x] A license file (done)
This file is part of PassFF.
PassFF is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
(at your option) any later version.
PassFF is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with PassFF. If not, see <https://www.gnu.org/licenses/>.
Another reference for a project that went through a similar "relicensing": https://github.com/quodlibet/relicensing
I've read GPLv2 and GPLv3 multiple times before, and iirc you need to specify in each source file the license (and the copyright holder and year) of that file (I am sure gnu.org has templates for it). Also, you need to include a full verbatim copy of the license, and then you run or install the software, the user has to see that it is under GPL (I am not sure how that should be possible since the host runs "automatically" in the background without user's interaction and "installing" is simply a download.
GPLv3 or later
protects against DRM, among other things, and covers more regions where their copyright laws are weird. So if in doubt, we should use GPLv3 or later, unless we have strong reason to use GPLv2 or later.