License Infrastructure Interest Group

From Yocto Project
Jump to: navigation, search

Contents

Overview

This group is for discussion of all things having to do with licenses, specifically, license wrangling, field parsing, possible SPDX implementation, etc.

SPDX

The Software Package Data Exchange® (SPDX™) specification is a standard format for communicating the components, licenses and copyrights associated with a software package. For the common-licenses used for the Yocto Project, we should, when possible, use the SPDX generic licenses for Yocto's license wrangling. As well, we should also use the SPDX Identifier field to identify the license fields within LICENSE

LICENSE Field Standard

Packages with known LICENSE issues

  • none

Naming

All names should adhere to the textfile name of the common-license as defined in poky/meta/files/common-licenses. These file names follow the SPDX naming standard when an SPDX license file is available. If no SPDX file exists, we should:

  • Attempt to get a generic license from the license provider
  • Offer the generic upstream to SPDX (to be defined)

This following is a list of all liceneses currently registered with SPDX.

Licenses

Full name Identifier Text
Academic Free License v1.1 AFL-1.1

License Text

Academic Free License v1.2

AFL-1.2

License Text

Academic Free License v2.0

AFL-2.0

License Text

Academic Free License v2.1

AFL-2.1

License Text

Adaptive Public License

APL-1.0

License Text

Apache License 1.0

Apache-1.0

License Text

Apache License 1.1

Apache-1.1

License Text

Apache License 2.0

Apache-2.0

License Text

Apple Public Source License 1.0

APSL-1.0

License Text

Apple Public Source License 1.1

APSL-1.1

License Text

Apple Public Source License 1.2

APSL-1.2

License Text

Apple Public Source License 2.0

APSL-2.0

License Text

Artistic License 1.0

Artistic-1.0

License Text

Artistic License 2.0

Artistic-2.0

License Text

Attribution Assurance License

AAL

License Text

Boost Software License 1.0

BSL-1.0

License Text

BSD 2-clause "Simplified" or "FreeBSD" License

BSD-2-Clause

License Text

BSD 3-clause "New" or "Revised" License

BSD-3-Clause

License Text

BSD 4-clause "Original" or "Old" License

BSD-4-Clause

License Text

CeCILL Free Software License Agreement v1.0

CECILL-1.0

License Text

CeCILL Free Software License Agreement v2.0

CECILL-2.0

License Text

CeCILL-B Free Software License Agreement

CECILL-B

License Text

CeCILL-C Free Software License Agreement

CECILL-C

License Text

Clarified Artistic License

ClArtistic

License Text

Common Development and Distribution License 1.0

CDDL-1.0

License Text

Common Public Attribution License 1.0

CPAL-1.0

License Text

Common Public License 1.0

CPL-1.0

License Text

Computer Associates Trusted Open Source License 1.1

CATOSL-1.1

License Text

Creative Commons Attribution 1.0

CC-BY-1.0

License Text

Creative Commons Attribution 2.0

CC-BY-2.0

License Text

Creative Commons Attribution 2.5

CC-BY-2.5

License Text

Creative Commons Attribution 3.0

CC-BY-3.0

License Text

Creative Commons Attribution No Derivatives 1.0

CC-BY-ND-1.0

License Text

Creative Commons Attribution No Derivatives 2.0

CC-BY-ND-2.0

License Text

Creative Commons Attribution No Derivatives 2.5

CC-BY-ND-2.5

License Text

Creative Commons Attribution No Derivatives 3.0

CC-BY-ND-3.0

License Text

Creative Commons Attribution Non Commercial 1.0

CC-BY-NC-1.0

License Text

Creative Commons Attribution Non Commercial 2.0

CC-BY-NC-2.0

License Text

Creative Commons Attribution Non Commercial 2.5

CC-BY-NC-2.5

License Text

Creative Commons Attribution Non Commercial 3.0

CC-BY-NC-3.0

License Text

Creative Commons Attribution Non Commercial No Derivatives 1.0

CC-BY-NC-ND-1.0

License Text

Creative Commons Attribution Non Commercial No Derivatives 2.0

CC-BY-NC-ND-2.0

License Text

Creative Commons Attribution Non Commercial No Derivatives 2.5

CC-BY-NC-ND-2.5

License Text

Creative Commons Attribution Non Commercial No Derivatives 3.0

CC-BY-NC-ND-3.0

License Text

Creative Commons Attribution Non Commercial Share Alike 1.0

CC-BY-NC-SA-1.0

License Text

Creative Commons Attribution Non Commercial Share Alike 2.0

CC-BY-NC-SA-2.0

License Text

Creative Commons Attribution Non Commercial Share Alike 2.5

CC-BY-NC-SA-2.5

License Text

Creative Commons Attribution Non Commercial Share Alike 3.0

CC-BY-NC-SA-3.0

License Text

Creative Commons Attribution Share Alike 1.0

CC-BY-SA-1.0

License Text

Creative Commons Attribution Share Alike 2.0

CC-BY-SA-2.0

License Text

Creative Commons Attribution Share Alike 2.5

CC-BY-SA-2.5

License Text

Creative Commons Attribution Share Alike 3.0

CC-BY-SA-3.0

License Text

CUA Office Public License v1.0

CUA-OPL-1.0

License Text

Eclipse Public License 1.0

EPL-1.0

License Text

eCos license version 2.0

eCos-2.0

License Text

Educational Community License v1.0

ECL-1.0

License Text

Educational Community License v2.0

ECL-2.0

License Text

Eiffel Forum License v1.0

EFL-1.0

License Text

Eiffel Forum License v2.0

EFL-2.0

License Text

Entessa Public License

Entessa

License Text

Erlang Public License v1.1

ErlPL-1.1

License Text

EU DataGrid Software License

EUDatagrid

License Text

European Union Public License 1.0

EUPL-1.0

License Text

European Union Public License 1.1

EUPL-1.1

License Text

Fair License

Fair

License Text

Frameworx Open License 1.0

Frameworx-1.0

License Text

GNU Affero General Public License v3

AGPL-3.0

License Text

GNU Free Documentation License v1.1

GFDL-1.2

License Text

GNU Free Documentation License v1.2

GFDL-1.2

License Text

GNU Free Documentation License v1.3

GFDL-1.3

License Text

GNU General Public License v1.0 only

GPL-1.0

License Text

GNU General Public License v1.0 or later

GPL-1.0

#licenseText License Text

GNU General Public License v2.0 only

GPL-2.0

License Text

GNU General Public License v2.0 or later

GPL-2.0

#licenseText License Text

GNU General Public License v2.0 w/Autoconf exception

GPL-2.0-with-autoconf-exception

License Text

GNU General Public License v2.0 w/Bison exception

GPL-2-with-bison-exception

License Text

GNU General Public License v2.0 w/Classpath exception

GPL-2.0-with-classpath-exception

License Text

GNU General Public License v2.0 w/GCC Runtime Library exception

GPL-2,0-with-GCC-exception

License Text

GNU General Public License v2.0 w/Font exception

GPL-2,0-with-font-exception

License Text

GNU General Public License v3.0 only

GPL-3.0

License Text

GNU General Public License v3.0 or later

GPL-3.0

#licenseText License Text

GNU General Public License v3.0 w/Autoconf exception

GPL-3.0-with-autoconf-exception

License Text

GNU General Public License v3.0 w/GCC Runtime Library exception

GPL-3.0-with-GCC-exception

License Text

GNU Lesser General Public License v2.1 only

LGPL-2.1

License Text

GNU Lesser General Public License v2.1or later

LGPL-2.1

#licenseText License Text

GNU Lesser General Public License v3.0 only

LGPL-3.0

License Text

GNU Lesser General Public License v3.0 or later

LGPL-3.0

#licenseText License Text

GNU Library General Public License v2 only

LGPL-2.0

License Text

GNU Library General Public License v2 or later

LGPL-2.0

#licenseText License Text

gSOAP Public License v1.b

gSOAP-1.3b

License Text

Historic Permission Notice and Disclaimer

HPND

License Text

IBM Public License v1.0

IPL-1.0

License Text

IPA Font License

IPA

License Text

ISC License (Bind, DHCP Server)

ISC

License Text

LaTeX Project Public License v1.0

LPPL-1.0

License Text

LaTeX Project Public License v1.1

LPPL-1.1

License Text

LaTeX Project Public License v1.2

LPPL-1.2

License Text

LaTeX Project Public License v1.3c

LPPL-1.3c

License Text

libpng License

Libpng

License Text

Lucent Public License v1.02 (Plan9)

LPL-1.02

License Text

Microsoft Public License

MS-PL

License Text

Microsoft Reciprocal License

MS-RL

License Text

MirOS Licence

MirOS

License Text

MIT license (also X11)

MIT

License Text

Motosoto License

Motosoto

License Text

Mozilla Public License 1.0

MPL-1.0

License Text

Mozilla Public License 1.1

MPL-1.1

License Text

Multics License

Multics

License Text

NASA Open Source Agreement 1.3

NASA-1.3

License Text

Naumen Public License

Nauman

License Text

Nethack General Public License

NGPL

License Text

Nokia Open Source License

Nokia

License Text

Non-Profit Open Software License 3.0

NPOSL-3.0

License Text

NTP License

NTP

License Text

OCLC Research Public License 2.0

OCLC-2.0

License Text

Open Group Test Suite License

OGTSL

License Text

Open Software License 1.0

OSL-1.0

License Text

Open Software License 2.0

OSL-2.0

License Text

Open Software License 3.0

OSL-3.0

License Text

OpenLDAP Public License v2.8

OLDAP-2.8

License Text

OpenSSL License

OpenSSL

License Text

PHP License v3.0

PHP-3.0

License Text

PostgreSQL License

PostgreSQL

License Text

Python Software Foundation License v2

Python-2.0

License Text

Q Public License 1.0

QPL-1.0

License Text

RealNetworks Public Source License v1.0

RPSL-1.0

License Text

Reciprocal Public License 1.5

RPL-1.5

License Text

Red Hat eCos Public License v1.1

RHeCos-1.1

License Text

Ricoh Source Code Public License

RSCPL

License Text

Ruby License

Ruby

License Text

SIL Open Font License 1.1

OFL-1.1

License Text

Simple Public License 2.0

Simple-2.0

License Text

Sleepycat License

Sleepycat

License Text

SugarCRM Public License v1.1.3

SugarCRM-1.1.3

License Text

Sun Public License

SPL

License Text

Sybase Open Watcom Public License 1.0

Watcom-1.0

License Text

University of Illinois/NCSA Open Source License

NCSA

License Text

Vovida Software License v1.0

VSL-1.0

License Text

W3C Software and Notice License

W3C

License Text

wxWindows Library License

WXwindows

License Text

X.Net License

Xnet

License Text

XFree86 License 1.1

XFree86-1.1

License Text

Yahoo! Public License v1.1

YPL-1.1

License Text

Zimbra Publice License v1.3

Zimbra-1.3

License Text

zlib License

Zlib

License Text

Zope Public License 1.1

ZPL-1.1

License Text

Zope Public License 2.0

ZPL-2.0

License Text

Zope Public License 2.1

ZPL-2.1

License Text

Parsing operations

The LICENSE field is parsed by converting the field to a Python Abstract Syntax Tree. ASTs are internal to the python compiler and are used by python in the generation of python bytecode. We create, from the LICENSE field after attempting to turn it more "pythonesque", an abstract syntax tree via ast.parse. Using an AST Visitor class, we then dump the ast and visit each node of the tree.

What this means is that, since we are using the python compiler components to parse the LICENSE field, it should be syntactically valid python.

License v2

Current License Issues

  • Parallel bitbake causes inconsistent license reporting
    • This is because we're doing this in the wrong place. During do_rootfs is where we need to do this as the package populates the rootfs.
  • License decision making is non-existent
    • Right now, we just grab all licenses listed in the license field. We need to have a decision made based on:
      • Tie this in to incompatible license. If something is dual licensed and we *can* restrict this to a different license, do so
      • License legal priority (Which license overrides another license?)
      • License user priority (All things being equal try to provide something under X license first and Y license second)
  • Add licenses to the image as a conf option
  • Possible (generate spdx license files as part of the manifest). SPDX or not, we need a manifest.
  • We have some problematic licenses. License Audit


License v2 Plan

Stage One - Fix current defects:

  • Fix where the license collection occurs. This needs to occur during the creation of the rootfs.
  • Ensure that we can use this during a parallel bitbake
  • Incorporate a flag to allow the image to contain collected licenses.
  • Ensure that we've gotten rid of all license WARNINGS. (Add license text, correct recipes)
  • Create a way to add additional licenses.

Stage Two - License decision making:

  • Check to see if the package license field contains an incompatible license. If it does, toss a warning.
  • Check user/legal license priority.
    • When given FOOv2 | BARv1, where the user has weighted BARv1 as higher than FOOv2, we would choose BAR.
    • When given FOOv2 & BARv1, where FOOv2 overrides BARv1, use FOOv2 even if the user has weighted BARv1 as higher.

Stage Three - Manifest:

  • As we do_rootfs we should:
    • Check to see if the package has an SPDX meta-data file.
      • If it does, use it.
      • If it doesn't, generate one but mark it as automatically generated and not an official spdx file.
    • Gather up spdx files into a work dir
  • Once the image is finished gather up all the spdx licenses and create an spdx manifest for the image
  • Once the image is finished gather up all the spdx licenses and create a raw text manifest for the image
Personal tools