Re: Question on two MIT-derivatives


Christian Ehrhardt
 

On Fri, Jul 9, 2021 at 11:07 AM Philippe Ombredanne
<pombredanne@nexb.com> wrote:

Hi Christian:

On Thu, Jul 8, 2021 at 11:27 PM Christian Ehrhardt
<christian.ehrhardt@canonical.com> wrote:

Hi SPDX,
I was refreshing the license info on a Debian package and found two
licenses that seemed to be MIT-variants that I wasn't sure about. The
reason I looked at it was mostly technical as the current way to
identify them was triggering a lintian warning, but as I said I
wondered what would be correct.

I was not finding the two derivatives in your license list at [1] nor
as an exception in [2].
There are already a bunch of MIT-* identifiers, but none matched the
two that I had.
So I had no "official identifiers" to use and just came up with two for now.

I changed the identifiers like
- MIT(*) -> MIT-ibm
- MIT(**) -> MIT-no-ad
and that satisfies Lintian at least.
The full text of those can be found at [3][4].

I'm full of questions:
- having a look at them, would you think they should be added to your
list and get assigned official identifiers?
- Are these even licenses on their own that deserve an ID?
- Would it need the project or License owner to do such a request?
- I'm neither of that and just looked at it by accident - If needed
I'd be ok to file an issue as outlined in [5] and discuss, but I'm not
sure I could do much more on it.

[1]:https://spdx.org/licenses/
[2]: https://spdx.org/licenses/exceptions-index.html
[3]: https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/lib/misc/base64.c#L4
[4]: https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/services/plugins/resolutionSet/libvmwarectrl.h#L4
[5]: https://github.com/spdx/license-list-XML/blob/master/DOCS/license-inclusion-principles.md

I ran scancode-toolkit and the license in base64.c [1] is identified
as an ISC alright. The only (IMHO not material) change is the sentence
"modify, and distribute" with a plain "and" instead of "modify, and/or
distribute" with "and/or". The relevant ISC variant that was detected
is at [2]. The author "INTERNET SOFTWARE CONSORTIUM" is different but
this is within matching guidelines and

Note that the second license in this file is not tracked by SPDX for
now and is detected as "ibm-dhcp" or SPDX LicenseRef-scancode-ibm-dhcp
[3]

In the file libvmwarectrl.h [4] scancode detects another license which
is not yet tracked by SPDX and that we call "xfree86-1.0" or SPDX
LicenseRef-scancode-xfree86-1.0 [5] which is the name used where we
found it [6]

/hth
You really did help, thanks for the pointers and license disambiguation!
I think with that in place there is no further need to fix (in
project) or track (SPDX) them in more detail.

Thanks!

[1]: https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/lib/misc/base64.c#L4
[2]: https://github.com/nexB/scancode-toolkit/blob/3f7da81d6b207ac2b1d384defb83a5f2c82216f4/src/licensedcode/data/rules/isc_9.RULE
[3]: https://scancode-licensedb.aboutcode.org/ibm-dhcp
[4]: https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/services/plugins/resolutionSet/libvmwarectrl.h#L4
[5]: https://scancode-licensedb.aboutcode.org/xfree86-1.0
[6]: http://www.xfree86.org/current/LICENSE5.html#18
[7]: https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/debian_copyright.py
--
Cordially
Philippe Ombredanne

+1 650 799 0949 | pombredanne@nexB.com
DejaCode - What's in your code?! - http://www.dejacode.com
AboutCode - Open source for open source - https://www.aboutcode.org
nexB Inc. - http://www.nexb.com





--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd

Join spdx@lists.spdx.org to automatically receive all group messages.