RE: CTU CAN FD driver multi-licence for Nuttx

2023-09-06 Thread Shane Curcuru 

On 2023/08/09 00:20:42 Andrew Dennison wrote:

Hi Nuttx Dev,

We are negotiating with the authors of the linux device driver for the CTU
CAN FD IP core to it re-licenced from GPL to so the driver can then be
ported to Nuttx.


Just a reminder: Apache policy prohibits GPL code, or GPL-derived code, 
from being included in any ASF project:


  https://apache.org/legal/resolved#category-x

If there is *any* question about the license of incoming code, then you 
should ask the Legal Affairs Committee for advice, after reviewing the 
ASF policy on source headers:


  https://apache.org/legal/src-headers.html

Specific questions (i.e. about a specific body of code under license X 
that the project wants to incorporate) should be asked on Jira:


  https://issues.apache.org/jira/projects/LEGAL/issues

--
- Shane
  ASF Member
  The Apache Software Foundation


I've seen various licencing examples in the nuttx code base: but no high
level description that gives a definitive answer. For example there are
some cases where Authors are preserved and the code is BSD-2-Clause or
BSD-3-Clause (not Apache-2.0).

We would appreciate some feedback on whether the proposal from Pavel below
is acceptable or if any minor adjustments would help.

Kind regards,

Andrew Dennison
Chief Architect and Hardware Team Lead
MoTeC (A Bosch Company)

On Tue, 8 Aug 2023 at 19:48, Pavel Pisa  wrote:

>
> OK, consider driver code license and NuttX compatible.
> We need to discuss what will be actual variant and file
> headers text. I suggest
>
> // SPDX-License-Identifier: GPL-2.0+ OR BSD-2-Clause OR Apache-2.0
>
> 
/***
>  *
>  * CTU CAN FD IP Core
>  *
>  * Copyright (C) 2015-2018 Ondrej Ille  FEE CTU
>  * Copyright (C) 2018-2020 Ondrej Ille  self-funded
>  * Copyright (C) 2018-2019 Martin Jerabek 
> FEE CTU
>  * Copyright (C) 2018-2020 Pavel Pisa  FEE
> CTU/self-funded
>  *
>  * Project advisors:
>  * Jiri Novak 
>  * Pavel Pisa 
>  *
>  * Department of Measurement (http://meas.fel.cvut.cz/)
>  * Faculty of Electrical Engineering (http://www.fel.cvut.cz)
>  * Czech Technical University(http://www.cvut.cz/)
>  */
>
> I am not sure if that is acceptable for NuttX mainline, but I do not like
> process which stripped all information about real code authors when
> NuttX has been absorbed by Apache. The Copyright (C) statementscan be
> replaced
> by text "Authors list"  if copyright of NuttX copy should be transferred
> to Apache. But I would tend to keep list of authors who invested time,
> lot of it even from own spare one...
>
>
>

--
*MoTeC Pty Ltd*

121 Merrindale Drive
Croydon South 3136
Victoria Australia
*T: *61 3 9761 5050
*W: *www.motec.com.au 


--
  
 
 
 




--
 

--


Disclaimer Notice: This message, including any attachments, contains 
confidential information intended for a specific individual and purpose and 
is protected by law. If you are not the intended recipient you should 
delete this message. Any disclosure, copying, or distribution of this 
message or the taking of any action based on it is strictly prohibited.

RE: Re: [EXT] Re: CTU CAN FD driver multi-licence for Nuttx

2023-09-12 Thread Shane Curcuru 

On 2023/09/07 14:32:40 "Alan C. Assis" wrote:

I think GPL code shouldn't be included directly, but I think it is
fair to allow GPL code be downloaded using the building system case
user selected it.


That's pretty close to what ASF policy is, so that's a great start.  As 
a reminder, in terms of artifacts checked into any ASF repository, ASF 
policy is what matters, not legal details about licenses.


ASF projects may *not* include or distribute Category X components 
(which includes GPL and related licenses) anywhere:


  https://apache.org/legal/resolved#prohibited

ASF projects may rely on the user downloading or otherwise obtaining 
themselves GPL-like software when needed for optional use cases:


  https://apache.org/legal/resolved#optional

The rest of the FAQs there are worth reading for more of the rationale.


Some time ago I suggested to create a tainted variable in the building
system to track it, after I suggested that a friend of mine from
Espressif added it to Zephyr.

Doing this way will avoid someone saying that wasn't aware of BSD,
MIT, GPL or other license included in their final binary.


Exactly!  Principle of least surprise: when someone gets software from 
the ASF, they must *never* be surprised to find GPL software inside. 
They might be asked to install - themselves, separately - common build 
tools or other components if they want to use optional features.  But 
users must always be able to download, modify, and fully use the primary 
use cases of an ASF product under permissive style licenses completely.


I would highly suggest that this issue and steps the project is taking 
to evaluate (and fix, if needed) any GPL code here be included in your 
next board report.


Thanks all for working on this!

--
- Shane
  Member
  The Apache Software Foundation


BR,

Alan

On 9/7/23, Peter van der Perk  wrote:
> There was a discussion when the kconfig GPL switch got introduced.
> The libcanutils code from my perspective would be interpreted as BSD-3.
> But it was decided otherwise
> https://github.com/apache/nuttx-apps/pull/833#issuecomment-918875006
>
> -Original Message-
> From: Gregory Nutt 
> Sent: Thursday, September 7, 2023 3:50 PM
> To: dev@nuttx.apache.org
> Subject: [EXT] Re: CTU CAN FD driver multi-licence for Nuttx
>
> On 9/6/2023 5:15 AM, alin.jerpe...@sony.com wrote:
>> There are known CAN sources that have GPL code and have been
>> documented in the LICENSE File
>>
>> All this code is protected under the include GPL code config option
>> and disabled by default
>>
>> Is this approach approved or we should completely remove the GPL code from
>> NuttX?
>
> My understanding is that there can be no GPL code in any way in the Apache
> project repository.
>
> In the case of the CANFD code, it has a dual license, GPL or BSD-3.  I don't
> recall all of the details but, as a podling at the time, we discussed this
> pretty thoroughly with our mentors and the inclusion of the dual licensed
> third party code was found acceptable.  Justin McClean was involved in this
> discussion.  I briefly looked for the e-mail thread that addressed this, but
> I could not find it so my recollection might be faulty,.
>
> Any pure GPL should be removed in my opinion.
>
>

Re: Legal help to (Apache) NuttX RTOS: adding licenseed driver

2023-12-10 Thread Shane Curcuru 

Gregory Nutt wrote on 12/10/23 9:54 AM:

On 12/10/2023 7:15 AM, Alan C. Assis wrote:

I understand your point. And in fact I think the issue is not your
contribution itself, but the future contribution from developers of RTEMS
and Linux that are using GPL.


I think we have to be careful with the word "contribution".  The ASF 
cannot accept any contribution that is licensed and copyrighted by some 
other entity.  To "contribute" the code is to donate the code to the ASF 
without retaining any claims to it. Then the code belongs to the ASF and 
can be re-licensed as Apache 2.0 with the ASF copyright.


Er, no, that's not how the ASF treats "contributions".  In general, when 
someone contributes their copyrighted work to an Apache project, they 
keep the copyright, and merely license enough rights to the ASF such 
that the ASF (through our projects) can then re-ship that contribution 
at any point in the future as part of a larger work, under terms like 
the Apache-2.0 license.


Any contributions still "belong" copyright-wise to the original author, 
who can continue to do whatever else they want with their code, 
including submitting to other projects, possibly under other licenses.


The legal framework for contributions is twofold, so folks interested in 
details really need to read both of these:


- Apache-2.0 license, section 5. Submission of Contributions
  https://www.apache.org/licenses/LICENSE-2.0#contributions

- Individual Contributor License Agreement
  https://www.apache.org/licenses/contributor-agreements.html#clas

The point is that the ASF only takes enough licensed rights so that we 
can safely ship code in our projects, *and* so that users of Apache 
projects only have to comply with the Apache-2.0 license overall.


--
- Shane
  Member
  The Apache Software Foundation

Re: Legal help to (Apache) NuttX RTOS: adding licenseed driver

2023-12-11 Thread Shane Curcuru 

Gregory Nutt wrote on 12/10/23 5:22 PM:


On 12/10/2023 4:05 PM, Shane Curcuru wrote:


I think we have to be careful with the word "contribution".  The ASF 
cannot accept any contribution that is licensed and copyrighted by 
some other entity.  To "contribute" the code is to donate the code to 
the ASF without retaining any claims to it. Then the code belongs to 
the ASF and can be re-licensed as Apache 2.0 with the ASF copyright.


Er, no, that's not how the ASF treats "contributions".  In general, 
when someone contributes their copyrighted work to an Apache project, 
they keep the copyright, and merely license enough rights to the ASF 
such that the ASF (through our projects) can then re-ship that 
contribution at any point in the future as part of a larger work, 
under terms like the Apache-2.0 license.

...[snip]...


That use of the word "contribution" is causing me a little cognitive 
dissonance, but I will adapt.  Synonyms for "contribution" include 
donation, gift, present, grant, etc., most which are not interchangeable 
with "contribution" in this context.


"Contribution" is a specific term defined in the Apache-2.0 license, so 
when we're using it in reference to someone committing code (or other 
things) to an ASF repository, we're using the specific definition there.


  https://www.apache.org/licenses/LICENSE-2.0#definitions

How does the copyright holder "license enough rights to the ASF"?  I 
suppose that is via the license that they chose for the work, rather 
than through any specific interaction with the ASF?


If the copyright holder is a committer on any ASF project, then they've 
already signed the ICLA, which lays out in detail what they agree to 
whenever they're checking in code to any ASF repository.


  https://www.apache.org/licenses/contributor-agreements.html

So if you're looking for general information, the first step is to read 
the license and ICLA in detail, and then ask questions relating to 
specific parts therein.


But it feels like we've lost sight of the actual question for the 
project, which is something about "is it OK to accept *this* bit of code 
in our repository" - or something like that.


If the project is looking for an answer about legal questions, it always 
helps to be *very* specific about what you want to do, as in "Is it OK 
if so-and-so checks in this file ->, which is under this license -> to 
our project in this directory?" or the like.


In general, in terms of code with multiple licenses, one question the 
ASF likes to ask is that the copyright owner of the code is explicitly 
saying it's available under a permissive license, or is otherwise 
helping to commit the code at the ASF.  That's not strictly a legal 
question, more a policy one: the ASF prefers contributions into our 
project repositories that are *willingly* given (and are licensed 
appropriately).


I hope that helps more than confuses things!

--
- Shane
  Member
  The Apache Software Foundation