Introduce comprehensive COPYRIGHT file #4432
Conversation
Add new COPYRIGHT file that sumerizes copyrights and licenses of source
code files.
This file was generated with the command:
licensecheck --check '.*' --ignore '.*(\.png|\.jpg|\.ico|\.gif|\.dat|\.pem|\.der|\.cer|\.p8|\.p12|\.x509_ca|\.key_1024|\.key_2048|\.key_4096|\.RES|\.gz)' --recursive --deb-machine --lines 0 * > COPYRIGHT
This adds the files that were skipped by licensecheck. These files were
found using the command:
git ls-files --recurse-submodules *.png *.jpg *.ico *.gif *.dat *.pem *.der *.cer *.p8 *.p12 *.x509_ca *.key_1024 *.key_2048 *.key_4096 *.RES *.gz
The licensecheck tool is not perfect, so clean up some obvious errors.
… submodule All files not in a submodule and without an explicit license header are implied to covered under the top-level LICENSE file. Use `*` to indicate this instead of individually listing files. Some files with different license terms were found and moved to their own sections accordingly.
All files without an explicit license header are covered under the license given in lib/axtls/www/index.html as per the README.
This submodules doesn't have a top-level license file, so there are a number of files that don't have an explicit or implicit license. Also, licensing on the Adobe font files is not clear.
Files without an explicit license header are assumed to be covered under the top-level LICENSE file in the lib/libffi submodule.
It is assumed that any file without an explicit license header is covered by the top level COPYING file in the lib/lwip submodule. Non-standard variations on the BSD license are given explicitly.
It is assumed that any file without an explicit license is covered by the top-level LICENSE file in the lib/nrfx submodule.
The removed "or CC0" was a false positive from the licensecheck tool.
Note: the file drivers/cc3000/src/patch.c looks like it contains compiled binary code from an unknown source.
Note most of the files in this directory are coverd under the top-level * copyright.
Note: some files refer to an unknown "BSD-style" license.
These files contain two licenses, neither of which are the detected BSD-2 clause license.
|
Thanks for making a good start on this issue. There are two main problems with how it's done here:
It might also be a good idea to separate the issues of license and copyright. Licensing is arguably more important for someone looking to use the code, and including copyright info with licensing info makes it harder to read. So a comprehensive list of licenses would just list source code and corresponding license (no copyright holder), and copyright could be found in the source files themselves (which are known because they are pointed to from the license listing). |
In that case, I think adding SPDX license identifiers to files would be a better solution. One thing I am wondering about though is that if you separate the license from the copyright, it makes complying with the requirement "Redistributions in binary form must reproduce the above copyright notice" more difficult. |
Yes that's true, but hopefully there are not that many cases of this (?). MIT doesn't require this, so with MIT you only need to know the copyright if you're copying the source code, and then the copyright is already there in the code. |
This comes from the BSD 3/4-clause license, so based on my findings, this would include:
from: #4363 (comment)
I found this (more specifically, ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change) which seems to indicate that this no longer applies. |
|
So, excluding MIT and BSD licensed files, we are left with the following... Simple permissive licenses (similar to MIT):
Extensive licenses (the really long ones):
Unknown license:
(Note: And I'm sure I've missed some things given the sheer number of files to process. |
…ents Bitmap dirty improvements
MicroPython (including git submodules) currently includes over 5000 source code files that contain over 30 distinct licenses and 100s of copyright holders.
This is an attempt to summarize all of that information in a useful form. The COPYRIGHT file uses the standard Debian copyright file format (aka DEP5), which is both human-readable and machine-readable. The initial file was created with tools that parsed all source code files and then was manually cleaned up.
Although this cannot be claimed to be a definitive solution for license compliance, it should be a useful guide for anyone who redistributes MicroPython in binary form.
Also see: #4363 (comment)