Re: [exim] licensing and SPDX

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] licensing and SPDX
Jeremy Harris via Exim-users <exim-users@???> (So 30 Okt 2022 13:22:25 CET):
> Does anyone have opinions on the licensing of Exim?


I didn't think about Exim's licensing ever. For me Exim is just Free and
Open Source, whatever this means in detail, but *personally* most
important: no restrictions are applied to Exim's use. (Which means, even
if you're a spammer or terrorist (from my limited point of view), you're
free to use Exim, I may hate you doing so, but I won't deny it.)

But, leaving this private thing aside…

> a) Do we care?  Should we label every text file in sight?
>    Or not take any action?


I wouldn't care too much right now.

> b) Do existing licence conditions mentioned in specific file matter?
>    For example: a few files are commented (my precis) "GPLv2 or later",
>    some with "open source, do what you want".
>    We could
>    - not label such files
>    - try to use a label matching the existing text
>    - label with the project choice of licence


In theory I'd say the file's license overrides the one provided
globally. But from practial point of view I wouldn't expect a user to
check every single file for the license. (But probably that's what SPDX
then could make a bit easier.)

> c) What license should we label with?
>    - Given the dates above, I'm tempted to say that GPLv2-only
>      should be taken as the original intent.  But I don't know
>      how much freedom we have for change, nor what (if any)
>      might be preferred.


From a legal point of view (but IANAL by any means), we probably could
find an SPDX identifier matching the *current* license statement of each
individual file, to match the *current* intent. This implicates that
the *current* license is compatible with any previous one or is
confirmed by the holder of the previous license.


Changing *all* files might be doable, but I wouldn't feel comfortable
doing so, because it would require me to understand the licensing
details of every single file.

1) require *new* files having the SPDX identifier
2) (in a 2nd step) require modified files having that identifier

Both should be doable with hooks in our Git repo.

> d) What are the legal implications of doing this labelling?
>    Specifically, when different files are differently (not)labelled?


Not sure at all.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -