On 04/26/2013 10:28 PM, Richard Fontana wrote:
On Fri, Apr 26, 2013 at 09:28:25PM -0400, Monty Taylor wrote:
What if we were to generate a NOTICE file? We treat the got repo as the true source of record, and we put copyright attribution into each file. What if, same as AUTHORS and ChangeLog, we generate NOTICE at sdist time to include information collected from the individual files?
Sure, you could do that. I hadn't realized that you generated AUTHORS files. Since (I assume) a main purpose of having an AUTHORS file is achieving some degree of author attribution, perhaps the AUTHORS file should be renamed NOTICE, or copied in full into a separate file named NOTICE (perhaps with additional legal information being put in the NOTICE file).
We generate AUTHORS because it's a standard python dist file to have, but people were forgetting to add their names to it - and we realized that we had the information about who the authors were in git, since we do not accept contributions in ways that don't come from git. So we moved to just generated it at tarball creation time - so far, this has worked well. If I run a quick stupid scan of the source tree of nova: git grep -h '# Copyright' | sed 's/United States Government as represented by the/NASA/' | sed 's/([Cc]) //' | sort | uniq I get this: # Copyright 1999-2002 by Fredrik Lundh # Copyright 1999-2002 by Secret Labs AB # Copyright 2001-2010 Twisted Matrix Laboratories. # Copyright 2005, the Lawrence Journal-World # Copyright 2006-2009 Mitch Garnaat http://garnaat.org/ # Copyright 2006-2010 Mitch Garnaat http://garnaat.org/ # Copyright 2009, 2010, 2011 Nicira Networks, Inc. # Copyright 2009 Facebook # Copyright 2010-2011 OpenStack Foundation # Copyright 2010-2011 OpenStack Foundation. # Copyright 2010-2012 OpenStack Foundation # Copyright 2010 Citrix Systems, Inc. # Copyright 2010 Cloud.com, Inc # Copyright 2010, Eucalyptus Systems, Inc. # Copyright 2010 NASA # Copyright 2010 OpenStack Foundation # Copyright 2011-2012 OpenStack Foundation # Copyright 2011 - 2012, Red Hat, Inc. # Copyright 2011-2013 OpenStack Foundation # Copyright 2011-2013 University of Southern California / ISI # Copyright 2011 Andrew Bogott for the Wikimedia Foundation # Copyright 2011 Canonical Ltd. # Copyright 2011 Citrix Systems, Inc. # Copyright 2011 Cloudscaling, Inc. # Copyright 2011 Denali Systems, Inc. # Copyright 2011 Eldar Nugaev # Copyright 2011 Eldar Nugaev, Kirill Shileev, Ilya Alekseyev # Copyright 2011 Grid Dynamics # Copyright 2011 Isaku Yamahata # Copyright 2011 Isaku Yamahata <yamahata at valinux co jp> # Copyright 2011 Isaku Yamahata <yamahata@valinux co jp> # Copyright 2011 Justin Santa Barbara # Copyright 2011 Ken Pepple # Copyright 2011 Midokura KK # Copyright 2011 NASA # Copyright 2011 Nicira, Inc # Copyright 2011 Nicira Networks, Inc # Copyright 2011 NTT # Copyright 2011 OpenStack Foundation # Copyright 2011 OpenStack Foundation. # Copyright 2011 OpenStack Foundation # All Rights Reserved. # Copyright 2011 Piston Cloud Computing, Inc # Copyright 2011 Piston Cloud Computing, Inc. # Copyright 2011, Piston Cloud Computing, Inc. # Copyright 2011 Rackspace # Copyright 2011 Red Hat, Inc. # Copyright 2011 Rosetta Contributors and Canonical Ltd 2011 # Copyright 2011 University of Southern California # Copyright 2011 University of Southern California / ISI # Copyright 2011 X.commerce, a business unit of eBay Inc. # Copyright 2012-2013, AT&T Labs, Yun Mao <yunmao@gmail.com> # Copyright 2012-2013 IBM Corp. # Copyright 2012-2013 Red Hat, Inc. # Copyright 2012 Andrew Bogott for the Wikimedia Foundation # Copyright 2012, AT&T Labs, Yun Mao <yunmao@gmail.com> # Copyright 2012 Canonical Ltd # Copyright 2012 Citrix Systems, Inc. # Copyright 2012 Cloudbase Solutions Srl # Copyright 2012 Cloudbase Solutions Srl / Pedro Navarro Perez # Copyright 2012 Cloudscaling # Copyright 2012, Cloudscaling # Copyright 2012 Cloudscaling Group, Inc # Copyright 2012 Cloudscaling Group, Inc. # Copyright 2012 Cloudscaling, Inc. # Copyright 2012 Grid Dynamics # Copyright 2012 Hewlett-Packard Development Company, L.P. # Copyright 2012 IBM Corp. # Copyright 2012 Intel Corporation. # Copyright 2012 Intel, Inc. # Copyright 2012 Intel, LLC # Copyright 2012 Justin Santa Barbara # Copyright 2012 Michael Still # Copyright 2012 Michael Still and Canonical Inc # Copyright 2012 Midokura Japan K.K. # Copyright 2012 Nebula, Inc. # Copyright 2012 NEC Corporation # Copyright 2012 Nicira Networks, Inc # Copyright 2012 NTT Data # Copyright 2012 NTT DOCOMO, INC # Copyright 2012 NTT DOCOMO, INC. # Copyright 2012 Openstack Foundation # Copyright 2012 OpenStack Foundation # Copyright 2012 OpenStack Foundation. # Copyright 2012, OpenStack Foundation # Copyright 2012 OpenStack Foundation # All Rights Reserved. # Copyright 2012 OpenStack LLC. # Copyright 2012 ORGANIZATION # Copyright 2012 Pedro Navarro Perez # Copyright 2012, Piston Cloud Computing, Inc. # Copyright 2012 Rackspace Hosting # Copyright 2012 Rackspace Hosting # All Rights Reserved. # Copyright 2012 Red Hat, Inc. # Copyright 2012, Red Hat, Inc. # Copyright 2012 SINA Corporation # Copyright 2012 SINA Inc. # Copyright 2012 SUSE LINUX Products GmbH # Copyright 2012 The Cloudscaling Group, Inc. # Copyright 2012 University Of Minho # Copyright 2012 VMware, Inc. # Copyright 2013 Akira Yoshiyama <akirayoshiyama at gmail dot com> # Copyright 2013 Boris Pavlovic (boris@pavlovic.me). # Copyright 2013 Citrix Systems, Inc. # Copyright 2013 Cloudbase Solutions Srl # Copyright 2013 Hewlett-Packard Development Company, L.P. # Copyright 2013 Hewlett-Packard, Inc. # Copyright 2013 IBM Corp. # Copyright 2013 Josh Durgin # Copyright 2013 Metacloud Inc. # Copyright 2013 Metacloud, Inc # Copyright 2013 Mirantis, Inc. # Copyright 2013 Nebula, Inc. # Copyright 2013, Nebula, Inc. # Copyright 2013 Netease Corporation # Copyright 2013 Netease, LLC. # Copyright 2013 Nicira, Inc. # Copyright 2013 NTT DOCOMO, INC. # Copyright 2013 OpenStack Foundation # Copyright 2013 ORGANIZATION # Copyright 2013 Pedro Navarro Perez # Copyright 2013 Rackspace Hosting # Copyright 2013 Red Hat, Inc. # Copyright 2013 Wenhao Xu <xuwenhao2008@gmail.com>. # Copyright AT&T 2012-2013 Yun Mao <yunmao@gmail.com> # Copyright AT&T Labs Inc. 2012 Yun Mao <yunmao@gmail.com> With a little bit more effort, we could combine years and generate something that looks like a NOTICE file. With a little bit MORE effort, we could expand that to find attributions that are not attached to the Apache license. OR, we could add a NOTICE.in file to the source tree into which we could put explicit reference to things that are not Apache - such as included MIT/BSD code - and combine that file with the output of the script to form the final NOTICE file. Totally feasible to do, if it's something that people want.
Richard Fontana <rfontana@redhat.com> wrote:
On Fri, Apr 26, 2013 at 10:50:56AM +0100, Mark McLoughlin wrote:
Hmm, so we had a case recently where we were considering incorporating (2 clause) BSD licensed code in a project:
https://review.openstack.org/25531
What I wondered about was how to best comply (or rather, enable distributors of OpenStack in "binary form" to comply) with the second clause of the license:
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Do we just include that license (along with the copyright notice) in the project's LICENSE file? Does a NOTICE file serve do anything to help with this case?
The two ways to deal with this are to include the license information in the file incorporating the third-party code or to include it in some global file.
The ASF, as noted, is (or at least seems to be) using NOTICE files not just for attribution but also for global collection of third-party legal notices. Sphinx itself (just checking now) apparently uses its global LICENSE file similarly to store third-party license notices.
If one cares about theoretically making life as easy as possible for downstream distributors of 'binary form' versions, I suppose this global-legal-file approach is a preferable way to do that. The other approach (putting, or retaining, a notice in the source file) is the one I've tended to recommend (I suppose because it generally conveys more information, and because I consider it the responsibility of the downstream distributor to ensure that it is in compliance with all licenses). There's no right or wrong answer, but a consistent approach is a good idea.
Sphinx uses notices in individual source files that point to the global LICENSE file, which means if you're using excerpts of code from a Sphinx file you'd have to do more work than you would if the actual license text were already in the file, at least the way I see it. So here it would have been just as much work to make sure the file(s) in question had the 2-clause BSD license from Sphinx, as it would have been to put the same information in a global LICENSE or NOTICE file.
So the question raised by Dims boils down to whether OpenStack projects should include an *OpenStack* attribution notice in top-level NOTICE files. This would presumably be something analogous to standard ASF attribution notices, like:
This product includes software developed by the OpenStack Foundation (http://www.openstack.org/).
I'm not sure "developed by the OpenStack Foundation" rings true to me ... maybe "developed by the OpenStack project". The Foundation doesn't develop the code, it empowers/protects/promotes the project which develops the code.
That was my intuition too (though from someone who's still really an outside observer of OpenStack, so I wasn't sure I was right), and what I was alluding to at the end of my message. By contrast, to most ASF project developers, the wording of the ASF attribution notice presumably rings true.
But perhaps contributors to OpenStack projects feel otherwise. In a project like OpenStack that does not aggregate copyright ownership (and in which copyright ownership is getting increasingly diverse), perhaps some perceive a value to having an OpenStack-specific attribution notice.
Yes, you could imagine a case would be made for it, but it would be a new departure for the project. I'd rather such a move to be made as a reaction to us feeling we're not getting credit for our work rather than a "the ASF does it, maybe we should too?" discussion.
For a Red Hat perspective, FWIW, increasingly the Apache License 2.0 is being used for projects initiated by or maintained principally by Red Hat developers, but AFAICR we've thus far never used the NOTICE file attribution mechanism. The one case I can think of where we've considered adding it was for a project where the developers were miffed at a downstream proprietary commercial derivative product making significant reuse of the upstream code but apparently not giving any credit.
- RF
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss