Hi all, the PR 943232 to puppet-horizon led to an interesting IRC discussion with Takashi and Tobias about the (not) usage of the Apache license header in Puppet manifests. Actually the OpenStack puppet-* modules have the LICENSE file and almost all the Puppet manifests do NOT have an header on top to state the license. On one hand Apache license help <https://www.apache.org/legal/apply-license.html#new> states that "Each original source document (code and documentation, but not the LICENSE and NOTICE files) should include a short license header at the top"; on the other hand a lot of Puppet modules on the Forge seems to not use it (including Puppetlabs' and Puppet's). Are we missing something in interpreting the license or should we add the license header on top of all files? Thanks in advance -- Francesco Di Nucci System Administrator Compute & Networking Service, INFN Naples Email:francesco.dinucci@na.infn.it
On 2025-03-04 14:29:14 +0100 (+0100), Francesco Di Nucci wrote:
the PR 943232 to puppet-horizon led to an interesting IRC discussion with Takashi and Tobias about the (not) usage of the Apache license header in Puppet manifests.
Actually the OpenStack puppet-* modules have the LICENSE file and almost all the Puppet manifests do NOT have an header on top to state the license.
On one hand Apache license help <https://www.apache.org/legal/apply-license.html#new> states that "Each original source document (code and documentation, but not the LICENSE and NOTICE files) should include a short license header at the top"; on the other hand a lot of Puppet modules on the Forge seems to not use it (including Puppetlabs' and Puppet's).
Are we missing something in interpreting the license or should we add the license header on top of all files?
[I am not a lawyer, and while I am on the staff of the OpenInfra Foundation I'm not officially replying on their behalf either.] For the record, https://review.opendev.org/943232 is doing more than just removing the Apache License comment, it's *also* removing declarations of copyright from files in some cases. https://docs.openstack.org/project-team-guide/legal-issues-faq.html#copyrigh... is sort of vague on this point, but our community has generally held that existing copyright declarations should not be removed or changed except by (or with explicit permission from) the party named therein. As for the Apache License headers themselves, our projects typically follow the guidance you linked and add it to the top of any file of substance, but also include a LICENSE file in the top directory of every Git repository as a fallback in case any files are accidentally overlooked. Some projects in OpenStack even go so far as to check this with a CI job on every new change, using this routine in the hacking tool: https://opendev.org/openstack/hacking/src/branch/master/hacking/tests/checks... Hope that helps! -- Jeremy Stanley
So also not a lawyer, but thoughts in-line below. On Wed, Mar 5, 2025 at 8:43 AM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2025-03-04 14:29:14 +0100 (+0100), Francesco Di Nucci wrote:
the PR 943232 to puppet-horizon led to an interesting IRC discussion with Takashi and Tobias about the (not) usage of the Apache license header in Puppet manifests.
Actually the OpenStack puppet-* modules have the LICENSE file and almost all the Puppet manifests do NOT have an header on top to state the license.
On one hand Apache license help <https://www.apache.org/legal/apply-license.html#new> states that "Each original source document (code and documentation, but not the LICENSE and NOTICE files) should include a short license header at the top"; on the other hand a lot of Puppet modules on the Forge seems to not use it (including Puppetlabs' and Puppet's).
The key here is the world "should". Which is not "must" or "shall". You should, but it is not required. The key is forward attribution though. If the file is copied/re-packaged and somehow the LICENSE is stripped, then that could be problematic. Hence, use of the word "should".
Are we missing something in interpreting the license or should we add the license header on top of all files?
I would take it as optional based upon that and prior guidance.
[I am not a lawyer, and while I am on the staff of the OpenInfra Foundation I'm not officially replying on their behalf either.]
For the record, https://review.opendev.org/943232 is doing more than just removing the Apache License comment, it's *also* removing declarations of copyright from files in some cases. https://docs.openstack.org/project-team-guide/legal-issues-faq.html#copyrigh... is sort of vague on this point, but our community has generally held that existing copyright declarations should not be removed or changed except by (or with explicit permission from) the party named therein.
This is the actual problem, and I'm meaning the removal of the copyright stamp on the content. Not the state of the document which does sort of cover the generality. While I am not a lawyer, and while rights attribution can be identified through the git history, some organizations require stamping of files being contributed to and/or being heavily modified. I think future contributors should be respecting that *and* feel free to add their own if necessary. Outright removal is, in my opinion, wrong.
As for the Apache License headers themselves, our projects typically follow the guidance you linked and add it to the top of any file of substance, but also include a LICENSE file in the top directory of every Git repository as a fallback in case any files are accidentally overlooked. Some projects in OpenStack even go so far as to check this with a CI job on every new change, using this routine in the hacking tool: https://opendev.org/openstack/hacking/src/branch/master/hacking/tests/checks...
Hope that helps! -- Jeremy Stanley _______________________________________________ legal-discuss mailing list -- legal-discuss@lists.openstack.org To unsubscribe send an email to legal-discuss-leave@lists.openstack.org
Thank you both, so if I understand correctly, as long as previous copyright declaration are kept in place (unless removed by/with consent of the involved party), adding headers is optional? -- Francesco Di Nucci System Administrator Compute & Networking Service, INFN Naples Email: francesco.dinucci@na.infn.it On 05/03/25 18:32, Julia Kreger wrote:
So also not a lawyer, but thoughts in-line below.
On Wed, Mar 5, 2025 at 8:43 AM Jeremy Stanley <fungi@yuggoth.org> wrote:
On 2025-03-04 14:29:14 +0100 (+0100), Francesco Di Nucci wrote:
the PR 943232 to puppet-horizon led to an interesting IRC discussion with Takashi and Tobias about the (not) usage of the Apache license header in Puppet manifests.
Actually the OpenStack puppet-* modules have the LICENSE file and almost all the Puppet manifests do NOT have an header on top to state the license.
On one hand Apache license help <https://www.apache.org/legal/apply-license.html#new> states that "Each original source document (code and documentation, but not the LICENSE and NOTICE files) should include a short license header at the top"; on the other hand a lot of Puppet modules on the Forge seems to not use it (including Puppetlabs' and Puppet's).
The key here is the world "should". Which is not "must" or "shall".
You should, but it is not required. The key is forward attribution though. If the file is copied/re-packaged and somehow the LICENSE is stripped, then that could be problematic. Hence, use of the word "should".
Are we missing something in interpreting the license or should we add the license header on top of all files? I would take it as optional based upon that and prior guidance.
[I am not a lawyer, and while I am on the staff of the OpenInfra Foundation I'm not officially replying on their behalf either.]
For the record, https://review.opendev.org/943232 is doing more than just removing the Apache License comment, it's *also* removing declarations of copyright from files in some cases. https://docs.openstack.org/project-team-guide/legal-issues-faq.html#copyrigh... is sort of vague on this point, but our community has generally held that existing copyright declarations should not be removed or changed except by (or with explicit permission from) the party named therein.
This is the actual problem, and I'm meaning the removal of the copyright stamp on the content. Not the state of the document which does sort of cover the generality. While I am not a lawyer, and while rights attribution can be identified through the git history, some organizations require stamping of files being contributed to and/or being heavily modified. I think future contributors should be respecting that *and* feel free to add their own if necessary. Outright removal is, in my opinion, wrong.
As for the Apache License headers themselves, our projects typically follow the guidance you linked and add it to the top of any file of substance, but also include a LICENSE file in the top directory of every Git repository as a fallback in case any files are accidentally overlooked. Some projects in OpenStack even go so far as to check this with a CI job on every new change, using this routine in the hacking tool: https://opendev.org/openstack/hacking/src/branch/master/hacking/tests/checks...
Hope that helps! -- Jeremy Stanley _______________________________________________ legal-discuss mailing list -- legal-discuss@lists.openstack.org To unsubscribe send an email to legal-discuss-leave@lists.openstack.org
legal-discuss mailing list -- legal-discuss@lists.openstack.org To unsubscribe send an email to legal-discuss-leave@lists.openstack.org
On 2025-03-06 09:15:29 +0100 (+0100), Francesco Di Nucci wrote: [...]
so if I understand correctly, as long as previous copyright declaration are kept in place (unless removed by/with consent of the involved party), adding headers is optional? [...]
That matches my layperson's (not-a-lawyer) understanding, yes. It's not strictly required, addition of the Apache License notice at the top of every file is only very strongly recommended. If we get guidance from actual lawyers then we should add that to OpenStack's Legal Issues FAQ[*], and if the TC wants to impose stricter rules then their Licensing Requirements[**] would be a good place to indicate that. I'll make sure to bring this discussion to their attention. [*] https://docs.openstack.org/project-team-guide/legal-issues-faq.html [**] https://governance.openstack.org/tc/reference/licensing.html -- Jeremy Stanley
participants (3)
-
Francesco Di Nucci
-
Jeremy Stanley
-
Julia Kreger