Third party file inclusion in Openstack sushy project
Hi, I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4]. The questions: 1) Can I include these files in sushy project as they are? 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? 3) If not, can I process these files manually and type some code and include the derived code? 4) Is there something else? Regards, Aija [1] https://docs.openstack.org/sushy/latest/ [2] http://redfish.dmtf.org/schemas/registries/ [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json [4] https://www.dmtf.org/about/policies/copyright
I am the GC of OpenStack. We will need to review this information. For now please do not include Sent from my iPhone
On Jul 18, 2018, at 2:16 PM, "mail@clusums.eu" <mail@clusums.eu> wrote:
[EXTERNAL MESSAGE]
Hi,
I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4].
The questions: 1) Can I include these files in sushy project as they are? 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? 3) If not, can I process these files manually and type some code and include the derived code? 4) Is there something else?
Regards, Aija
[1] https://docs.openstack.org/sushy/latest/ [2] http://redfish.dmtf.org/schemas/registries/ [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json [4] https://www.dmtf.org/about/policies/copyright
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
Hi Aija, They don't list an open source license anywhere in those files or on their website, so by default you have to assume it's proprietary, and that means NO on your questions (1), (2), and (3). On your question (4), DMTF seems to be quite proud of the fact that open source projects use their technology [1], and even specifically call out Sushy on that list. So, I imagine they'd be responsive if you contact them and ask what license they meant to release those files under. If they release the files under the Apache 2.0 license, then the answer to (1) changes to YES. If it's some other license, then come back and check on this list to make sure the open source license DMTF is using is compatible with Apache 2.0. Just FYI, if (1) is a NO, then (2) and (3) wouldn't help, because the license of the original files would still apply to any code you derive from them, whether you do it with a script or manually. Allison [1] https://www.dmtf.org/standards/opensource On 07/18/2018 02:15 PM, mail@clusums.eu wrote:
Hi,
I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4].
The questions: 1) Can I include these files in sushy project as they are? 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? 3) If not, can I process these files manually and type some code and include the derived code? 4) Is there something else?
Regards, Aija
[1] https://docs.openstack.org/sushy/latest/ [2] http://redfish.dmtf.org/schemas/registries/ [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json [4] https://www.dmtf.org/about/policies/copyright
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
They are asking if BSD-3 license would be OK? Because "DMTF currently has a licensing policy for software that it must be BSD-3 licensed". Regards, Aija On 07/18/2018 09:46 PM, Allison Randal wrote:
Hi Aija,
They don't list an open source license anywhere in those files or on their website, so by default you have to assume it's proprietary, and that means NO on your questions (1), (2), and (3).
On your question (4), DMTF seems to be quite proud of the fact that open source projects use their technology [1], and even specifically call out Sushy on that list. So, I imagine they'd be responsive if you contact them and ask what license they meant to release those files under. If they release the files under the Apache 2.0 license, then the answer to (1) changes to YES. If it's some other license, then come back and check on this list to make sure the open source license DMTF is using is compatible with Apache 2.0.
Just FYI, if (1) is a NO, then (2) and (3) wouldn't help, because the license of the original files would still apply to any code you derive from them, whether you do it with a script or manually.
Allison
[1] https://www.dmtf.org/standards/opensource
On 07/18/2018 02:15 PM, mail@clusums.eu wrote:
Hi,
I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4].
The questions: 1) Can I include these files in sushy project as they are? 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? 3) If not, can I process these files manually and type some code and include the derived code? 4) Is there something else?
Regards, Aija
[1] https://docs.openstack.org/sushy/latest/ [2] http://redfish.dmtf.org/schemas/registries/ [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json [4] https://www.dmtf.org/about/policies/copyright
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
On 2018-07-18 22:30:43 +0300 (+0300), mail@clusums.eu wrote:
They are asking if BSD-3 license would be OK? Because "DMTF currently has a licensing policy for software that it must be BSD-3 licensed". [...]
[Disclaimer: I am not a lawyer.] https://governance.openstack.org/tc/reference/licensing.html indicates BSD licensed (this generally means 3-clause BSD) content is supported by the OpenStack Foundation's contributor license agreements. We have plenty of official OpenStack projects carrying 3-clause BSD and similarly licensed files, usually because they came from another project outside our ecosystem which used that license or were similarly derived from one. Of course, make sure in your repository you retain the original copyright and license of those files, but ideally also clearly indicate the situation in a prominent location (perhaps in your README or LICENSE). -- Jeremy Stanley
On 07/18/2018 02:15 PM, mail@clusums.eu wrote:
1) Can I include these files in sushy project as they are?
A clarification would be useful here: do you really need to commit a copy of the files into the sushy git repository? Most external dependencies in OpenStack projects are installed from remote sources during the build process (like, Python dependencies are installed from Python's normal archive for Python packages). Jeremy is right that the BSD licenses are generally considered compatible for use in Apache 2.0 projects. I'm guessing what Mark wants to review has more to due with copyright, since DMTF hasn't signed a contributor agreement with OpenStack Foundation. But, that wouldn't be a problem if you were just installing those files as an external dependency, instead of committing them into the git repository. It's also worth asking DMTF if they would mind putting a license notice somewhere in the software. A simple file named LICENSE containing a copy of the license text (located in http://redfish.dmtf.org/schemas/registries/) would be a good start. In future versions they could add a mention of the license to their README files, and might consider adding a License tag into the Copyright block of the JSON files. Allison
I agree with Allison's approach. Most importantly, we need to have the license in the file since currently they appear not to have a license. -----Original Message----- From: Allison Randal [mailto:allison@lohutok.net] Sent: Thursday, July 19, 2018 9:21 AM To: mail@clusums.eu; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Third party file inclusion in Openstack sushy project [EXTERNAL MESSAGE] On 07/18/2018 02:15 PM, mail@clusums.eu wrote:
1) Can I include these files in sushy project as they are?
A clarification would be useful here: do you really need to commit a copy of the files into the sushy git repository? Most external dependencies in OpenStack projects are installed from remote sources during the build process (like, Python dependencies are installed from Python's normal archive for Python packages). Jeremy is right that the BSD licenses are generally considered compatible for use in Apache 2.0 projects. I'm guessing what Mark wants to review has more to due with copyright, since DMTF hasn't signed a contributor agreement with OpenStack Foundation. But, that wouldn't be a problem if you were just installing those files as an external dependency, instead of committing them into the git repository. It's also worth asking DMTF if they would mind putting a license notice somewhere in the software. A simple file named LICENSE containing a copy of the license text (located in http://redfish.dmtf.org/schemas/registries/) would be a good start. In future versions they could add a mention of the license to their README files, and might consider adding a License tag into the Copyright block of the JSON files. Allison _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
A clarification would be useful here: do you really need to commit a copy of the files into the sushy git repository?
would this make any difference? It still would require to have OSI-approved licensed? Also, to clarify, these files are more like data files, rather code, and we need to bundle this together in sushy so users can use sushy when offline/behind firewall. Thanks, Aija
On 07/19/2018 03:25 PM, mail@clusums.eu wrote:
would this make any difference? It still would require to have OSI-approved licensed?
It would still require an OSI-approved license, yes, since the users can't even legally install proprietary files (code or data, since both are copyright protected). And, since you'd be installing it to use in an Apache 2.0 licensed project, it specifically needs to be a license that's compatible for use with Apache 2.0. But, yes, it makes a difference whether you commit a copy of the files into the sushy repository, rather than simply installing it together with sushy. Since the licenses are compatible, licensing doesn't make a difference here (though it could if we were dealing with something like the LGPL, which has different terms for code that's "linked" versus code that's "modified"). But other things like copyright and patents do still make a difference.
Also, to clarify, these files are more like data files, rather code, and we need to bundle this together in sushy so users can use sushy when offline/behind firewall.
I'm kind of surprised Redfish doesn't provide a standard install process for these registry data files, if it expects them to be installed for Redfish API clients. But, it shouldn't be a problem, anyway, you could: - provide a script that the user runs separately to download and install the DMTF files on the user's machine after they install sushy - or, automatically download the DMTF files the first time sushy uses them, and then cache them locally on the user's machine - or, if you're feeling more adventurous (because Python doesn't make it super easy, and I don't know of any other OpenStack projects using this feature): add a post-install script for setup.py that installs the DMTF files (https://docs.python.org/3.7/distutils/builtdist.html#the-postinstallation-sc...) Allison
Hi, thank you for all the help. DMTF came back and they are having concerns about adding software license to these type of files. They don't consider these files to be software, but to be documents (similar as specification of Redfish standard). They are going to update the copyright statement[1] to show this clarification. Would that help? Regards, Aija [1] https://www.dmtf.org/about/policies/copyright
On 07/30/2018 04:10 PM, mail@clusums.eu wrote:
Hi,
thank you for all the help.
DMTF came back and they are having concerns about adding software license to these type of files. They don't consider these files to be software, but to be documents (similar as specification of Redfish standard). They are going to update the copyright statement[1] to show this clarification.
Would that help?
Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants). You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files. Allison
I agree. -----Original Message----- From: Allison Randal [mailto:allison@lohutok.net] Sent: Monday, July 30, 2018 8:25 AM To: mail@clusums.eu; legal-discuss@lists.openstack.org Subject: Re: [legal-discuss] Third party file inclusion in Openstack sushy project [EXTERNAL MESSAGE] On 07/30/2018 04:10 PM, mail@clusums.eu wrote:
Hi,
thank you for all the help.
DMTF came back and they are having concerns about adding software license to these type of files. They don't consider these files to be software, but to be documents (similar as specification of Redfish standard). They are going to update the copyright statement[1] to show this clarification.
Would that help?
Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants). You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files. Allison _______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster@dlapiper.com. Thank you.
Hi, DMTF is looking at CC BY. Is that OK? It allows commercial use. When I'm looking at OSI approved licenses[1], CC does not come up. Is there a reason why? And about the file inclusion - FYI, in current version users will have to download the files themselves and configure sushy to the location where they are downloaded. This is not very user-friendly, and in future we might look at improving this somehow given that we also cannot always rely on users having access to the Internet during installation to download the files automatically. But for now this is how it will work. Regards, Aija [1] https://opensource.org/licenses/alphabetical On 07/30/2018 06:25 PM, Allison Randal wrote:
Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants).
You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files.
Allison
Hi Aija, Take a look at the Apache Software Foundation's notes on compatibility for CC BY: https://www.apache.org/legal/resolved.html#category-b The short version is that they consider CC BY compatible for including in Apache 2.0 licensed codebases, but view it as different enough to be worth some caution, and specifically: - they only include CC BY code in binary form (which doesn't make any sense here, since there is no binary form for the DMTF data files) - they provide a prominent notice of the different licensing for any files under CC BY What this means for you is that your current method of having the users download and install the files manually is totally fine with a CC BY license, it grants all the permissions the users need. You could also set up some tools to automatically download and install the files as part of the sushy installation process, as we talked about earlier in this email thread, and that would be totally fine with a CC BY license. Committing the DMTF files to a sushy git repository is more complicated, and while it may be fine, it's more of a legal gray area, so Mark Radcliffe would need to review and determine whether OpenStack Foundation can do that, and if so what additional notices or limitations should be applied to those files (similar to how the Apache Software Foundation requires the prominent notice, etc). The reason no CC licenses appear on the OSI approved list is that the OSI only reviews open source software licenses, and the CC licenses aren't for software, they're for content (like images, text, data, etc). Some CC licenses are compatible with some OSI approved software licenses. Allison On 08/13/2018 02:57 PM, mail@clusums.eu wrote:
Hi,
DMTF is looking at CC BY. Is that OK? It allows commercial use.
When I'm looking at OSI approved licenses[1], CC does not come up. Is there a reason why?
And about the file inclusion - FYI, in current version users will have to download the files themselves and configure sushy to the location where they are downloaded. This is not very user-friendly, and in future we might look at improving this somehow given that we also cannot always rely on users having access to the Internet during installation to download the files automatically. But for now this is how it will work.
Regards,
Aija
[1] https://opensource.org/licenses/alphabetical
On 07/30/2018 06:25 PM, Allison Randal wrote:
Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants).
You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files.
Allison
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
ok, thank you. For now will go with CC BY. If it is decided to include the files in sushy repository this will be revisited, but at the moment there is no plan to include those files in sushy repo. Regards, Aija On 08/13/2018 05:01 PM, Allison Randal wrote:
Hi Aija,
Take a look at the Apache Software Foundation's notes on compatibility for CC BY:
https://www.apache.org/legal/resolved.html#category-b
The short version is that they consider CC BY compatible for including in Apache 2.0 licensed codebases, but view it as different enough to be worth some caution, and specifically:
- they only include CC BY code in binary form (which doesn't make any sense here, since there is no binary form for the DMTF data files) - they provide a prominent notice of the different licensing for any files under CC BY
What this means for you is that your current method of having the users download and install the files manually is totally fine with a CC BY license, it grants all the permissions the users need. You could also set up some tools to automatically download and install the files as part of the sushy installation process, as we talked about earlier in this email thread, and that would be totally fine with a CC BY license. Committing the DMTF files to a sushy git repository is more complicated, and while it may be fine, it's more of a legal gray area, so Mark Radcliffe would need to review and determine whether OpenStack Foundation can do that, and if so what additional notices or limitations should be applied to those files (similar to how the Apache Software Foundation requires the prominent notice, etc).
The reason no CC licenses appear on the OSI approved list is that the OSI only reviews open source software licenses, and the CC licenses aren't for software, they're for content (like images, text, data, etc). Some CC licenses are compatible with some OSI approved software licenses.
Allison
On 08/13/2018 02:57 PM, mail@clusums.eu wrote:
Hi,
DMTF is looking at CC BY. Is that OK? It allows commercial use.
When I'm looking at OSI approved licenses[1], CC does not come up. Is there a reason why?
And about the file inclusion - FYI, in current version users will have to download the files themselves and configure sushy to the location where they are downloaded. This is not very user-friendly, and in future we might look at improving this somehow given that we also cannot always rely on users having access to the Internet during installation to download the files automatically. But for now this is how it will work.
Regards,
Aija
[1] https://opensource.org/licenses/alphabetical
On 07/30/2018 06:25 PM, Allison Randal wrote:
Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants).
You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files.
Allison
_______________________________________________ legal-discuss mailing list legal-discuss@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss
DMTF came back and they were expecting that CC BY would be sufficient for including files in sushy repo. While at the moment we don't plan to include the files, what would be necessary to determine if in future CC BY would allow to include the files in sushy repo? Regards, Aija On 08/13/2018 05:01 PM, Allison Randal wrote:
Committing the DMTF files to a sushy git repository is more complicated, and while it may be fine, it's more of a legal gray area, so Mark Radcliffe would need to review and determine whether OpenStack Foundation can do that, and if so what additional notices or limitations should be applied to those files (similar to how the Apache Software Foundation requires the prominent notice, etc).
On 2018-08-13 21:23:53 +0300 (+0300), mail@clusums.eu wrote:
DMTF came back and they were expecting that CC BY would be sufficient for including files in sushy repo. While at the moment we don't plan to include the files, what would be necessary to determine if in future CC BY would allow to include the files in sushy repo? [...]
Because sushy is an official OpenStack Ironic deliverable, the OpenStack Technical Committee considers matters like this on a case-by-case basis with the help of the OpenStack Foundation legal counsel as mentioned in the last sentence here: https://governance.openstack.org/tc/reference/licensing.html Though in the case of CC-BY3 we already have some precedent for including documentation source under this license in repositories which are primarily ASL2, for example in the oslo.messaging repository you can find some: https://git.openstack.org/cgit/openstack/oslo.messaging/tree/doc/source/cont... Note that at their October 15, 2012 meeting the OpenStack Foundation Board of Directors resolved that the Creative Commons CC-BY license was approved for documentation and similar site content: https://wiki.openstack.org/wiki/Governance/Foundation/15Oct2012BoardMinutes#.... As such the vast majority of our documentation repositories are already blanket CC-BY3 (with the exception of inline software source code examples and associated build tooling) as are bits of documentation in software source code repositories (e.g. oslo.messaging), so hopefully it wouldn't need a significant amount of deliberation to treat embedded data copies in a similar fashion. -- Jeremy Stanley
Hi, thank you for clarifications. I talked with other developers in Ironic project if sushy really needs these files to be included in the repo and they say that many operators use or test Ironic where there is no Internet access. Thus eventually it would be more user-friendly to include the files in the repo rather than downloading them manually or automatically. Can the tech committee review this case to include JSON files from [1] in sushy repository given that they will have CC BY applied or is there any other way to proceed to review this? Regards, Aija [1] https://redfish.dmtf.org/schemas/registries/ On 08/13/2018 10:24 PM, Jeremy Stanley wrote:
Because sushy is an official OpenStack Ironic deliverable, the OpenStack Technical Committee considers matters like this on a case-by-case basis with the help of the OpenStack Foundation legal counsel as mentioned in the last sentence here:
Excerpts from Jeremy Stanley's message of 2018-08-13 19:24:35 +0000:
On 2018-08-13 21:23:53 +0300 (+0300), mail@clusums.eu wrote:
DMTF came back and they were expecting that CC BY would be sufficient for including files in sushy repo. While at the moment we don't plan to include the files, what would be necessary to determine if in future CC BY would allow to include the files in sushy repo? [...]
Because sushy is an official OpenStack Ironic deliverable, the OpenStack Technical Committee considers matters like this on a case-by-case basis with the help of the OpenStack Foundation legal counsel as mentioned in the last sentence here:
https://governance.openstack.org/tc/reference/licensing.html
Though in the case of CC-BY3 we already have some precedent for including documentation source under this license in repositories which are primarily ASL2, for example in the oslo.messaging repository you can find some:
https://git.openstack.org/cgit/openstack/oslo.messaging/tree/doc/source/cont...
Note that at their October 15, 2012 meeting the OpenStack Foundation Board of Directors resolved that the Creative Commons CC-BY license was approved for documentation and similar site content:
https://wiki.openstack.org/wiki/Governance/Foundation/15Oct2012BoardMinutes#....
As such the vast majority of our documentation repositories are already blanket CC-BY3 (with the exception of inline software source code examples and associated build tooling) as are bits of documentation in software source code repositories (e.g. oslo.messaging), so hopefully it wouldn't need a significant amount of deliberation to treat embedded data copies in a similar fashion.
Given that we're talking about data, not code, that the Redfish folks seem to want to allow this sort of use, that we have several precedents, and that (as Allison points out) the Apache foundation considers CC-BY compatible as long as there is "prominent notice of the different licensing for any files under CC BY" I don't really see a problem. Does anyone think there is any reason not to let the Sushy team go ahead and include the file, as planned? Doug
Excerpts from Doug Hellmann's message of 2018-08-15 15:05:29 -0400:
Excerpts from Jeremy Stanley's message of 2018-08-13 19:24:35 +0000:
On 2018-08-13 21:23:53 +0300 (+0300), mail@clusums.eu wrote:
DMTF came back and they were expecting that CC BY would be sufficient for including files in sushy repo. While at the moment we don't plan to include the files, what would be necessary to determine if in future CC BY would allow to include the files in sushy repo? [...]
Because sushy is an official OpenStack Ironic deliverable, the OpenStack Technical Committee considers matters like this on a case-by-case basis with the help of the OpenStack Foundation legal counsel as mentioned in the last sentence here:
https://governance.openstack.org/tc/reference/licensing.html
Though in the case of CC-BY3 we already have some precedent for including documentation source under this license in repositories which are primarily ASL2, for example in the oslo.messaging repository you can find some:
https://git.openstack.org/cgit/openstack/oslo.messaging/tree/doc/source/cont...
Note that at their October 15, 2012 meeting the OpenStack Foundation Board of Directors resolved that the Creative Commons CC-BY license was approved for documentation and similar site content:
https://wiki.openstack.org/wiki/Governance/Foundation/15Oct2012BoardMinutes#....
As such the vast majority of our documentation repositories are already blanket CC-BY3 (with the exception of inline software source code examples and associated build tooling) as are bits of documentation in software source code repositories (e.g. oslo.messaging), so hopefully it wouldn't need a significant amount of deliberation to treat embedded data copies in a similar fashion.
Given that we're talking about data, not code, that the Redfish folks seem to want to allow this sort of use, that we have several precedents, and that (as Allison points out) the Apache foundation considers CC-BY compatible as long as there is "prominent notice of the different licensing for any files under CC BY" I don't really see a problem.
Does anyone think there is any reason not to let the Sushy team go ahead and include the file, as planned?
Doug
We discussed this during today's TC office hours [1], and given that we have many reasons why this looks OK and no clear indication from anyone that it is not, we told the Sushy team to proceed and include the file. We suggested updating the LICENSE file and adding a release note as a minimum way to conform with the BY clause in the license for the data file. Doug [1] http://eavesdrop.openstack.org/irclogs/%23openstack-tc/%23openstack-tc.2018-...
participants (5)
-
Allison Randal
-
Doug Hellmann
-
Jeremy Stanley
-
mail@clusums.eu
-
Radcliffe, Mark