From mail at clusums.eu Wed Jul 18 18:15:35 2018 From: mail at clusums.eu (mail at clusums.eu) Date: Wed, 18 Jul 2018 21:15:35 +0300 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project Message-ID: Hi, I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4]. The questions: 1) Can I include these files in sushy project as they are? 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? 3) If not, can I process these files manually and type some code and include the derived code? 4) Is there something else? Regards, Aija [1] https://docs.openstack.org/sushy/latest/ [2] http://redfish.dmtf.org/schemas/registries/ [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json [4] https://www.dmtf.org/about/policies/copyright From Mark.Radcliffe at dlapiper.com Wed Jul 18 18:43:03 2018 From: Mark.Radcliffe at dlapiper.com (Radcliffe, Mark) Date: Wed, 18 Jul 2018 18:43:03 +0000 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: Message-ID: <35B1C917-C8C0-48CC-AE80-17C8E74C6B4D@dlapiper.com> I am the GC of OpenStack. We will need to review this information. For now please do not include Sent from my iPhone > On Jul 18, 2018, at 2:16 PM, "mail at clusums.eu" wrote: > > [EXTERNAL MESSAGE] > > Hi, > > I'm working on sushy project[1] and I want to know if I can include some third-party files in the project and distribute the project together with these files. > The files in question are JSON files here [2], for example, [3]. They do not have any license specified, but they have "Copyright 2014-2015, 2017 Distributed Management Task Force, Inc. (DMTF). All rights reserved.". This corresponds to full copyright notice at [4]. > > The questions: > 1) Can I include these files in sushy project as they are? > 2) If not, can I process these files automatically using a script and derive some code from these files and include the derived code in sushy project? > 3) If not, can I process these files manually and type some code and include the derived code? > 4) Is there something else? > > Regards, > Aija > > > [1] https://docs.openstack.org/sushy/latest/ > [2] http://redfish.dmtf.org/schemas/registries/ > [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json > [4] https://www.dmtf.org/about/policies/copyright > > > _______________________________________________ > legal-discuss mailing list > legal-discuss at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss > Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com. Thank you. From allison at lohutok.net Wed Jul 18 18:46:27 2018 From: allison at lohutok.net (Allison Randal) Date: Wed, 18 Jul 2018 14:46:27 -0400 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: Message-ID: Hi Aija, They don't list an open source license anywhere in those files or on their website, so by default you have to assume it's proprietary, and that means NO on your questions (1), (2), and (3). On your question (4), DMTF seems to be quite proud of the fact that open source projects use their technology [1], and even specifically call out Sushy on that list. So, I imagine they'd be responsive if you contact them and ask what license they meant to release those files under. If they release the files under the Apache 2.0 license, then the answer to (1) changes to YES. If it's some other license, then come back and check on this list to make sure the open source license DMTF is using is compatible with Apache 2.0. Just FYI, if (1) is a NO, then (2) and (3) wouldn't help, because the license of the original files would still apply to any code you derive from them, whether you do it with a script or manually. Allison [1] https://www.dmtf.org/standards/opensource On 07/18/2018 02:15 PM, mail at clusums.eu wrote: > Hi, > > I'm working on sushy project[1] and I want to know if I can include some > third-party files in the project and distribute the project together > with these files. > The files in question are JSON files here [2], for example, [3]. They do > not have any license specified, but they have "Copyright 2014-2015, 2017 > Distributed Management Task Force, Inc. (DMTF). All rights reserved.". > This corresponds to full copyright notice at [4]. > > The questions: > 1) Can I include these files in sushy project as they are? > 2) If not, can I process these files automatically using a script and > derive some code from these files and include the derived code in sushy > project? > 3) If not, can I process these files manually and type some code and > include the derived code? > 4) Is there something else? > > Regards, > Aija > > > [1] https://docs.openstack.org/sushy/latest/ > [2] http://redfish.dmtf.org/schemas/registries/ > [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json > [4] https://www.dmtf.org/about/policies/copyright > > > _______________________________________________ > legal-discuss mailing list > legal-discuss at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss From mail at clusums.eu Wed Jul 18 19:30:43 2018 From: mail at clusums.eu (mail at clusums.eu) Date: Wed, 18 Jul 2018 22:30:43 +0300 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: Message-ID: They are asking if BSD-3 license would be OK? Because "DMTF currently has a licensing policy for software that it must be BSD-3 licensed". Regards, Aija On 07/18/2018 09:46 PM, Allison Randal wrote: > Hi Aija, > > They don't list an open source license anywhere in those files or on > their website, so by default you have to assume it's proprietary, and > that means NO on your questions (1), (2), and (3). > > On your question (4), DMTF seems to be quite proud of the fact that open > source projects use their technology [1], and even specifically call out > Sushy on that list. So, I imagine they'd be responsive if you contact > them and ask what license they meant to release those files under. If > they release the files under the Apache 2.0 license, then the answer to > (1) changes to YES. If it's some other license, then come back and check > on this list to make sure the open source license DMTF is using is > compatible with Apache 2.0. > > > Just FYI, if (1) is a NO, then (2) and (3) wouldn't help, because the > license of the original files would still apply to any code you derive > from them, whether you do it with a script or manually. > > Allison > > [1] https://www.dmtf.org/standards/opensource > > On 07/18/2018 02:15 PM, mail at clusums.eu wrote: >> Hi, >> >> I'm working on sushy project[1] and I want to know if I can include some >> third-party files in the project and distribute the project together >> with these files. >> The files in question are JSON files here [2], for example, [3]. They do >> not have any license specified, but they have "Copyright 2014-2015, 2017 >> Distributed Management Task Force, Inc. (DMTF). All rights reserved.". >> This corresponds to full copyright notice at [4]. >> >> The questions: >> 1) Can I include these files in sushy project as they are? >> 2) If not, can I process these files automatically using a script and >> derive some code from these files and include the derived code in sushy >> project? >> 3) If not, can I process these files manually and type some code and >> include the derived code? >> 4) Is there something else? >> >> Regards, >> Aija >> >> >> [1] https://docs.openstack.org/sushy/latest/ >> [2] http://redfish.dmtf.org/schemas/registries/ >> [3] http://redfish.dmtf.org/schemas/registries/Base.1.2.0.json >> [4] https://www.dmtf.org/about/policies/copyright >> >> >> _______________________________________________ >> legal-discuss mailing list >> legal-discuss at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss From fungi at yuggoth.org Thu Jul 19 01:47:21 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Thu, 19 Jul 2018 01:47:21 +0000 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: Message-ID: <20180719014720.l5fqxx73omk2wiei@yuggoth.org> On 2018-07-18 22:30:43 +0300 (+0300), mail at clusums.eu wrote: > They are asking if BSD-3 license would be OK? > Because "DMTF currently has a licensing policy for software that it must be > BSD-3 licensed". [...] [Disclaimer: I am not a lawyer.] https://governance.openstack.org/tc/reference/licensing.html indicates BSD licensed (this generally means 3-clause BSD) content is supported by the OpenStack Foundation's contributor license agreements. We have plenty of official OpenStack projects carrying 3-clause BSD and similarly licensed files, usually because they came from another project outside our ecosystem which used that license or were similarly derived from one. Of course, make sure in your repository you retain the original copyright and license of those files, but ideally also clearly indicate the situation in a prominent location (perhaps in your README or LICENSE). -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From allison at lohutok.net Thu Jul 19 16:21:10 2018 From: allison at lohutok.net (Allison Randal) Date: Thu, 19 Jul 2018 12:21:10 -0400 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: Message-ID: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> On 07/18/2018 02:15 PM, mail at clusums.eu wrote: > > 1) Can I include these files in sushy project as they are? A clarification would be useful here: do you really need to commit a copy of the files into the sushy git repository? Most external dependencies in OpenStack projects are installed from remote sources during the build process (like, Python dependencies are installed from Python's normal archive for Python packages). Jeremy is right that the BSD licenses are generally considered compatible for use in Apache 2.0 projects. I'm guessing what Mark wants to review has more to due with copyright, since DMTF hasn't signed a contributor agreement with OpenStack Foundation. But, that wouldn't be a problem if you were just installing those files as an external dependency, instead of committing them into the git repository. It's also worth asking DMTF if they would mind putting a license notice somewhere in the software. A simple file named LICENSE containing a copy of the license text (located in http://redfish.dmtf.org/schemas/registries/) would be a good start. In future versions they could add a mention of the license to their README files, and might consider adding a License tag into the Copyright block of the JSON files. Allison From Mark.Radcliffe at dlapiper.com Thu Jul 19 16:38:45 2018 From: Mark.Radcliffe at dlapiper.com (Radcliffe, Mark) Date: Thu, 19 Jul 2018 16:38:45 +0000 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> Message-ID: I agree with Allison's approach. Most importantly, we need to have the license in the file since currently they appear not to have a license. -----Original Message----- From: Allison Randal [mailto:allison at lohutok.net] Sent: Thursday, July 19, 2018 9:21 AM To: mail at clusums.eu; legal-discuss at lists.openstack.org Subject: Re: [legal-discuss] Third party file inclusion in Openstack sushy project [EXTERNAL MESSAGE] On 07/18/2018 02:15 PM, mail at clusums.eu wrote: > > 1) Can I include these files in sushy project as they are? A clarification would be useful here: do you really need to commit a copy of the files into the sushy git repository? Most external dependencies in OpenStack projects are installed from remote sources during the build process (like, Python dependencies are installed from Python's normal archive for Python packages). Jeremy is right that the BSD licenses are generally considered compatible for use in Apache 2.0 projects. I'm guessing what Mark wants to review has more to due with copyright, since DMTF hasn't signed a contributor agreement with OpenStack Foundation. But, that wouldn't be a problem if you were just installing those files as an external dependency, instead of committing them into the git repository. It's also worth asking DMTF if they would mind putting a license notice somewhere in the software. A simple file named LICENSE containing a copy of the license text (located in http://redfish.dmtf.org/schemas/registries/) would be a good start. In future versions they could add a mention of the license to their README files, and might consider adding a License tag into the Copyright block of the JSON files. Allison _______________________________________________ legal-discuss mailing list legal-discuss at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com. Thank you. From mail at clusums.eu Thu Jul 19 19:25:16 2018 From: mail at clusums.eu (mail at clusums.eu) Date: Thu, 19 Jul 2018 22:25:16 +0300 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> Message-ID: <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> > A clarification would be useful here: do you really need to commit a > copy of the files into the sushy git repository? would this make any difference? It still would require to have OSI-approved licensed? Also, to clarify, these files are more like data files, rather code, and we need to bundle this together in sushy so users can use sushy when offline/behind firewall. Thanks, Aija -------------- next part -------------- An HTML attachment was scrubbed... URL: From allison at lohutok.net Sat Jul 21 16:07:06 2018 From: allison at lohutok.net (Allison Randal) Date: Sat, 21 Jul 2018 12:07:06 -0400 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> Message-ID: <7cd0b720-09a2-f49c-a404-09d10c36bf3f@lohutok.net> On 07/19/2018 03:25 PM, mail at clusums.eu wrote: > > would this make any difference? It still would require to have > OSI-approved licensed? It would still require an OSI-approved license, yes, since the users can't even legally install proprietary files (code or data, since both are copyright protected). And, since you'd be installing it to use in an Apache 2.0 licensed project, it specifically needs to be a license that's compatible for use with Apache 2.0. But, yes, it makes a difference whether you commit a copy of the files into the sushy repository, rather than simply installing it together with sushy. Since the licenses are compatible, licensing doesn't make a difference here (though it could if we were dealing with something like the LGPL, which has different terms for code that's "linked" versus code that's "modified"). But other things like copyright and patents do still make a difference. > Also, to clarify, these files are more like data files, rather code, and > we need to bundle this together in sushy so users can use sushy when > offline/behind firewall. I'm kind of surprised Redfish doesn't provide a standard install process for these registry data files, if it expects them to be installed for Redfish API clients. But, it shouldn't be a problem, anyway, you could: - provide a script that the user runs separately to download and install the DMTF files on the user's machine after they install sushy - or, automatically download the DMTF files the first time sushy uses them, and then cache them locally on the user's machine - or, if you're feeling more adventurous (because Python doesn't make it super easy, and I don't know of any other OpenStack projects using this feature): add a post-install script for setup.py that installs the DMTF files (https://docs.python.org/3.7/distutils/builtdist.html#the-postinstallation-script) Allison From mail at clusums.eu Mon Jul 30 15:10:43 2018 From: mail at clusums.eu (mail at clusums.eu) Date: Mon, 30 Jul 2018 18:10:43 +0300 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: <7cd0b720-09a2-f49c-a404-09d10c36bf3f@lohutok.net> References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> <7cd0b720-09a2-f49c-a404-09d10c36bf3f@lohutok.net> Message-ID: <15d4bf68-b3cb-5128-c507-e352a991cd62@clusums.eu> Hi, thank you for all the help. DMTF came back and they are having concerns about adding software license to these type of files. They don't consider these files to be software, but to be documents (similar as specification of Redfish standard). They are going to update the copyright statement[1] to show this clarification. Would that help? Regards, Aija [1] https://www.dmtf.org/about/policies/copyright From allison at lohutok.net Mon Jul 30 15:25:23 2018 From: allison at lohutok.net (Allison Randal) Date: Mon, 30 Jul 2018 16:25:23 +0100 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: <15d4bf68-b3cb-5128-c507-e352a991cd62@clusums.eu> References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> <7cd0b720-09a2-f49c-a404-09d10c36bf3f@lohutok.net> <15d4bf68-b3cb-5128-c507-e352a991cd62@clusums.eu> Message-ID: <2591b21e-6c2f-166a-35a4-13708370c9c6@lohutok.net> On 07/30/2018 04:10 PM, mail at clusums.eu wrote: > Hi, > > thank you for all the help. > > DMTF came back and they are having concerns about adding software > license to these type of files. They don't consider these files to be > software, but to be documents (similar as specification of Redfish > standard). > They are going to update the copyright statement[1] to show this > clarification. > > Would that help? Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants). You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files. Allison From Mark.Radcliffe at dlapiper.com Mon Jul 30 15:39:43 2018 From: Mark.Radcliffe at dlapiper.com (Radcliffe, Mark) Date: Mon, 30 Jul 2018 15:39:43 +0000 Subject: [legal-discuss] Third party file inclusion in Openstack sushy project In-Reply-To: <2591b21e-6c2f-166a-35a4-13708370c9c6@lohutok.net> References: <175a2b19-732f-2bcf-9801-d566005afece@lohutok.net> <5418f651-6c0b-0c93-8a61-234b812e08fe@clusums.eu> <7cd0b720-09a2-f49c-a404-09d10c36bf3f@lohutok.net> <15d4bf68-b3cb-5128-c507-e352a991cd62@clusums.eu> <2591b21e-6c2f-166a-35a4-13708370c9c6@lohutok.net> Message-ID: I agree. -----Original Message----- From: Allison Randal [mailto:allison at lohutok.net] Sent: Monday, July 30, 2018 8:25 AM To: mail at clusums.eu; legal-discuss at lists.openstack.org Subject: Re: [legal-discuss] Third party file inclusion in Openstack sushy project [EXTERNAL MESSAGE] On 07/30/2018 04:10 PM, mail at clusums.eu wrote: > Hi, > > thank you for all the help. > > DMTF came back and they are having concerns about adding software > license to these type of files. They don't consider these files to be > software, but to be documents (similar as specification of Redfish > standard). > They are going to update the copyright statement[1] to show this > clarification. > > Would that help? Well, documents are copyrighted just like code, so DMTF would need to say what license they're releasing the documents under. Creative Commons licenses are popular for documents and data. Some Creative Commons licenses are compatible with Apache 2.0 (make sure it isn't one of the "Non-Commercial" variants). You're still better off having users download the DMTF files separately. And, no matter how the users get the files, DMTF needs to release the files under some form of open content or open data license, so the users have permission to use the files. Allison _______________________________________________ legal-discuss mailing list legal-discuss at lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/legal-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmaster at dlapiper.com. Thank you.