[dev] Horde library license headers (notices from SUSE Legal) - please advise

Tue Aug 16 09:12:27 UTC 2011

Hi folks,

the legal review team for the openSUSE rpms has pointed out some more 
inconsistencies in license headers of some files. Some look like obvious 
copy/paste errors, I'm not sure with others. Details follow. Please advise.

Bug 712230 - GPL license in Apache-1.0 licensed horde4-mnemo

The package is apparently ASL-1.0 licensed but this notice was found in
lib/Application.php:

/**
 * Mnemo application API.
 *
 * This file defines Horde's core API interface. Other core Horde libraries
 * can interact with Mnemo through this API.
 *
 * Copyright 2010-2011 The Horde Project (http://www.horde.org/)
 *
 * See the enclosed file COPYING for license information (GPL). If you
 * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
 *
 * @package Mnemo
 */

There is no COPYING in the package. The GPL referred to in the link above is
the GPL-3.0 which would be compatible with ASL-2.0 but not with ASL-1.0. Also,
if the package does legitimately purport to include a GPL licensed
Application.php, it should also contain a copy of the license.

Upstream should confirm if they really intended Application.php to be GPL-3.0
or if this was an error.

STATUS: Resolved. I asked jan, he confirmed it's ASL and I changed in git.

---------------------------------------------

Summary: Canon.php from php5-pear-Horde_Image 1.0.4 contains GPL-2.0+ license 
Horde Image.

Horde_Image is LGPL (supposedly v2.1?) but all files in Exif/Parser/ are 
copyright 2003 Jake Olefsky GPLv2 - 
https://bugzilla.novell.com/show_bug.cgi?id=712242#c0

STATUS: Unsure. 
Please confirm if this is LGPL-2.1 or LGPL-3.0. 
Please confirm of the GPL headers can be removed.

They also want a license file included but I can do this locally in the rpm 
until we have decided if we ship license files with libraries (other thread)

---------------------------------------------

php5-pear-Horde_Ldap 1.1.2 declared LGPL-3.0 but contains no COPYING file 

This is the only package explicitly marked as LGPLv3 in package.xml.
(git blame says it's ben who set this)

Further evidence in source itself is in Ldap.php

They think LGPL-3.0 requires to ship a license file but we don't.

STATUS: I can add the file locally in the rpm until we have decided if we ship 
license files with libraries (other thread).

---------------------------------------------
Bug 712306 - Confirm licensing of php5-pear-Horde_Mime_Viewer 1.0.5

The spec file claims that the package is LGPL licensed. However, the file
lib/Horde/Mime/Viewer/Html.php contained the GPL license header shown below.
Also, there are matches for LGPL-3.0+ in js/syntaxhighlighter/LICENSE-LGPL -
this should also be added as a license in the spec file.

STATUS: Don't know, please advise. The js seems to be owned by somebody 
outside of horde and is dual-licensed MIT and LGPL-3.0 

The GPL reference in Html.php seems to be copy/paste bogus. If this is changed 
to LGPL, the package as a whole could qualify as LGPL-3.0. I don't see how 
this package can be LGPL-2.1 like most other horde framework libs without 
splitting off the js to a separate package. However, there is no explicit 
claim for this to be LGPL-2.1. 

---------------------------------------------
General: I would say let's have the discussion on file inclusion or not and 
which URLs to use in gunnar's separate thead "[dev] Copyright questions"

-- 
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537