[dev] Horde library license headers (notices from SUSE Legal) - please advise

Michael J Rubinsky mrubinsk at horde.org
Sat Aug 27 23:14:16 UTC 2011 

Quoting Ralf Lang <lang at b1-systems.de>:

> Am Freitag, 26. August 2011, 14:46:56 schrieb Jan Schneider:
>> Zitat von Ralf Lang <lang at b1-systems.de>:
>> > Am Freitag, 26. August 2011, 13:44:01 schrieb Jan Schneider:
>> >> Zitat von Ralf Lang <lang at b1-systems.de>:
>> >> > Interim conclusion
>> >> >
>> >> > (upstream = Horde, downstream = openSUSE Packaging)
>> >> >
>> >> >> Hi folks,
>> >> >>
>> >> >> the legal review team for the openSUSE rpms has pointed out some more
>> >> >> inconsistencies in license headers of some files. Some look like
>> >> >> obvious copy/paste errors, I'm not sure with others. Details follow.
>> >> >> Please advise.
>> >> >>
>> >> >>
>> >> >> Bug 712230 - GPL license in Apache-1.0 licensed horde4-mnemo
>> >> >>
>> >> >> The package is apparently ASL-1.0 licensed but this notice was found
>> >> >> in lib/Application.php:
>> >> >>
>> >> >> /**
>> >> >>
>> >> >>  * Mnemo application API.
>> >> >>  *
>> >> >>  * This file defines Horde's core API interface. Other core Horde
>> >> >>  libraries * can interact with Mnemo through this API.
>> >> >>  *
>> >> >>  * Copyright 2010-2011 The Horde Project (http://www.horde.org/)
>> >> >>  *
>> >> >>  * See the enclosed file COPYING for license information (GPL). If
>> >> >>  you * did not receive this file, see
>> >> >>  http://www.fsf.org/copyleft/gpl.html. *
>> >> >>  * @package Mnemo
>> >> >>  */
>> >> >>
>> >> >> There is no COPYING in the package. The GPL referred to in the link
>> >> >> above is the GPL-3.0 which would be compatible with ASL-2.0 but not
>> >> >> with ASL-1.0. Also, if the package does legitimately purport to
>> >> >> include a GPL licensed Application.php, it should also contain a
>> >> >> copy of the license.
>> >> >>
>> >> >> Upstream should confirm if they really intended Application.php to be
>> >> >> GPL-3.0 or if this was an error.
>> >> >>
>> >> >>
>> >> >> STATUS: Resolved. I asked jan, he confirmed it's ASL and I changed in
>> >> >> git.
>> >> >>
>> >> >>
>> >> >> ---------------------------------------------
>> >> >>
>> >> >> Summary: Canon.php from php5-pear-Horde_Image 1.0.4 contains GPL-2.0+
>> >> >> license Horde Image.
>> >> >>
>> >> >> Horde_Image is LGPL (supposedly v2.1?) but all files in Exif/Parser/
>> >> >> are copyright 2003 Jake Olefsky GPLv2 -
>> >> >> https://bugzilla.novell.com/show_bug.cgi?id=712242#c0
>> >> >>
>> >> >> STATUS: Unsure.
>> >> >> Please confirm if this is LGPL-2.1 or LGPL-3.0.
>> >> >> Please confirm of the GPL headers can be removed.
>> >> >>
>> >> >> They also want a license file included but I can do this locally in
>> >> >> the rpm until we have decided if we ship license files with
>> >> >> libraries (other thread)
>> >> >
>> >> > This one is still uncommented.
>> >>
>> >> Is this is a requirement for them, I'm fine with it. It's probably
>> >> less hassle if we add it upstream.
>> >
>> > That would be handy for me.
>> >
>> > It affects/has affected several packages.
>> > They also have an automatic rpmlint check incorrect-fsf-address for
>> > outdated versions of the gpl/lgpl license files.
>> >
>> > That's why it would be best to somehow inject the license files in the
>> > pear stage rather than having a lot of copies in git. (or is there
>> > something like svn:external in git?)
>>
>> I don't think this is much of a problem. Definitely not for storage
>> reasons.
>>
>> > But the main blocker for Horde_Image is currently the Jake Olefsky GPL
>> > claim in Exif/Parser/* - nobody has commented if this is a valid claim
>> > or if this is
>> > wrong/outdated.
>
> http://www.horde.org/apps/ansel/docs/CREDITS <--- this is not exactly the
> place I would have looked for it but I will try if downstream is happy now.
>
>>
>> Only Mike can comment on this.

Sorry. I've been on vacation for the last week and have been pretty  
much out of touch with no connectivity. I don't have time to get  
caught up on all the backlog of email before this hurricane hits us,  
but am trying to answer the more pressing emails before we get hit  
with this storm.

When I more-or-less took over maintaining Ansel, the Exifer code was  
already incorporated into Ansel. The original code was released under  
the GPL (but is no longer maintained by the original author - it was  
adopted by zenphoto.org, still under the GPL). This is why the notice  
appears in the Ansel CREDITS doc. This should probably be moved  
somewhere more appropriate - maybe  
http://wiki.horde.org/Doc/Dev/CopyrightLicense ?

Likewise, when I started maintaining Horde_Image, it was already  
released under the LGPL. For Horde 4, I moved the Exifer code to  
Horde_Image, where I thought it really belonged, but failed to notice  
the licensing discrepancy.

Personally, I don't like the LGPL, but as I said above, Horde_Image  
was already licensed that way when I started work on it. So, suffice  
to say, I wouldn't mind if, going forward, it is released as GPL.  
Though I have to admit I don't know enough about licensing changes to  
know if this is possible.

OTOH, The Exifer code in question is only one of a few possible  
drivers for working with EXIF data, so theoretically, one could not  
include it if it is being used in a way that violates the GPL  
licensing. OTOOH, the orginal author did give us permission to  
incorporate it into Horde - though he is no longer the maintainer.


-- 
mike

The Horde Project (www.horde.org)
mrubinsk at horde.org

More information about the dev mailing list