Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libgpiod cxx bindings license LGPLv3+ #772

Open
bshm opened this issue Jan 7, 2024 · 4 comments
Open

libgpiod cxx bindings license LGPLv3+ #772

bshm opened this issue Jan 7, 2024 · 4 comments

Comments

@bshm
Copy link

bshm commented Jan 7, 2024

Dear maintainers, @brgl,

I noticed that the the libgpiod cxx bindings have been re-licensed from LGPLv2+ to LGPLv3+ starting from version 2.0.
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/bindings/cxx/gpiod.hpp?id=ea84f882d5d39b734a5756b3a6950da4896b9a0a

I think this should be in reflected in the LICENSE line of
libgpiod_2.1.bb which currently lists only

LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & CC-BY-SA-4.0"
@brgl
Copy link
Contributor

brgl commented Jan 8, 2024

Which part of LGPL-2.1-or-later is not matched by LGPL-3.0 exactly?

@bshm
Copy link
Author

bshm commented Jan 8, 2024
edited

In general I think the LICENSE field in yocto recipes is what SPDX calls a license expression:
https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/

[...] Another example is when a set of licenses is needed to represent a binary program constructed by compiling and linking two (or more) different source files each governed by different licenses (e.g., LGPL-2.1-only AND BSD-3-Clause).

My concrete understanding of the semantics of the LICENSE field in libgpiod is:

Libgpiod source files consist of
files that a user is allowed to use under the terms of the GPL-2.0 license or any later version of the GPL license and
files that a user is allowed to under the terms of the LGPL-2.1 or any later version of the LGPL license and
files that a user is allowed to under the terms of the CC-BY-SA-4.0 license.

The libgpiod C++ bindings are now re-licensed LGPL-3.0-or-later, that means a user of the library does not have the choice to use those under LGPL-2.1 anymore -- and imho the package's LICENSE field should reflect that.

This results in practice the LICENSE field cannot be used by yocto anymore to identify incompatible licenses or to generate concise SBOMs for the build artifacts.

I think this could be solved the following way, setting the LICENSE for the libgpiodcxx subpackage setting to LGPL-3.0-or-later, something like this for libgpiod-2.1.bb

LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later & CC-BY-SA-4.0 & LGPL-3.0-or-later"
LICENSE:${PN} = "GPL-2.0-or-later & LGPL-2.1-or-later & CC-BY-SA-4.0"
LICENSE:libgpiodcxx = "LGPL-3.0-or-later"

@brgl
Copy link
Contributor

brgl commented Jan 9, 2024

I see. Yes it makes sense but if you want to be 100% strict then there would be non LGPL-3.0 files too in the libgpiod package. Do you want to send a patch to the list?

@bshm
Copy link
Author

bshm commented Jan 11, 2024
edited

if you want to be 100% strict then there would be non LGPL-3.0 files too in the libgpiod package

Sorry, I don't fully understand. Did you mean to say libgpiodcxx package?

Do you want to send a patch to the list?

Honestly I don't have much experience with sending patches and would prefer creating a PR here. But if that's usual openembedded development workflow, yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brgl @bshm