-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add copyrights to cpython continued support work #11
base: 2.7
Are you sure you want to change the base?
Conversation
@@ -59,6 +59,54 @@ direction to make these releases possible. | |||
B. TERMS AND CONDITIONS FOR ACCESSING OR OTHERWISE USING PYTHON | |||
=============================================================== | |||
|
|||
ACTIVESTATE LICENSE AGREEMENT FOR PYTHON 2.7 GREATER THAN 2.7.18 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this just renaming the PSF license?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, renaming and changing the company name. I wanted the license type to remain identical to python3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok let me just verify we are ok with effectively a 'custom' OS license name type. Should be ok but will verify.
cc6b61c
to
625f9d4
Compare
625f9d4
to
d83347b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one question.
@@ -1,5 +1,9 @@ | |||
#! /usr/local/bin/python | |||
|
|||
# Copyright (C) 2021 ActiveState Software Inc. | |||
# cgi is licensed under the PSFLv2 License. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a bit confusing to add our own custom PSFLv2 license and then say that this file is licensed under the PSFLv2. Do we mean the actual PSFLv2 (which is between the PSF and the Licensee), or we do mean between us and the Licensee?
Also, damn the PSF for not making a templatable license!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am in unclear territory with making this license. I went with PSFL as I thought a big part of the new platform was to not dual-license these languages. But I don't know anyone else who has customized the PSFL like this before. It is certainly used by the community, but unmodified. Often, as in the popular matplotlib, the full text isn't even bothered to be copied over. The license on any of their distributions is just "PSF".
Would "ActiveState's PSFLv2 License" be more accurate? Or just "the ActiveState License" to avoid confusion? (although readers of just these files won't know what and 'ActiveState License' is)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First an aside ... saying "PSFLv2 License" is redundantly redundant, since the "L" in "PSFL" stands for License.
And back on topic ...
If other people use the PSFL for new works as is but they are not representing the PSF, I don't see how that use is legally valid or enforceable. The license starts with this text:
This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and the Individual or Organization ("Licensee") accessing and otherwise using Python 3.9.4 software in source or binary form and its associated documentation.
So by definition, only the PSF can apply this license (as is) to anything. If I were to try to use it for my code, it couldn't possibly be legally valid, because I am not in a legal position to make binding agreements between the PSF and the Licensee.
So given that, I don't think it's possible for us to claim copyright on a file and then say it's under the PSFLv2. Saying "ActiveState's PSFLv2" makes more sense.
But let me throw yet another spanner into the works. What is the license of the PSFLv2 license text? Can we make a derivative version? That's not something we can just assume. Some licenses are themselves licensed in a way that forbids derivatives! For example, the various (L)GPL licenses all say something like this:
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Absent an explicit copyright statement, the PSFLv2 copyright is (presumably) owned by the PSF, and we are not free to make a derivative version without their permission.
And there's several other issues too!
First, the PSFLv2 has this text:
Subject to the terms and conditions of this License Agreement, PSF hereby grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, analyze, test, perform and/or display publicly, prepare derivative works, distribute, and otherwise use Python alone or in any derivative version, provided, however, that PSF's License Agreement and PSF's notice of copyright, i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved" are retained in Python alone or in any derivative version prepared by Licensee.
IANAL, but my reading of this is that the PSF is claiming copyright on all derivative works, and I'm not sure if we can add our own copyright notice as well.
Even if we can add it, the copyright statement as written implies that we are the sole copyright holder for each of these files. Unless we (re)wrote this from scratch, that is incorrect. We can only claim copyright for some parts of the code (or maybe none at all, if I'm reading the PSFLv2 correctly). So if we're adding a copyright header we need to spell out other copyright holders too.
But hey, we have a new corporate counsel. I think it'd be good to get Ron involved, since as I mentioned, IANAL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All great points. My couple quick thoughts:
- Re: Copyright notices, yes, that is correct, if we are adding our copyright to cover our segments the original copyright/license info also has to be present. Usually this is already the case. If it's not, then we either need to add it, OR, not add ours.
- If we are renaming this license, we have to include the original license as well (as the PSF one does with its older versions) — so we can't just replace it, we have to amend it. It's not totally clear whether their license allows that — I don't see anything disallowing it — but this is where we'd need legal approval.
We probably should get this vetted by legal — but at a minimum we need to do the above 2 things. As discussed we should probably not gate our 2.7.18.4 release on getting this resolved, but hold it for the next one. The 'list of changes' portions discussed need to be broken out and included though to be in compliance with the license.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will open a new PR with just the "add NEWS for ActiveState releases" commit but keep this one open to discuss copyrights. It won't cause any merge conflicts when the other work is ready.
- The PSFL is not included in any of the source files. The only time copyrights are included in source files is when the work was not originally for the cpython project (https://github.com/ActiveState/cpython/blob/2.7/Lib/logging/__init__.py#L1 as an example). Its not hard to add the PSFL as an additional comment when we go to add and ActiveState license, but that will always be required.
- All of the original licenses remain untouched in LICENSE including the original PSFL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Found this today, which reenforces that other projects use the PSFL, but also does not provide a template for new projects, or a standard header https://spdx.org/licenses/PSF-2.0.html
We should be taking credit for the work put into cpython2.7 to continue fixing CVEs. We have so far released 3 micro versions and are about to release a fourth, with no new copyrights or credit, except in the git commits.
AC
Open Questions