-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What does the License notice for Algorithm from Internet Draft document "UUIDs and GUIDs"
apply to?
#79231
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
cc @richlander |
Tagging subscribers to this area: @dotnet/area-meta Issue DetailsOver in Fedora-land, we are trying to add .NET 7 to Fedora. As part of that, we have flagged that this isn't a valid open source license, at least for code. (Fedora distinguishes between licenses that are open source for code vs for open source enough just for content) runtime/src/installer/pkg/THIRD-PARTY-NOTICES.TXT Lines 407 to 408 in 440d362
runtime/THIRD-PARTY-NOTICES.TXT Lines 408 to 409 in 440d362
What does this license apply to? Does it actually cover some piece of code? If so, can someone point us to it? Here's the actual feedback we received on the review for this license:
|
FWIW the original addition to the file was done in dotnet/coreclr#10117. I found this code in coreclr that seems related:
|
This may be a legal question, but does an implementation of an algorithm described in RFC fall under the same copyright/license as the RFC itself? The license itself states that the license is for "This document and translations", and doesn't talk about it covering any code that implements it. |
Hi, so if the file pointed to by @akoeplinger is relevant, that might help clear this up. I think the relevant RFC document is this one. While this document is overall under the IETF RFC license, there is an Appendix A containing a reference implementation that has a copyright and license notice that seems to be identical to the other (archaic but clearly FOSS) license notice adjacent to the IETF license notice. (Edit: there seems to be one difference: the one in the THIRD-PARTY-NOTICES.TXT doesn't have the "Copyright (c) 1998 Microsoft." line. Maybe Microsoft decided to delete it to make clear that any Microsoft copyrights were being placed under the MIT license. It doesn't really matter.) It seems reasonable to assume that anything that was copied or adapted here ultimately from that RFC draft would have been from that appendix. So while this probably solves Fedora's problem (if the assumptions I'm making are correct), I would recommend that the dotnet project delete the IETF notice because it is (almost certainly) incorrect and therefore misleading. To clarify what the basic issue here is: Fedora is committed to having a 100% FOSS distribution as far as code goes. The IETF license is not a FOSS license because it has certain confusingly-worded restrictions on modification. For example it clashes with the permissions of the MIT license which that linked source file asserts is the license of the file. The reason why the IETF license is incorrect is that (if my assumptions are correct) it doesn't cover anything that got copied into that file. The license of the RFC document doesn't (and can't) constrain implementations, which sort of answers @omajid's question -- unless the RFC document were to contain code covered by that document license, which (it seems) is not the case here. |
The draft UUID section has been removed from the TPN doc by #80320 (comment). I think that fully resolves this issue and please let me know if there are additional areas that need clarification. |
@leecow what about the license notice here: https://github.com/dotnet/runtime/blob/main/src/coreclr/utilcode/guidfromname.cpp#L47-#L69 Not sure if there was a misunderstanding but the issue pointed out here was not draft vs final RFC but rather that the IETF RFC license doesn't apply to the reference implementation code contained in an annex to the draft RFC (and maybe the counterpart final RFC, haven't looked at that). |
@leecow There are more places where this needs to be cleaned up as @richardfontana pointed out. |
Thanks, Jan. It looks like a total of 25 instances of the Draft though most are in out-of-support branches. I'll get additional PRs opened. |
I do not think that the draft is the main problem. The main problem is reference to IETF RFC license like https://github.com/dotnet/runtime/blob/main/src/coreclr/utilcode/guidfromname.cpp#L47-#L69 that should be deleted. |
OK. Does the attribution at https://github.com/dotnet/runtime/blob/main/src/coreclr/utilcode/guidfromname.cpp#L8-#L9 cause any trouble? |
I do not think this attribution is a problem. |
guidfromname.cpp contains a reference to an IETF RFC draft. This needs to be clarified for downstream FOSS licensing scans by removing the draft reference. This PR corrects the IETF RFC reference and retains the final published RFC references. Resolves #79231
Over in Fedora-land, we are trying to add .NET 7 to Fedora.
As part of that, we have flagged that this isn't a valid open source license, at least for code. (Fedora distinguishes between licenses that are open source for code vs for open source enough just for content)
runtime/src/installer/pkg/THIRD-PARTY-NOTICES.TXT
Lines 407 to 408 in 440d362
runtime/THIRD-PARTY-NOTICES.TXT
Lines 408 to 409 in 440d362
What does this license apply to? Does it actually cover some piece of code? If so, can someone point us to it?
Here's the actual feedback we received on the review for this license:
The text was updated successfully, but these errors were encountered: