New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relicense as dual Apache / BSD 2 clause #1209
Comments
I know you asked a real life human lawyer @alex but I am not entirely sure I understand why we need this. I know the FSF guidelines say that GPLv2 isn't compatible with APLv2, but AIUI this is due to the patent clauses in APLv2 and those only apply to contributors to this project and by extension derivatives. However APLv2 isn't viral so it's quite hard to qualify as a real derivative, why would this effect projects that just happen to use |
My permission is given. Go for it! |
My permission is given. |
@Spindel embarrassing question, but which name are you? |
+0.0, as in mailing list. Checked myself off. |
My permission is given. |
I'm happy for you to relicense. I'm also open to assigning the copyright to y'all if that makes your life easier in future. |
Dual-licensing means people can use the software under either license, right? |
@anotherthomas Yes, it means users will be able to use it under both licenses, but contributors will need to offer their contributions under both licenses, meaning we still have the patent and other protections from the Apache license. |
@alex I see. Thanks. |
My permission is given. Checked myself. |
I give my permission. |
My permission is given. |
1 similar comment
My permission is given. |
I give my permission. |
Chiming in as PyCrypto maintainer, I'll outline the motivation behind this change, from my perspective: There are too many FOSS crypto libraries and too few people with the knowledge, skills, and free time to maintain them. We saw this recently with OpenSSL, and PyCrypto suffers from the same problem. PyCrypto has millions of end-users, but there are only a couple of contributors working on it in our spare time. When we inevitably make mistakes, it's rare that anyone notices. Some of the larger examples of this include:
With this license change, the PyCrypto and Cryptography communities could begin to eliminate redundancies between the two projects. PyCrypto would provide its @public While I understand that there is some debate as to whether APLv2 is truly incompatible with GPLv2, that's the position taken by the FSF and acknowledged by the ASF. Perhaps out of an abundance of caution, it has been raised as a concern by the maintainer of Debian's python-crypto package. This license change should eliminate any doubt and allow us to focus on the technical challenges ahead. |
Yea, arguing about whether it is or isn't compatible is for lawyers :) |
Ah, sorry. I'm listed as D.Spindel Ljungmark. |
I think this is a bad idea but given my minimal contributions to the project and the apparently widespread support I'm checking the checkbox next to my name anyway. |
Sounds good to me: My permission is given |
My permission is given. FWIW, I'm not convinced though of the need for a dual-license (AL2). |
Permission from me. |
Go for it. |
My permission is given. ;) |
@dlitz Is that conversation with the Debian maintainer public? |
@public Sure, you can find the thread at:
There isn't a lot there. The discussion wasn't extensive. IIRC from shortly after the Apache License 2.0 was first released, it's a resolved issue in Debian that it's incompatible with GPLv2, so I didn't argue. There might be an old debian-legal thread somewhere, but I don't have the reference. |
@Ivoz (replying to original comment instead of edited one): it does work, because the ASLv2 protections kick in when contributors add code. Contributors have to agree to both licenses, users can pick either one. That way contributors can't use patent nukes, but users that can't use ASLv2 (instead can only use less restrictive licenses like BSD) use the BSD one :) |
Permission granted. |
I just want to say I'm disappointed that you're going to all this effort to allow use with the GPL, when the same effort could be going towards relicensing PyCrypto. |
Re licensing PyCrypto doesn't make it better for GPL applications who want to use cryptography. |
That's correct. On Tue Oct 28 2014 at 7:02:21 PM Glyph notifications@github.com wrote:
|
I've also personally sent them emails, hopefully we'll hear back shorlty. On Tue Oct 28 2014 at 7:06:39 PM Glyph notifications@github.com wrote:
|
Oh d... :( I'm deeply sorry for the delay. The re-licensing mail got lost in my huge pile of to-do mails. Of course I'm fine with re-licensing cryptography. Please go ahead! |
Just received an email from Timur granting his permission! |
All set then! |
Added new license files. Refs #1209
Awesome! |
Two things left! We need to make the contributing docs clear, and we need to replace all the license headers. I left the right text for hte headers at home (I'm travelling ATM), so I'll send that PR next week, will try to get the contributing docs done soonish. |
Refs #1209 -- clearly state the licensing requirements in the docs
Refs #1209 -- added a changelog entry for our license change
Woot! Thanks so much everyone! |
Seems to be best practice in the Python community for licensing libraries. See e.g: pyca/cryptography#1209 https://structlog.readthedocs.org/en/stable/license.html
This will allow folks with GPLv2 codebases to use us, and is a blocker for
PyCrypto
to be implemented on top of us. I've consulted with an IP lawyer to verify that this will allow more people to use Cryptography, while still giving us the protections of the Apache license.Tasks:
LICENSE
file appropriatelysetup.py
classifiers__about__.py
andcryptography_vectors/__about__.py
List of folks whose consent we need:
The text was updated successfully, but these errors were encountered: