Refactor LICENSE.md to make it scanner friendly #41095
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The code in this repository is all MIT licensed (maybe there are some exceptions that I am forgetting), and the third party licenses probably only matter for the binaries. On the downloads page, we can link both the Julia and the third party licenses prominently. Curious to see what others have to say. |
|
Following the text in license.md, the following source files are covered by a different license than MIT
|
|
|
Good to know. That’s something to be removed from the license files in another PR. |
|
Yeah, seems to need cleanup. I don't think cyclecount should have ever been listed and grisu is deleted. |
|
I can open another PR for thirdparty cleanup after this one is dispositioned. |
|
@StefanKarpinski Any thoughts here? We should probably keep this open a bit longer to give time to folks to comment. |
|
Perhaps we should just add it to triage? |
|
I think it's fairly important to leave some kind of breadcrumb for someone who is looking at the license file indicating that there may be other licensing considerations when using the result of compiling this code. If an extra line at the bottom could link to the |
|
I think that will do it. At first adding the pointer to THIRDPARTY.md broke the license scanner until I found a way to make it ignore everything after the license. |
StefanKarpinski
approved these changes
Jun 10, 2021
|
Did triage discuss this? |
|
We didn't have triage last week. (So no) |
|
Triage says yes. |
|
There doesn't seem to be a definitive idiom for this, but this SoftwareEngineering.SE question its answers suggest some similar ideas — it seems as long as whatever we do here is obvious we're in good stead. IMO most options suggested there are less obvious than this. |
|
@ViralBShah Does this PR need your approval before it can move forward? |
ViralBShah
approved these changes
Jun 28, 2021
|
What's going on in the CI that is preventing the merging? I think this is good to go. |
ViralBShah
reviewed
Jun 28, 2021
|
|
||
| On some platforms, distributions of Julia contain SSL certificate authority certificates, | ||
| released under the [Mozilla Public License](https://en.wikipedia.org/wiki/Mozilla_Public_License). | ||
| Please see THIRDPARTY.md for license information for other software used in this project. |
There was a problem hiding this comment.
It would be nice to link the URL of THIRDPARTY.md in here (either now or after merging).
|
It looks like maybe the version that I made these changes to had other issues. Should I rebase? |
|
Sure no harm rebasing |
…ered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub).
… doesn't break the Github scanner (and hopefully others)
Co-authored-by: Stefan Karpinski <[email protected]>
Co-authored-by: Jeff Bezanson <[email protected]>
|
@ViralBShah I’ve rebased and now CI is passing. This should be enough to move forward right? |
johanmon
pushed a commit
to johanmon/julia
that referenced
this pull request
Jul 5, 2021
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub).
SamuraiAku
added a commit
to SamuraiAku/julia
that referenced
this pull request
Jul 22, 2021
…s third party code. Remove reference from THIRDPARTY.md and add standard Julia header to exp.jl. See comments in JuliaLang#41095
Merged
ViralBShah
pushed a commit
that referenced
this pull request
Aug 11, 2021
* Add LLVM project license text to src/disasm.cpp * Remove mention of third party code from header in src/jitlayers.cpp, since there are no markings of third party code in the actual source code. Update THIRDPARTY.md as well * More precise reference to source files using MUSL code in THIRDPARTY.md * Remove reference to joinpath in Python section of THIRDPARTY.md. The function does not appear to exist * Removed reference to cyclecount from THIRDPARTY.md since it does not apear to exist in the codebase * Remove reference to grisu from THIRDPARTY.md. This code was deleted a while ago * base/special/exp.jl was previously rewritten so that it no longer uses third party code. Remove reference from THIRDPARTY.md and add standard Julia header to exp.jl. See comments in #41095 * Add BSD-3 license to src/flisp * In THIRDPARTY.md, move FEMTOLISP reference to the third party code in src section. This is the proper location for the reference since the code is part of the Julia repository and not an external dependency * In THIRDPARTY.md, change the LIBUNWIND license link to the repository Julia actually pulls the dependency from * In THIRDPARTY.md, change the LIBUV license link to the repository Julia actually pulls the dependency from * Clearly mark references to LLVM open source license as UIUC not BSD-3. They are very similar but are recognized as different licenses. * In THIRDPARTY.md, change the DSFMT license link to the respository Julia actually pulls the code from. * In THIRDPARTY.md, change the MBEDTLS license link to the repository Julia actually pulls from. The license in that repo is Apache 2.0 only, which is the default for the project anyhow, so I removed mention of the alternate GPL licensing option * In THIRDPARTY.md, change the SUITESPARSE license link to the repository Julia pulls the dependency from. * Add missing reference to LIBBLASTRAMPOLINE in THIRDPARTY.md * Add missing reference to LIBWHICH in THIRDPARTY.md * Add missing reference to NGHTTP2 in THIRDPARTY.md * Add hyperlinks between LICENSE.md and THIRDPARTY.md * In THIRDPARTY.md, move LIBWHICH from stdlib dependencies to build tools
|
@ViralBShah, Should this PR be back ported to 1.6 and 1.7? |
|
Yes, let's do that. |
|
@ViralBShah can you add the back port labels then? Thanks. |
ViralBShah
added
backport 1.6
KristofferC
pushed a commit
that referenced
this pull request
Sep 2, 2021
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 161e384)
This was referenced Sep 2, 2021
KristofferC
pushed a commit
that referenced
this pull request
Sep 3, 2021
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 161e384)
KristofferC
pushed a commit
that referenced
this pull request
Sep 6, 2021
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 161e384)
KristofferC
removed
backport 1.6
staticfloat
pushed a commit
that referenced
this pull request
Dec 23, 2022
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 161e384)
vchuravy
pushed a commit
to JuliaLang/LazyArtifacts.jl
that referenced
this pull request
Oct 2, 2023
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 8978269)
vchuravy
pushed a commit
to JuliaPackaging/LazyArtifacts.jl
that referenced
this pull request
Oct 2, 2023
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub).
vchuravy
pushed a commit
to JuliaPackaging/LazyArtifacts.jl
that referenced
this pull request
Oct 2, 2023
* Add LLVM project license text to src/disasm.cpp * Remove mention of third party code from header in src/jitlayers.cpp, since there are no markings of third party code in the actual source code. Update THIRDPARTY.md as well * More precise reference to source files using MUSL code in THIRDPARTY.md * Remove reference to joinpath in Python section of THIRDPARTY.md. The function does not appear to exist * Removed reference to cyclecount from THIRDPARTY.md since it does not apear to exist in the codebase * Remove reference to grisu from THIRDPARTY.md. This code was deleted a while ago * base/special/exp.jl was previously rewritten so that it no longer uses third party code. Remove reference from THIRDPARTY.md and add standard Julia header to exp.jl. See comments in JuliaLang/julia#41095 * Add BSD-3 license to src/flisp * In THIRDPARTY.md, move FEMTOLISP reference to the third party code in src section. This is the proper location for the reference since the code is part of the Julia repository and not an external dependency * In THIRDPARTY.md, change the LIBUNWIND license link to the repository Julia actually pulls the dependency from * In THIRDPARTY.md, change the LIBUV license link to the repository Julia actually pulls the dependency from * Clearly mark references to LLVM open source license as UIUC not BSD-3. They are very similar but are recognized as different licenses. * In THIRDPARTY.md, change the DSFMT license link to the respository Julia actually pulls the code from. * In THIRDPARTY.md, change the MBEDTLS license link to the repository Julia actually pulls from. The license in that repo is Apache 2.0 only, which is the default for the project anyhow, so I removed mention of the alternate GPL licensing option * In THIRDPARTY.md, change the SUITESPARSE license link to the repository Julia pulls the dependency from. * Add missing reference to LIBBLASTRAMPOLINE in THIRDPARTY.md * Add missing reference to LIBWHICH in THIRDPARTY.md * Add missing reference to NGHTTP2 in THIRDPARTY.md * Add hyperlinks between LICENSE.md and THIRDPARTY.md * In THIRDPARTY.md, move LIBWHICH from stdlib dependencies to build tools
vchuravy
pushed a commit
to JuliaLang/Distributed.jl
that referenced
this pull request
Oct 6, 2023
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit 8bc9409)
vchuravy
pushed a commit
to JuliaLang/Test.jl
that referenced
this pull request
Oct 7, 2023
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub). (cherry picked from commit c312422)
Keno
pushed a commit
that referenced
this pull request
Jun 5, 2024
Create THIRDPARTY.md to hold license information for all code not covered by the main MIT license. This format allows for automated scanning and categorization of Julia's license. The licenses were broken up this way because this is the format that many automated license scanners (including GitHub).
Keno
pushed a commit
that referenced
this pull request
Jun 5, 2024
* Add LLVM project license text to src/disasm.cpp * Remove mention of third party code from header in src/jitlayers.cpp, since there are no markings of third party code in the actual source code. Update THIRDPARTY.md as well * More precise reference to source files using MUSL code in THIRDPARTY.md * Remove reference to joinpath in Python section of THIRDPARTY.md. The function does not appear to exist * Removed reference to cyclecount from THIRDPARTY.md since it does not apear to exist in the codebase * Remove reference to grisu from THIRDPARTY.md. This code was deleted a while ago * base/special/exp.jl was previously rewritten so that it no longer uses third party code. Remove reference from THIRDPARTY.md and add standard Julia header to exp.jl. See comments in #41095 * Add BSD-3 license to src/flisp * In THIRDPARTY.md, move FEMTOLISP reference to the third party code in src section. This is the proper location for the reference since the code is part of the Julia repository and not an external dependency * In THIRDPARTY.md, change the LIBUNWIND license link to the repository Julia actually pulls the dependency from * In THIRDPARTY.md, change the LIBUV license link to the repository Julia actually pulls the dependency from * Clearly mark references to LLVM open source license as UIUC not BSD-3. They are very similar but are recognized as different licenses. * In THIRDPARTY.md, change the DSFMT license link to the respository Julia actually pulls the code from. * In THIRDPARTY.md, change the MBEDTLS license link to the repository Julia actually pulls from. The license in that repo is Apache 2.0 only, which is the default for the project anyhow, so I removed mention of the alternate GPL licensing option * In THIRDPARTY.md, change the SUITESPARSE license link to the repository Julia pulls the dependency from. * Add missing reference to LIBBLASTRAMPOLINE in THIRDPARTY.md * Add missing reference to LIBWHICH in THIRDPARTY.md * Add missing reference to NGHTTP2 in THIRDPARTY.md * Add hyperlinks between LICENSE.md and THIRDPARTY.md * In THIRDPARTY.md, move LIBWHICH from stdlib dependencies to build tools
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Most corporate environments will not approve the use of open-source software until all of the licensing terms have been reviewed and approved. Given the huge amounts of open source in use these days, companies rely on automated scanning to make a first pass at evaluation. If the scanning software is able to comprehend the license files, then approval could be granted in just a day or two. If the scanners cannot comprehend the license file then it goes into a queue for review by a human which takes a good deal longer. Commonly this review is required for every new point release that someone at the company wants to use. Given the rapid rate of Julia development, having to go into manual review will impede adoption of the latest and greatest versions of Julia in the corporate world.
Currently Julia's LICENSE.md file cannot be comprehended by the scanners. A good and easy way to tell if the license is scanner friendly is by checking if Github's own automated scanners can detect the license. For further information on Github's automated scanning see:
https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/licensing-a-repository#detecting-a-license
This pull request modifies LICENSE.md to make it scanner friendly. To do that, only the top-level MIT license is listed in the file. Changes to the formatting of license text have been to make it comprehensible to the scanners but the text of the license has not been altered. The licensing for other components have been moved to a new file name named THIRDPARTY.md.
To demonstrate that the reformatted LICENSE.md can be read by license scanners, I have created a new repository that contains only this PR as it's master branch.
https://github.com/SamuraiAku/license_refactor
You can see that under "About" the page says this repository uses the MIT license. That information was automatically filled in by Github's license scanner
Please note that this PR is only one step towards making the code base full scanner friendly. Future PRs can begin to tackle the remaining issues piece by piece.