Conversation
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
skitt
left a comment
skitt
left a comment
There was a problem hiding this comment.
My contributions are very minor indeed, I agree with the relicensing.
|
Regarding cncf/foundation#1074, I didn’t mean to cause concern — there shouldn’t be any problem on the Kubernetes side, it should just be paperwork. There are quite a few MPL-2.0-licensed projects in the Kubernetes dependency tree! |
For historical reasons, the SecureJoin code needs to be BSD licensed, as it is based on work written by folks from Docker (which originally based it on the Go stdlib). However, for all of the new API code (which is based on libpathrs), it makes little sense to use such a permissive license (given the license of libpathrs is copyleft). MPLv2 lets us have file-based copyleft without affecting the (logically separated) old API code. I am the sole author of the vast majority of this code, but we have had some contributors that have made some changes to this code (and we thus need their approval to be on the safe side when it comes to relicensing): * Stephen Kitt wrote 1 minor testing-related patch. * Kir Kolyshkin wrote 3 minor documentation patches, and 2 patches related to moving to sync.OnceValue. The following contributors have made contributions to this repository, but not to any of the files which are being relicensed, and thus we do not need their approval: * Jakub Wilk wrote 1 minor non-code documentation patch. * Paulo Gomes wrote 1 patch fixing a security issue in SecureJoin. * Devendranath Thadi wrote 1 non-code patch related to CI. Signed-off-by: Stephen Kitt <[email protected]> Signed-off-by: Aleksa Sarai <[email protected]>
Signed-off-by: Aleksa Sarai <[email protected]>
|
/ping @kolyshkin |
kolyshkin
left a comment
kolyshkin
left a comment
There was a problem hiding this comment.
LGTM, and I approve changing the license.
One nit regarding the patch itself -- I recently found out that it's sufficient to state the original / earliest year in a copyright statement. In other words, rather than
Copyright (C) 2020-2025
you may just have
Copyright (C) 2020
and the meaning will be the same. One obvious benefit is you don't have to update the range, ever.
Having said that, IANAL, and it might just be a matter of personal preference which I respect.
|
My understanding is that it's even less strict and that the modern view is that explicit per-file copyright information is not legally necessary so long as there is an obvious license in the repo, but I prefer having the old-school style. I know that Go does the "first year when the file was created" style, I personally prefer having first-touched and last-touched where reasonable. |
Aleksa Sarai (2): *: add SPDX-License-Identifier lines *: relicense libpathrs ports to MPLv2 Votes: https://web.archive.org/web/*/https://github.com/cyphar/filepath-securejoin/pull/58 LGTMs: cyphar kolyshkin skitt
3 participants
For historical reasons, the SecureJoin code needs to be BSD licensed, as
it is based on work written by folks from Docker (which originally based
it on the Go stdlib).
However, for all of the new API code (which is based on libpathrs), it
makes little sense to use such a permissive license (given the license
of libpathrs is copyleft). MPLv2 lets us have file-based copyleft
without affecting the (logically separated) old API code.
I am the sole author of the vast majority of this code, but we have had
some contributors that have made some changes to this code (and we thus
need their approval to be on the safe side when it comes to
relicensing):
related to moving to sync.OnceValue.
The following contributors have made contributions to this repository,
but not to any of the files which are being relicensed, and thus we do
not need their approval:
Signed-off-by: Aleksa Sarai [email protected]
In order for this patch to be merged, we need approval from the following people:
To indicate your approval, please do so by approving the PR and leaving a comment stating that you agree with the re-licensing.