| Message ID | 20251107040923.4127069-1-namanj1@kpit.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta,master] socat: Update LICENSE field | expand |
On Thu, Nov 6, 2025 at 9:09 PM Naman Jain via lists.openembedded.org <nmjain23=gmail.com@lists.openembedded.org> wrote: > > The below reference clearly states that GPL-2.0-with-OpenSSL-exception > is to be used with GPL 2.0 or GPL3.0 and not as a standalone license. > Therefore, update the correct license. > > Reference: > https://github.com/aboutcode-org/scancode-licensedb/blob/569d72e13e7c8d14a44380f91e80c5a2d4091f8f/docs/openssl-exception-gpl-2.0.yml#L7 > > Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> > Signed-off-by: Naman Jain <namanj1@kpit.com> > --- > meta/recipes-connectivity/socat/socat_1.8.0.3.bb | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > index ee6ca1fe44..964af9d124 100644 > --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > +++ b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > @@ -5,9 +5,10 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" > > SECTION = "console/network" > > -LICENSE = "GPL-2.0-with-OpenSSL-exception" > +LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" I don't think & here is really correct. If we were doing this in accordance with SPDX guidelines, it would be something like "GPL-2.0-only WITH OpenSSL-exception" or similar, but we don't (currently) support the WITH operator, or dsitinct license exceptions in general. However, our "GPL-2.0-with-OpenSSL-exception" is not just the exception (as scancode claims), but it is the complete license text; it also isn't a SPDX license identifier. I'm not sure why scancode is identifying as just the exception instead of the full license with the exception, I'm pretty sure that's the problem here, and adding in the GPL-2.0-only is not correct. > LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > - file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" > + file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f \ > + file://COPYING.OpenSSL;md5=5c9bccc77f67a8328ef4ebaf468116f4" > > SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ > file://0001-fix-compile-procan.c-failed.patch \ > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#226007): https://lists.openembedded.org/g/openembedded-core/message/226007 > Mute This Topic: https://lists.openembedded.org/mt/116166040/3616693 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Fri, 7 Nov, 2025, 9:39 am Naman Jain, <nmjain23@gmail.com> wrote: > The below reference clearly states that GPL-2.0-with-OpenSSL-exception > is to be used with GPL 2.0 or GPL3.0 and not as a standalone license. > Therefore, update the correct license. > > Reference: > > https://github.com/aboutcode-org/scancode-licensedb/blob/569d72e13e7c8d14a44380f91e80c5a2d4091f8f/docs/openssl-exception-gpl-2.0.yml#L7 > > Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> > Signed-off-by: Naman Jain <namanj1@kpit.com> > --- > meta/recipes-connectivity/socat/socat_1.8.0.3.bb | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > index ee6ca1fe44..964af9d124 100644 > --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > +++ b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > @@ -5,9 +5,10 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" > > SECTION = "console/network" > > -LICENSE = "GPL-2.0-with-OpenSSL-exception" > +LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" > LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > - > file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" > + > file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f > \ > + > file://COPYING.OpenSSL;md5=5c9bccc77f67a8328ef4ebaf468116f4" > > SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 > \ > file://0001-fix-compile-procan.c-failed.patch \ > -- > 2.34.1 > >
Hello, I understand your point that `GPL-2.0-with-OpenSSL-exception` is generally treated as a complete combined license, and that Yocto doesn’t yet support the SPDX `WITH` operator. However, I’d like to highlight a similar precedent in `cryptsetup`, where the license field is defined as: LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later & GPL-2.0-with-OpenSSL-exception" That was discussed @KhemRaj before being merged I have attached the conversation for the reference, and was accepted to reflect that the codebase includes both plain GPL components and parts linking against OpenSSL (covered by the exception variant). In our case, we are in a similar situation where both plain GPL-2.0 code and OpenSSL-linked code coexist. Therefore, expressing it as: LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" more accurately represents the license structure present in the source, even if `GPL-2.0-with-OpenSSL-exception` is itself a combined identifier. Looping in Khem Raj here (added in CC) for his thoughts as well. On Tue, 11 Nov, 2025, 12:48 am Joshua Watt, <jpewhacker@gmail.com> wrote: > On Thu, Nov 6, 2025 at 9:09 PM Naman Jain via lists.openembedded.org > <nmjain23=gmail.com@lists.openembedded.org> wrote: > > > > The below reference clearly states that GPL-2.0-with-OpenSSL-exception > > is to be used with GPL 2.0 or GPL3.0 and not as a standalone license. > > Therefore, update the correct license. > > > > Reference: > > > https://github.com/aboutcode-org/scancode-licensedb/blob/569d72e13e7c8d14a44380f91e80c5a2d4091f8f/docs/openssl-exception-gpl-2.0.yml#L7 > > > > Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> > > Signed-off-by: Naman Jain <namanj1@kpit.com> > > --- > > meta/recipes-connectivity/socat/socat_1.8.0.3.bb | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > > index ee6ca1fe44..964af9d124 100644 > > --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > > +++ b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb > > @@ -5,9 +5,10 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" > > > > SECTION = "console/network" > > > > -LICENSE = "GPL-2.0-with-OpenSSL-exception" > > +LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" > > I don't think & here is really correct. If we were doing this in > accordance with SPDX guidelines, it would be something like > "GPL-2.0-only WITH OpenSSL-exception" or similar, but we don't > (currently) support the WITH operator, or dsitinct license exceptions > in general. However, our "GPL-2.0-with-OpenSSL-exception" is not just > the exception (as scancode claims), but it is the complete license > text; it also isn't a SPDX license identifier. I'm not sure why > scancode is identifying as just the exception instead of the full > license with the exception, I'm pretty sure that's the problem here, > and adding in the GPL-2.0-only is not correct. > > > LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 > \ > > - > file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" > > + > file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f > \ > > + > file://COPYING.OpenSSL;md5=5c9bccc77f67a8328ef4ebaf468116f4" > > > > SRC_URI = " > http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ > > file://0001-fix-compile-procan.c-failed.patch \ > > -- > > 2.34.1 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#226007): > https://lists.openembedded.org/g/openembedded-core/message/226007 > > Mute This Topic: https://lists.openembedded.org/mt/116166040/3616693 > > Group Owner: openembedded-core+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > JPEWhacker@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
On Thu, Nov 13, 2025 at 5:17 AM Naman Jain <nmjain23@gmail.com> wrote: > Hello, > I understand your point that `GPL-2.0-with-OpenSSL-exception` is generally > treated as a complete combined license, and that Yocto doesn’t yet support > the SPDX `WITH` operator. However, I’d like to highlight a similar > precedent in `cryptsetup`, where the license field is defined as: > > LICENSE = "LGPL-2.1-or-later & GPL-2.0-or-later & > GPL-2.0-with-OpenSSL-exception" > That was discussed @KhemRaj before being merged I have attached the > conversation for the reference, and was accepted to reflect that the > codebase includes both plain GPL components and parts linking against > OpenSSL (covered by the exception variant). > In our case, we are in a similar situation where both plain GPL-2.0 code > and OpenSSL-linked code coexist. Therefore, expressing it as: > > LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" > > more accurately represents the license structure present in the source, > even if `GPL-2.0-with-OpenSSL-exception` is itself a combined identifier. > > Looping in Khem Raj here (added in CC) for his thoughts as well. > I gave a similar response to Joshua's, I think we want to be fill in the SPDX gap until then I don't think we need to change the current semantics. > > On Tue, 11 Nov, 2025, 12:48 am Joshua Watt, <jpewhacker@gmail.com> wrote: > >> On Thu, Nov 6, 2025 at 9:09 PM Naman Jain via lists.openembedded.org >> <nmjain23=gmail.com@lists.openembedded.org> wrote: >> > >> > The below reference clearly states that GPL-2.0-with-OpenSSL-exception >> > is to be used with GPL 2.0 or GPL3.0 and not as a standalone license. >> > Therefore, update the correct license. >> > >> > Reference: >> > >> https://github.com/aboutcode-org/scancode-licensedb/blob/569d72e13e7c8d14a44380f91e80c5a2d4091f8f/docs/openssl-exception-gpl-2.0.yml#L7 >> > >> > Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> >> > Signed-off-by: Naman Jain <namanj1@kpit.com> >> > --- >> > meta/recipes-connectivity/socat/socat_1.8.0.3.bb | 5 +++-- >> > 1 file changed, 3 insertions(+), 2 deletions(-) >> > >> > diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb >> b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb >> > index ee6ca1fe44..964af9d124 100644 >> > --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb >> > +++ b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb >> > @@ -5,9 +5,10 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" >> > >> > SECTION = "console/network" >> > >> > -LICENSE = "GPL-2.0-with-OpenSSL-exception" >> > +LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" >> >> I don't think & here is really correct. If we were doing this in >> accordance with SPDX guidelines, it would be something like >> "GPL-2.0-only WITH OpenSSL-exception" or similar, but we don't >> (currently) support the WITH operator, or dsitinct license exceptions >> in general. However, our "GPL-2.0-with-OpenSSL-exception" is not just >> the exception (as scancode claims), but it is the complete license >> text; it also isn't a SPDX license identifier. I'm not sure why >> scancode is identifying as just the exception instead of the full >> license with the exception, I'm pretty sure that's the problem here, >> and adding in the GPL-2.0-only is not correct. >> >> > LIC_FILES_CHKSUM = >> "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ >> > - >> file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" >> > + >> file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f >> \ >> > + >> file://COPYING.OpenSSL;md5=5c9bccc77f67a8328ef4ebaf468116f4" >> > >> > SRC_URI = " >> http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ >> > file://0001-fix-compile-procan.c-failed.patch \ >> > -- >> > 2.34.1 >> > >> > >> > -=-=-=-=-=-=-=-=-=-=-=- >> > Links: You receive all messages sent to this group. >> > View/Reply Online (#226007): >> https://lists.openembedded.org/g/openembedded-core/message/226007 >> > Mute This Topic: https://lists.openembedded.org/mt/116166040/3616693 >> > Group Owner: openembedded-core+owner@lists.openembedded.org >> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ >> JPEWhacker@gmail.com] >> > -=-=-=-=-=-=-=-=-=-=-=- >> > >> >
diff --git a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb index ee6ca1fe44..964af9d124 100644 --- a/meta/recipes-connectivity/socat/socat_1.8.0.3.bb +++ b/meta/recipes-connectivity/socat/socat_1.8.0.3.bb @@ -5,9 +5,10 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/" SECTION = "console/network" -LICENSE = "GPL-2.0-with-OpenSSL-exception" +LICENSE = "GPL-2.0-only & GPL-2.0-with-OpenSSL-exception" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f" + file://README;beginline=248;endline=278;md5=338c05eadd013872abb1d6e198e10a3f \ + file://COPYING.OpenSSL;md5=5c9bccc77f67a8328ef4ebaf468116f4" SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \ file://0001-fix-compile-procan.c-failed.patch \