Page MenuHomePhabricator

Scap is lacking a license
Closed, ResolvedPublic

Description

Ori, Bryan, Mukunda, the rMSCA Scap repository is lacking a license for the code and the documentation. Would you mind filling the hole and pick one?

Please make sure to update the sphinx footer in docs/conf.py which currently has:

copyright = u'%s, Wikimedia Foundation & contributors' % date.today().year

Might want to add the license to it though sphinx might support a license field as well and or include the license file in the resulting build output.


Final Resolution: GPLv3 only

Revisions and Commits

Event Timeline

hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added subscribers: greg, Dzahn, Aklapper and 5 others.

It's a derivative of unlicensed code that was lifted from operations/puppet :(

I'd be glad to license my contributions under any OSI license with a preference for MIT or Apache2.

greg triaged this task as Low priority.Apr 8 2015, 10:29 PM
greg moved this task from To Triage to Backlog (Tech) on the Deployments board.

It's a derivative of unlicensed code that was lifted from operations/puppet :(
I'd be glad to license my contributions under any OSI license with a preference for MIT or Apache2.

Did anyone else contribute to this in operations/puppet?

Did anyone else contribute to this in operations/puppet?

Potentially a lot of people. scap is the deployment toolset we have been using for a decade or so and I am not sure we have the whole history of contributor. Ori and Bryan ported it to a different language (hence why it is a derivative).

Luckily, I am 100% sure all authors are OSS friendly and most probably we can still reach all of them.

Historically the scripts were solely on the cluster under /home/wikipedia/bin and /home/wikipedia/sbin. Potential authors would be anyone that had shell access.

The scripts have been imported in the puppet git repository October 2011 https://gerrit.wikimedia.org/r/#/c/559/ . The directory has been removed at least a couple times and contains scripts that have not been ported to the new scap. So it is a bit tedious to accurately track all authors.

Using the code history tool (git), you will find below the number of modifications (commit) by authors in between files renaming.

I slightly adjusted the names to take in account duplicate names.

$ git shortlog --no-merges -s -- files/misc/scripts/sync* files/misc/scripts/scap files/misc/scripts/mw-update-l10n
     3  Aaron Schulz
     3  Antoine Musso
     6  Roan Kattouw
     1  Chad Horohoe
     2  Mark Bergsma
     1  Ori Livneh
     6  Sam Reed
    10  Tim Starling
     3  Asher Feldman
     1  Daniel Zahn
$ git shortlog -s -- files/scap
    31  Aaron Schulz
     1  Alexandros Kosiaris
     1  Antoine Musso
     1  Daniel Zahn
     1  Marius Hoch
     1  Max Semenik
    17  Ori Livneh
    12  Reedy
    13  Tim Starling
     1  Asher Feldman
     1  Marc-André Pelletier

Breakdown for mediawiki/tools/scap:

$ git shortlog -s --no-merges 
    18  Antoine Musso
   118  Bryan Davis
     1  Chad Horohoe
     1  Filippo Giunchedi
     1  Giuseppe Lavagetto
     3  Kunal Mehta
     7  Mukunda Modell
    36  Ori Livneh
     4  Sam Reed
     1  Tim Starling
     3  Tyler Cipriani
     3  YuviPanda

Add to that Wikimedia Foundation Inc., since:

  • some of the authors are employees
  • I (at least) have a joint copyright agreement with the foundation

All the authors are reachable but Asher Feldman. He was an employee to the WMF as a database administrator. So I guess it is covered by WMF copyright and we don't need his formal approval (but I am not a lawyer).

greg edited projects, added scap2; removed Deployments.Feb 9 2016, 11:52 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptFeb 9 2016, 11:52 PM
Dzahn added a comment.Feb 10 2016, 1:05 AM
1  Daniel Zahn

I'm fine with that 1 line being GPLed, or what the top contributors pick :)

I don't know what the default policy is for such decisions. I don't think my permission is needed but I too am fine with GPL or MIT or really any free software license.

ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Apr 14 2016, 1:14 AM
mmodell edited projects, added Scap; removed scap2.Feb 10 2017, 6:22 PM
demon added a subscriber: demon.Feb 22 2017, 2:36 AM

Maybe we make a poll and add everyone to it?

demon renamed this task from mediawiki/tools/scap is lacking a license to Scap is lacking a license.Feb 22 2017, 2:36 AM
bd808 added a comment.Feb 22 2017, 4:37 AM

Maybe we make a poll and add everyone to it?

I'm fine with that, or we could just slap and Apache2 license on it and be done. :)

or we could just slap and Apache2 license on it and be done. :)

+1

Joe added a subscriber: Joe.Feb 22 2017, 6:58 AM

My preference for standalone tools is always the GPL v3, because there is no reason for people to use it in different contexts

But I'm ok with any choice between MIT, Apache2, and GPL.

@Legoktm wrote:

How exactly is this vote supposed to work? If I say my contributions are GPL v2 or later (my preferred license), but the majority pick something else, what's going to happen?

We circle back in an endless loop until 100% of authors having code worth a copyright agree on a license.

If you contributions have been done as an employee of the Wikimedia Foundation or under a contract with a joint copyright agreement, we would probably want legal or whoever has authority to sign off on behalf of the foundation. But I am not a lawyer.

Dzahn added a comment.Feb 22 2017, 4:57 PM

We circle back in an endless loop until 100% of authors having code worth a copyright agree on a license.

Let's list the authors first? We might be close to 100%, i mean how many authors does scap really have?

@Dzahn: I included the exact list in the poll but here it is from git log:

project  : scap
repo age : 3 years, 1 month
active   : 278 days
commits  : 522
files    : 106
authors  : 
  122	Bryan Davis         23.4%
  112	Tyler Cipriani      21.5%
   73	Chad Horohoe        14.0%
   53	Mukunda Modell      10.2%
   39	Dan Duvall          7.5%
   39	Ori Livneh          7.5%
   24	Antoine Musso       4.6%
   22	jenkins-bot         4.2%
    6	Reedy               1.1%
    4	BryanDavis          0.8%
    3	=                   0.6%
    3	Amir Sarabadani     0.6%
    3	Filippo Giunchedi   0.6%
    3	Kunal Mehta         0.6%
    3	YuviPanda           0.6%
    2	Giuseppe Lavagetto  0.4%
    2	Tim Starling        0.4%
    2	amir                0.4%
    1	Alex Monk           0.2%
    1	Hashar              0.2%
    1	Marko Obrovac       0.2%
    1	Paladox             0.2%
    1	Sam Reed            0.2%
    1	Sébastien Santoro   0.2%
    1	halfak              0.2%

A couple of them are dupes but that gives a fairly clear picture.

So if we can get everyone with > 1% of commits to agree on a license I think that would be conclusive?

Dzahn added a comment.Feb 22 2017, 6:15 PM

Alright, I wish we could say "ignore contributions under 10 lines" and then the remaining 7 human users agree on one.

btw those numbers are commits not lines of code.

@mmodell: Which of these contributions were made by Wikimedia Foundation staff as part of their work? We can help reach out to people to get their agreement if you need help.

nameloccommitsfilesdistribution (%)
Mukunda Modell3,207505425.4 / 10.5 / 54.0
Tyler Cipriani3,0371065224.1 / 22.2 / 52.0
Bryan Davis2,4351222819.3 / 25.6 / 28.0
Dan Duvall2,179394417.3 / 8.2 / 44.0
Chad Horohoe94070207.4 / 14.7 / 20.0
Amir Sarabadani3063162.4 / 0.6 / 16.0
Ori Livneh12239101.0 / 8.2 / 10.0
Hashar1101120.9 / 0.2 / 12.0
Kunal Mehta973130.8 / 0.6 / 13.0
amir61220.5 / 0.4 / 2.0
Giuseppe Lavagetto57220.5 / 0.4 / 2.0
Tim Starling32220.3 / 0.4 / 2.0
Filippo Giunchedi10330.1 / 0.6 / 3.0
Marko Obrovac9110.1 / 0.2 / 1.0
halfak7120.1 / 0.2 / 2.0
Sam Reed3120.0 / 0.2 / 2.0
Paladox2110.0 / 0.2 / 1.0
YuviPanda2310.0 / 0.6 / 1.0
Sébastien Santoro1110.0 / 0.2 / 1.0
BryanDavis1410.0 / 0.8 / 1.0
Alex Monk0100.0 / 0.2 / 0.0
jenkins-bot02200.0 / 4.6 / 0.0
greg added a comment.Feb 22 2017, 6:30 PM

@mmodell: Which of these contributions were made by Wikimedia Foundation staff as part of their work? We can help reach out to people to get their agreement if you need help.

the inverse is: Paladox, Sebastien, Alex Monk. Everyone else is/was staff when contributing to scap.

Slaporte added a comment.EditedFeb 22 2017, 6:36 PM

@mmodell: Which of these contributions were made by Wikimedia Foundation staff as part of their work? We can help reach out to people to get their agreement if you need help.

the inverse is: Paladox, Sebastien, Alex Monk. Everyone else is/was staff when contributing to scap.

Wikimedia staff agree to release their code under GPL or an OSI-approved license, so all of the poll options are valid except WTFPL. If we want to use Apache 2.0, please confirm with the external contributors that they agree (happy to help if you need).

WTFPL is only on the list because: humor.

mmodell updated the task description. (Show Details)Feb 22 2017, 8:51 PM

I vote for apache2.

hashar updated the task description. (Show Details)Feb 23 2017, 8:58 AM

From T94239#3045702

Historically the scripts were solely on the cluster under /home/wikipedia/bin and /home/wikipedia/sbin. Potential authors would be anyone that had shell access.

Thinking about it again, that were probably just the few people that had root access. Most probably just Tim and Brion. The current scap might be considered a derivative, but really that is a whole rewrite. So we are probably fine just taking in account the main authors of the rewrite.

All of them were employees of the WMF or under a joint copyright agreement (my case). So should be straightforward.

Copied from V14#173:

Why there's no 2-clause or 3-clause BSD options? Or CC series?

greg added a comment.Feb 23 2017, 7:52 PM

@Liuxinyu970226 A) this vote should only be voted on by those who have contributed code to scap 2) It was just a stawpoll to gauge what people were thinking. It was not exhaustive. Also, CC licenses are not appropriate for source code. https://creativecommons.org/faq/#can-i-apply-a-creative-commons-license-to-software

It looks to me like we can safely choose GPLv3 or Apache 2.0, or both. I will defer to WMF Legal for a final say on that.

@Slaporte: Given the poll results and @hashar's observation that all authors are/were WMF Employees & contractors, then there should be no problem with you choosing the license ;)

Can we dual license it Apache 2.0 / GPL v3?

I recommend the GPLv3. If you have a preference for Apache 2.0, please shoot me an email.

Thanks @Slaporte. It seems to me that we should go ahead an resolve this as GPLv3. Does anyone have any objection to that?

Hmm, those who didn't vote for GPLv3:
@hashar, @Halfak, @yuvipanda, @Dereckson

Still attached to apache 2.0? see ^

If @Slaporte's comment is a legal opinion and not just a personal preference, I'm OK with GPL.

Hmm, those who didn't vote for GPLv3:
@hashar, @Halfak, @yuvipanda, @Dereckson
Still attached to apache 2.0? see ^

I guess it is a matter of taste and how one defines free. I don't like GPLv3 nor do I quite understand all the legal implications of it. Apache 2 looks to me like a modern version of MIT/BSD and is overall less limiting in how one can use the software. So potentially more free :-} YMMV

Then:

  • I don't think I had much contributions in the shell script that predated the scap python rewrite (which has been mostly done by Bryan and Ori).
  • Looking at my patches, they are mostly trivial fixes and related to the build/test. So there is probably nothing worth a copyright.

Wikimedia legals seems to prefer GPLv3 for whatever reason, so lets head to that if that suits others. Don't make me a blocker :-]

Please also consider differences between GPLv3 only and GPLv3 or later. I'm not saying you should prefer one over the other but you should definitely make it clear in the code which one you've chosen. Thank you.

mmodell updated the task description. (Show Details)Feb 27 2017, 11:29 PM
mmodell updated the task description. (Show Details)
Dzahn removed a subscriber: Dzahn.Feb 28 2017, 12:27 AM
Ricordisamoa updated the task description. (Show Details)Feb 28 2017, 2:19 AM

@mmodell and co.: thank you for pushing this forward!