Re: [PATCH] usb: raw-gadget: upgrade license identifier

Re: [PATCH] usb: raw-gadget: upgrade license identifier

[Andrey Konovalov]

On Sun, Dec 26, 2021 at 3:02 PM Joe Perches <joe@perches.com> wrote:
>
> On Sun, 2021-12-26 at 14:19 +0100, Andrey Konovalov wrote:
> > I wonder if checkpatch could alert about considering GPL-2.0+ when
> > adding new files.
>
> No. Licensing is up to the author/submitter.

You're right. However, knowingly choosing a license requires that the
author doesn't forget to look into the difference and understand it.

When I contributed this code, I didn't realize that GPL-2.0 and
GPL-2.0+ are different things. I was focused on the excitement of
contributing a new USB gadget driver.

What would have allowed my to not overlook this, is that if throughout
the _process_ of contributing a new module, something would _ask_ me:
"Is this really the license you want to use?".

Within my process of submitting kernel patches, that could have been
either checkpatch or an email bot.

I don't insist that this must be done by checkpatch; this could be
done by another entity. However, it would be nice to see this as an
explicit step of a standardized contribution process.

Thanks!

Re: [PATCH] usb: raw-gadget: upgrade license identifier

[Greg Kroah-Hartman]

On Sun, Dec 26, 2021 at 03:50:43PM +0100, Andrey Konovalov wrote:
> On Sun, Dec 26, 2021 at 3:02 PM Joe Perches <joe@perches.com> wrote:
> >
> > On Sun, 2021-12-26 at 14:19 +0100, Andrey Konovalov wrote:
> > > I wonder if checkpatch could alert about considering GPL-2.0+ when
> > > adding new files.
> >
> > No. Licensing is up to the author/submitter.
> 
> You're right. However, knowingly choosing a license requires that the
> author doesn't forget to look into the difference and understand it.
> 
> When I contributed this code, I didn't realize that GPL-2.0 and
> GPL-2.0+ are different things. I was focused on the excitement of
> contributing a new USB gadget driver.
> 
> What would have allowed my to not overlook this, is that if throughout
> the _process_ of contributing a new module, something would _ask_ me:
> "Is this really the license you want to use?".

I normally try to do that when I see GPL-2.0+, sorry I didn't do that
this time.

But really, your open-source training at your employer should have
covered all of that.  If not, then something went wrong there :(

thanks,

greg k-h

Re: [PATCH] usb: raw-gadget: upgrade license identifier

[Andrey Konovalov]

On Sun, Dec 26, 2021 at 4:18 PM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> On Sun, Dec 26, 2021 at 03:50:43PM +0100, Andrey Konovalov wrote:
> > On Sun, Dec 26, 2021 at 3:02 PM Joe Perches <joe@perches.com> wrote:
> > >
> > > On Sun, 2021-12-26 at 14:19 +0100, Andrey Konovalov wrote:
> > > > I wonder if checkpatch could alert about considering GPL-2.0+ when
> > > > adding new files.
> > >
> > > No. Licensing is up to the author/submitter.
> >
> > You're right. However, knowingly choosing a license requires that the
> > author doesn't forget to look into the difference and understand it.
> >
> > When I contributed this code, I didn't realize that GPL-2.0 and
> > GPL-2.0+ are different things. I was focused on the excitement of
> > contributing a new USB gadget driver.
> >
> > What would have allowed my to not overlook this, is that if throughout
> > the _process_ of contributing a new module, something would _ask_ me:
> > "Is this really the license you want to use?".
>
> I normally try to do that when I see GPL-2.0+, sorry I didn't do that
> this time.

Do you mean GPL-2.0+ or GPL-2.0? The code wasn't under GPL-2.0+, so
you would not have said anything, AFAIU.

Anyway, no worries. The only reason I sent the SPDX change was because
of noticing that the tag doesn't match most of the other drivers.

> But really, your open-source training at your employer should have
> covered all of that.  If not, then something went wrong there :(

This is a weird statement for the general case.

Employers' processes exist to cover their legal bases. They have
nothing to do with the processes to guide Linux kernel contributors.

Legally, you're right: contributing requires accepting the rules under
which the contribution happens. Which means that contributors need to
read and understand all of the licensing documents before sending
patches. And it's on them, if they forget to do this or make a
mistake.

This is, however, poor from a contributor experience perspective.
Especially for independent contributors, who don't have a legal team
approving each of their actions.

Re: [PATCH] usb: raw-gadget: upgrade license identifier

[Greg Kroah-Hartman]

On Sun, Dec 26, 2021 at 04:46:04PM +0100, Andrey Konovalov wrote:
> On Sun, Dec 26, 2021 at 4:18 PM Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> >
> > On Sun, Dec 26, 2021 at 03:50:43PM +0100, Andrey Konovalov wrote:
> > > On Sun, Dec 26, 2021 at 3:02 PM Joe Perches <joe@perches.com> wrote:
> > > >
> > > > On Sun, 2021-12-26 at 14:19 +0100, Andrey Konovalov wrote:
> > > > > I wonder if checkpatch could alert about considering GPL-2.0+ when
> > > > > adding new files.
> > > >
> > > > No. Licensing is up to the author/submitter.
> > >
> > > You're right. However, knowingly choosing a license requires that the
> > > author doesn't forget to look into the difference and understand it.
> > >
> > > When I contributed this code, I didn't realize that GPL-2.0 and
> > > GPL-2.0+ are different things. I was focused on the excitement of
> > > contributing a new USB gadget driver.
> > >
> > > What would have allowed my to not overlook this, is that if throughout
> > > the _process_ of contributing a new module, something would _ask_ me:
> > > "Is this really the license you want to use?".
> >
> > I normally try to do that when I see GPL-2.0+, sorry I didn't do that
> > this time.
> 
> Do you mean GPL-2.0+ or GPL-2.0? The code wasn't under GPL-2.0+, so
> you would not have said anything, AFAIU.

Ah, right, good, I didn't mess up then :)

> > But really, your open-source training at your employer should have
> > covered all of that.  If not, then something went wrong there :(
> 
> This is a weird statement for the general case.
> 
> Employers' processes exist to cover their legal bases. They have
> nothing to do with the processes to guide Linux kernel contributors.

Employers _BETTER_ be giving their developers who contribute to open
source projects basic legal training in licenses, copyrights, and other
related things.  If not they are very derelict in their duties.  I had
my first such training way back in 2001 or so, this is something that
most companies have been doing for decades and is nothing new.  Every
company I have worked at since has always had something like this in
place.

I would argue that any company that did NOT do this is not covering
their legal bases well at all, and that's a huge failure on their part.

Heck, the Linux Foundation even provides free training material for this
type of thing, online, if companies don't want to do it themselves.  I
recommend everyone at least glancing at this if they have to do any open
source work:
	https://training.linuxfoundation.org/training/open-source-licensing-basics-for-software-developers/

> Legally, you're right: contributing requires accepting the rules under
> which the contribution happens. Which means that contributors need to
> read and understand all of the licensing documents before sending
> patches. And it's on them, if they forget to do this or make a
> mistake.

That's what you agree with with the "Signed-off-by:" line that you added
to your patch.  You did read the Developer's Certificate of Origin (DCO)
that decribes this in our documentation, right?  The DCO is very simple
and should be easy to understand.

> This is, however, poor from a contributor experience perspective.
> Especially for independent contributors, who don't have a legal team
> approving each of their actions.

See the free course information above for what is there for independent
contributors if they are interested in it.

thanks,

greg k-h