From kde-community Fri Sep 17 15:41:08 2021 From: Andreas Cord-Landwehr Date: Fri, 17 Sep 2021 15:41:08 +0000 To: kde-community Subject: Re: Extending the license policy to include Apache-2.0 Message-Id: <2347412.i13C7lJ47A () behemoth> X-MARC-Message: https://marc.info/?l=kde-community&m=163189326407889 On Freitag, 17. September 2021 07:42:05 CEST Thiago Macieira wrote: > On Thursday, 16 September 2021 10:58:55 PDT Andreas Cord-Landwehr wrote: > > Hi, now with the very recent release of openssl 3.0 [1], I think we have > > to > > eventually face the question what to do in this regard. But the not too > > small number of historic GPL-2.0-only files [2] yet is a problem. > > That's an orthogonal problem. To be clear: it is a problem for the GPL-2.0- > only code, but it's irrelevant as to whether we accept Apache-2.0 content in > KDE code. > > We already require at least GPLv3 and the v3 is compatible with Apache-2.0. > So we already have a solution and all compliant code has no problem with > OpenSSL 3.0. Hi, I both agree and disagree that this is orthogonal :) Yes, it is orthogonal because we discuss whether to include Apache 2 in our accepted license list. I fully see your point. Yet no, it is not orthogonal IMHO, because our license list strives for compatibility between the licenses in our code base. If we would say that the GPL-2.0-only files are legacy/policy violation/or just deprecated, then I find it hard to say that we disallow Apache 2 while allowing e.g. BSD-2-Clause. My main argument would be that Apache 2 is fully compatible with GPL-3.0 (at least in the regard when being integrated with GPL-3.0 code) and in my understanding it falls into the license policy section about "if it helps with compatibility". Cheers, Andreas