Closed Bug 1007195 Opened 6 years ago Closed 6 years ago

Change licensing on mozilla::pkix to dual Apache 2/MPL 2


(Core :: Security: PSM, defect)

Not set





(Reporter: gerv, Assigned: gerv)



(1 file)

As agreed (see email).

We need permission from everyone who is not an employee who has checked into the code. Aside from Brian (who has agreed) this may well be no-one, but I will check.

I believe the code in question is all that in security/pkix and security/certverifier which is currently under the Apache License 2.0, but people should chime in if I'm wrong about that.

We should also take the opportunity to make the copyright lines in the Apache License 2.0 more generally accurate, e.g.:

Copyright (C) 2013 Mozilla Contributors

Gerv, should that be 2013 or 2014? Also, which license block should go first?
Flags: needinfo?(gerv)
Doesn't matter which is first, but let's be consistent. I'll do a patch with the right boilerplate; it may need an explanatory line as well. Copyright year can be 2014 (the above was just an example). If you are checking in new files right now, use the existing arrangements.

Flags: needinfo?(gerv)
Can someone confirm I'm correct that "security/pkix" and "security/certverifier" are the directories which need the license headers changing?

(In reply to Gervase Markham [:gerv] from comment #3)
> Can someone confirm I'm correct that "security/pkix" and
> "security/certverifier" are the directories which need the license headers
> changing?

At least those were the directories that were mentioned in the call for review:
Yes, those are the directory trees in question. As an fyi, some of the files there are only MPL2 (in some cases they came from security/manager/ssl/src).
Hi Gerv,

What does this mean in practice (from

Code could not be copied from the rest of NSS into mozilla::pkix without seeking permission from the author(s) of the copied code.

For example, if the NSS header just says "NSS contributors", then then whom are we supposed to seek permission from?

FTR, other people who have contributed in those directories are keeler, cviecco, sarenz, and me.

Thank you,
Never mind, I see that this problem exists with or without dual licensing.
Attached patch Patch v.1Splinter Review
There do indeed appear to be no other non-employees who have contributed to this code.

This patch changes the licensing on everything that was Apache-only to dual Apache 2/MPL 2, and leaves everything that was MPL-only alone. If some of the MPL-only stuff is new in mozilla::pkix and also needs changing, let me know.

Attachment #8420137 - Flags: review?(brian)
Comment on attachment 8420137 [details] [diff] [review]
Patch v.1

Review of attachment 8420137 [details] [diff] [review]:

LGTM. I'm not going to nitpick the wording because I assume Gerv knows more than me about what to say.

Gerv, I appreciate your constructive approach in resolving this issue by actually telling me about the GPLv2/APL compatibility issue. Thanks!
Attachment #8420137 - Flags: review?(brian) → review+
Pushed to mozilla-inbound:

Please use this expanded licensing header on any newly-written files in mozilla::pkix or any which just start with content from existing files with this header. If you copy code in from other parts of the Mozilla codebase, consult the licensing team to find out the best approach.

Closed: 6 years ago
Resolution: --- → FIXED
Gerv, thank you very much!
(In reply to Gervase Markham [:gerv] from comment #10)
> Pushed to mozilla-inbound:

In the future, please hold off on resolving the bug until it lands on m-c :)
Target Milestone: --- → mozilla32
You need to log in before you can comment on or make changes to this bug.