Closed Bug 1375292 Opened 2 years ago Closed 2 years ago

stylo: Ensure that about:license includes licenses for third-party rust crates vendored for Servo

Categories

(Firefox :: General, defect, P2)

defect

Tracking

()

RESOLVED FIXED
Firefox 57
Tracking Status
firefox-esr52 --- unaffected
firefox55 --- wontfix
firefox56 --- wontfix
firefox57 --- fixed

People

(Reporter: cpeterson, Assigned: cpeterson)

References

Details

Attachments

(2 files, 40 obsolete files)

59 bytes, text/x-review-board-request
gerv
: review+
Details
2.55 KB, text/plain
Details
Gerv, most of Servo's third-party libraries' licenses are already listed in Firefox's about:license page, but I have some questions and possible omissions:

* MIT: about:license lists MIT, but calls it "MIT license — microformat-shiv" and says the license applies to "some files in the directory toolkit/components/microformats". Do we need a standalone entry for generic MIT license?

* APLv2/MIT dual-license: about:license has entries for APLv2 and MIT, but some rust libraries are dual-licensed APLv2/MIT. Do we need a separate entry for APLv2/MIT dual-license?

* ISC: about:license lists ISC (Internet Systems Consortium), but has a comment that "This license applies to the files nsprpub/pr/src/misc/praton.c and media/mtransport/third_party/nrappkit/src/util/util.c." Do we need to remove or expand that comment now that ISC will apply to additional files? The comment does not say the ISC license only applies to those files...

* BSD: about:license includes "Google BSD License", but does not mention BSD-2-Clause, BSD-3-Clause, or BSD-3-Clause/MIT dual-license.

* Unlicense/MIT dual-license (http://unlicense.org/)

* CC0-1.0: about:license mentions CC0 as part of the Lodash license, but does not have a standalone entry for CC0-1.0.

* FreeType License (FTL): about:license mentions that some code is "copyright ©1996-2012 The FreeType Project", but does not have an entry for FreeType license.
Flags: needinfo?(gerv)
Summary: Ensure that about:license includes licenses for third-party rust crates vendored for Servo → stylo: Ensure that about:license includes licenses for third-party rust crates vendored for Servo
(In reply to Chris Peterson [:cpeterson] from comment #1)
> * MIT: about:license lists MIT, but calls it "MIT license —
> microformat-shiv" and says the license applies to "some files in the
> directory toolkit/components/microformats". Do we need a standalone entry
> for generic MIT license?

Sadly there is not such a thing as a "generic MIT license" because the MIT license contains a copyright line (which is different for each bit of software) and requires that the whole license be reproduced. So we need a new entry for each unique MIT license.

> * APLv2/MIT dual-license: about:license has entries for APLv2 and MIT, but
> some rust libraries are dual-licensed APLv2/MIT. Do we need a separate entry
> for APLv2/MIT dual-license?

No. We can use those libraries under the APL, and that is already present.

> * ISC: about:license lists ISC (Internet Systems Consortium), but has a
> comment that "This license applies to the files nsprpub/pr/src/misc/praton.c
> and media/mtransport/third_party/nrappkit/src/util/util.c." Do we need to
> remove or expand that comment now that ISC will apply to additional files?
> The comment does not say the ISC license only applies to those files...

For accuracy of documentation, please expand the comment to give details of the new files to which this licence applies. Note that you can give a directory name as well as a set of filenames; see other examples elsewhere in about:license.

> * BSD: about:license includes "Google BSD License", but does not mention
> BSD-2-Clause, BSD-3-Clause, or BSD-3-Clause/MIT dual-license.

Again, these are generic license names; about:licence contains copies of concrete license texts. Which texts need to be included?

> * Unlicense/MIT dual-license (http://unlicense.org/)

We can use this under MIT; we'd need to include a copy of the MIT option.

> * CC0-1.0: about:license mentions CC0 as part of the Lodash license, but
> does not have a standalone entry for CC0-1.0.

CC0 is a PD dedication and as such we are not required to document that we are using code under it. We may want to add the details to the credit list at the bottom under Optional Notices.

> * FreeType License (FTL): about:license mentions that some code is
> "copyright ©1996-2012 The FreeType Project", but does not have an entry for
> FreeType license.

It may be that the reason it's not there is that it's not necessary. Please point me at the license text concerned.

Gerv
Flags: needinfo?(gerv)
> (review requests lack reviewers; visit review url to assign reviewers)

Gerv, MozReview doesn't seem to recognize "gerv" as a MozReview reviewer name. Is there another way I should send you review requests for changes to about:license?


(In reply to Gervase Markham [:gerv] from comment #2)
> > * FreeType License (FTL): about:license mentions that some code is
> > "copyright ©1996-2012 The FreeType Project", but does not have an entry for
> > FreeType license.
> 
> It may be that the reason it's not there is that it's not necessary. Please
> point me at the license text concerned.

It looks like Servo doesn't include FreeType code, but instead an APL2/MIT-licensed library called "freetype" that is just a Rust wrapper for the FreeType C library's API.
Flags: needinfo?(gerv)
Hi Chris,

I've reviewed stuff in MozReview before; are you sure you didn't mis-spell it "grev", as you seem to have done in at least a couple of the above?

This is rather a deluge of patches, and I'm supposed to be on holiday. Any chance you could make it one big patch?

Are we totally certain Firefox is going to be shipping _all_ this code?

Gerv
Flags: needinfo?(gerv)
I've categorized dependencies on which component uses them.

The Stylo/WR/mp4parse categorization is inexact; I have listed dependencies under one category but they may be used by multiple Rust projects in tree.


There are a lot of dependencies that are only dependencies of bindgen (a build time tool) or geckodriver. I believe geckodriver is only for testing and not shipped; especially since it doesn't participate in the regular Rust build system stuff.

These dependencies probably don't need their licenses put up. But it's worth double checking to ensure we're not shipping any of these before proceeding.
(In reply to Gervase Markham [:gerv] from comment #45)
> I've reviewed stuff in MozReview before; are you sure you didn't mis-spell
> it "grev", as you seem to have done in at least a couple of the above?

oops! My apologies. :)

> This is rather a deluge of patches, and I'm supposed to be on holiday. Any
> chance you could make it one big patch?

Certainly. I will roll them into one big patch.

> Are we totally certain Firefox is going to be shipping _all_ this code?

In my big patch, I remove the licenses for the code that Manish has identified as build tools that we don't ship in Firefox.
> There are a lot of dependencies that are only dependencies of bindgen (a
> build time tool)

Gerv, bindgen is a build tool that generates Rust source code (which is then compiled to object code by the rustc compiler). Would the generated Rust code be affected by the license of the code generator?
Flags: needinfo?(gerv)
Attachment #8889175 - Attachment is obsolete: true
Attachment #8889175 - Flags: review?(gerv)
Attachment #8889176 - Attachment is obsolete: true
Attachment #8889176 - Flags: review?(gerv)
Attachment #8889177 - Attachment is obsolete: true
Attachment #8889177 - Flags: review?(gerv)
Attachment #8889178 - Attachment is obsolete: true
Attachment #8889178 - Flags: review?(gerv)
Attachment #8889179 - Attachment is obsolete: true
Attachment #8889180 - Attachment is obsolete: true
Attachment #8889181 - Attachment is obsolete: true
Attachment #8889181 - Flags: review?(gerv)
Attachment #8889182 - Attachment is obsolete: true
Attachment #8889182 - Flags: review?(gerv)
Attachment #8889183 - Attachment is obsolete: true
Attachment #8889183 - Flags: review?(gerv)
Attachment #8889184 - Attachment is obsolete: true
Attachment #8889184 - Flags: review?(gerv)
Attachment #8889185 - Attachment is obsolete: true
Attachment #8889185 - Flags: review?(gerv)
Attachment #8889186 - Attachment is obsolete: true
Attachment #8889186 - Flags: review?(gerv)
Attachment #8889187 - Attachment is obsolete: true
Attachment #8889187 - Flags: review?(gerv)
Attachment #8889188 - Attachment is obsolete: true
Attachment #8889188 - Flags: review?(gerv)
Attachment #8889189 - Attachment is obsolete: true
Attachment #8889189 - Flags: review?(gerv)
Attachment #8889190 - Attachment is obsolete: true
Attachment #8889190 - Flags: review?(gerv)
Attachment #8889191 - Attachment is obsolete: true
Attachment #8889191 - Flags: review?(gerv)
Attachment #8889192 - Attachment is obsolete: true
Attachment #8889192 - Flags: review?(gerv)
Attachment #8889193 - Attachment is obsolete: true
Attachment #8889193 - Flags: review?(gerv)
Attachment #8889194 - Attachment is obsolete: true
Attachment #8889194 - Flags: review?(gerv)
Attachment #8889195 - Attachment is obsolete: true
Attachment #8889195 - Flags: review?(gerv)
Attachment #8889196 - Attachment is obsolete: true
Attachment #8889196 - Flags: review?(gerv)
Attachment #8889197 - Attachment is obsolete: true
Attachment #8889197 - Flags: review?(gerv)
Attachment #8889198 - Attachment is obsolete: true
Attachment #8889198 - Flags: review?(gerv)
Attachment #8889199 - Attachment is obsolete: true
Attachment #8889199 - Flags: review?(gerv)
Attachment #8889200 - Attachment is obsolete: true
Attachment #8889200 - Flags: review?(gerv)
Attachment #8889201 - Attachment is obsolete: true
Attachment #8889201 - Flags: review?(gerv)
Attachment #8889202 - Attachment is obsolete: true
Attachment #8889202 - Flags: review?(gerv)
Attachment #8889203 - Attachment is obsolete: true
Attachment #8889203 - Flags: review?(gerv)
Attachment #8889204 - Attachment is obsolete: true
Attachment #8889204 - Flags: review?(gerv)
Attachment #8889205 - Attachment is obsolete: true
Attachment #8889205 - Flags: review?(gerv)
Attachment #8889206 - Attachment is obsolete: true
Attachment #8889206 - Flags: review?(gerv)
Attachment #8889207 - Attachment is obsolete: true
Attachment #8889207 - Flags: review?(gerv)
Attachment #8889208 - Attachment is obsolete: true
Attachment #8889208 - Flags: review?(gerv)
Attachment #8889209 - Attachment is obsolete: true
Attachment #8889209 - Flags: review?(gerv)
Attachment #8889210 - Attachment is obsolete: true
Attachment #8889210 - Flags: review?(gerv)
Attachment #8889211 - Attachment is obsolete: true
Attachment #8889211 - Flags: review?(gerv)
Attachment #8889212 - Attachment is obsolete: true
Attachment #8889212 - Flags: review?(gerv)
Attachment #8889213 - Attachment is obsolete: true
Attachment #8889213 - Flags: review?(gerv)
Attachment #8889214 - Attachment is obsolete: true
Attachment #8889214 - Flags: review?(gerv)
I replaced the 40 separate patches with one patch that only includes the licenses for the Servo library dependencies we actually ship in Firefox. For example, I confirmed with jgraham that we do not ship geckodriver code in Firefox.
(In reply to Chris Peterson [:cpeterson] from comment #48)
> > There are a lot of dependencies that are only dependencies of bindgen (a
> > build time tool)
> 
> Gerv, bindgen is a build tool that generates Rust source code (which is then
> compiled to object code by the rustc compiler). Would the generated Rust
> code be affected by the license of the code generator?

Generally, yes - if a piece of software copies part of itself into its output, then the license of the software affects the license of the output. That's why GNU Bison has a license exception:
https://spdx.org/licenses/GPL-2.0-with-bison-exception.html

What is the license of bindgen?

Can you r? me on the new about:license patch?

Gerv
Flags: needinfo?(gerv)
Bindgen is BSD 3-clause. It has many dependencies of varying licenses, however. I'm not sure how many of these dependencies actually deal with output. For example, a lot of the dependencies are pulled in via `clap` and `term`, which just deal with the command line argument parsing and output for bindgen.
(In reply to Gervase Markham [:gerv] from comment #51)
> Can you r? me on the new about:license patch?

You should already be flagged for r? in both MozReview and this bug's attachment.

https://reviewboard.mozilla.org/r/160164/
The rust-bindgen developers say they are willing to relicense, if that makes things easier. However, rust-bindgen's code was originally forked from a different BSD 3-Clause licensed project (called "crabtw") written by a different developer. It seems like just including rust-bindgen's copyright notice (and the copyright notices for rust-bindgen's dependencies) will be easier then attempting to relicense everything.
Priority: P1 → --
Priority: -- → P2
Assuming you want rust-bindgen to be able to be used by everyone in the Rust ecosystem, including those writing proprietary code, with minimal hassle, then the best solution is to give any code which rust-bindgen can copy into its output a very liberal license (CC-0 or similar) with no documentation requirements. That would require identifying what code that was, getting permission from the authors to change the license, and then putting in place some processes to make sure that any such code which was added was also so licensed.

If this seems impractical, we can look at other solutions which are marginally less convenient for rust-bindgen users. But any license with a notification requirement (even BSD or MIT, which require you to send a copy of the license along with the code) means that everyone who uses rust-bindgen needs to be made aware of that, which is a pain from both a UX and code use perspective.

Let me know if I can help more.

Gerv
Gerv, my review request to add the Rust library licenses to about:license is still waiting for your r+. Is there any other information you need first?

I will need to post a follow-up patch for any relevant licenses for rust-bindgen's output.
Flags: needinfo?(gerv)
Comment on attachment 8889174 [details]
Bug 1375292 - Add licenses for Servo's third-party libraries to about:licenses.

https://reviewboard.mozilla.org/r/160166/#review174918
Attachment #8889174 - Flags: review?(gerv) → review+
Thanks!
Flags: needinfo?(gerv)
Pushed by cpeterson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6964b52cb7f2
Add licenses for Servo's third-party libraries to about:licenses. r=gerv
https://hg.mozilla.org/mozilla-central/rev/6964b52cb7f2
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 57
Too late for 56. Mark 56 won't fix.
You need to log in before you can comment on or make changes to this bug.