Closed Bug 716563 Opened 10 years ago Closed 10 years ago

MPL 2 upgrade: NSS


(NSS :: Libraries, defect, P2)



(Not tracked)



(Reporter: gerv, Assigned: gerv)




(4 files, 1 obsolete file)

This bug tracks the MPL 2 upgrade for the project named in the subject line.
The repo is in Mozilla CVS:

Attached file COPYING file for NSS v.1 (obsolete) —
I spoke with Bob Relyea on the phone about this, and he said that he would like me to write a COPYING file for NSS which made the position clear on GPL and LGPL compatibility. 

Bob: is this clear enough?

Attachment #589517 - Flags: review?(rrelyea)
...and here's one with more linebreaks.

Attachment #589517 - Attachment is obsolete: true
Attachment #589517 - Flags: review?(rrelyea)
Attachment #589518 - Flags: review?(rrelyea)
Comment on attachment 589518 [details]
COPYING file for NSS v.2

r+ rrelyea
Thank you Gerv.

Attachment #589518 - Flags: review?(rrelyea) → review+
Comment on attachment 589518 [details]
COPYING file for NSS v.2

>NSS is available under the Mozilla Public License, version 2, a copy of which is below.

It seems that this line should also be folded.

Thank you, Gerv.
Attached patch Patch v.1Splinter Review
Here's a first cut at a patch. It doesn't include the COPYING file; let's do that as a separate checkin. Please let me know if it's OK.

Attachment #601968 - Flags: review?(rrelyea)
Before I r+ plus this, I have a question...

Are we really wanting to remove the copyright statements along with the license change?
Can we remove the copyright statements for those parts of the code that weren't initial developer Netscape?
Did we really want to remove the Contributer section.

The rest looks fine to me.

Bob: internationally-agreed copyright law gives people a copyright whether or not there's a statement. Also, the Initial Developer and Contributor sections of the MPL 1.1 boilerplate were never, in practice, a complete or accurate list of copyright holders anyway. That's why such sections are not part of the MPL 2 boilerplate - they aren't useful, are a pain to maintain, and cause arguments.

Some people regarded these sections as a form of credit-giving, even though that was not their original intent. We are suggesting that if Mozilla subprojects want a credit mechanism other than about:credits (which is the project-wide mechanism for crediting Mozilla contributors) then they add an AUTHORS file to the top-level directory of their software distribution.

So both of the changes you note are intentional.

Comment on attachment 601968 [details] [diff] [review]
Patch v.1

r+ OK, that's Gerv.

r+, though I'm pretty sure this is just a subset of the changes you need to make:).

Attachment #601968 - Flags: review?(rrelyea) → review+

Heads up, the license on NSS is changing from MPL 1.1/GPL 2.0+/LGPL 2.0+ to MPL 2.0. You'll need to make a fedora anouncement when you land the changed version for NSS. It shouldn't have a real impact MPL 2.0 is downstream convertible to GPL and completely compatible with the previous uses of the tri-license.

Gerv, the GPL versions had an explicit (or greater). Should the MPL 2.0 have that, or is that built into the MPL itself.


The next NSPR release (4.9.1) will also use MPL 2.
Bob: it's built into the text of MPL 2 itself (section 1.12).

OK, I think I've correctly checked this in to NSS trunk in CVS, along with the COPYING file. :-)

Closed: 10 years ago
Resolution: --- → FIXED
Component: Licensing → Libraries
Priority: -- → P2
Product: → NSS
Target Milestone: --- → 3.13.4
Version: other → unspecified
Gerv: your patch v.1 missed all the files under
mozilla/security/nss/lib, which is probably the most important
subdirectory of NSS :-)

I don't know if it missed any other files.
Resolution: FIXED → ---
wtc: you are quite right; I had my relicensing script configured for a different product. I will attach an updated patch. I think that the "lib" directory is all that was missed.

Attached patch Patch 2 v.1Splinter Review
Patch for files missed first time.

Attachment #610103 - Flags: review?(rrelyea)
Comment on attachment 610103 [details] [diff] [review]
Patch 2 v.1


Please also relicense these directories.
- mozilla/dbm: Berkeley DB 1.85, used by NSS
- mozilla/security/coreconf: build system
- mozilla/security/dbm: makefiles for mozilla/dbm
- mozilla/security/jss: JSS

Please relicense at least the first three because
they are an integral part of NSS.

The complete list is at

Actually, we also have mozilla/security/python
and mozilla/security/svrcore:

(Please ignore mozilla/security/manager in CVS.)

Target Milestone: 3.13.4 → 3.13.5
Comment on attachment 610103 [details] [diff] [review]
Patch 2 v.1

r+ rrelyea
Attachment #610103 - Flags: review?(rrelyea) → review+
I checked in patch 2 on Bob's review. I will do a patch 3 for the directories listed in wtc's comment #16.

Attached patch Patch v.3Splinter Review
Here's an attempt to get all the additional directories wtc requested.

Attachment #618270 - Flags: review?(rrelyea)
Comment on attachment 618270 [details] [diff] [review]
Patch v.3

r+ rrelyea
Attachment #618270 - Flags: review?(rrelyea) → review+
OK, checked in. Let me know if there's still stuff I've missed :-)

When e.g. mozilla-central pulls a new copy of NSS, does it take all the files I've touched, including e.g. dbm? If so, no problem. If not, we will need to encourage them to do so at the time of next sync.

Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Gerv: yes, when mozilla-central pulls a new copy of NSS, any NSS file used by
Mozilla, including dbm, is included.
Target Milestone: 3.13.5 → 3.14
Gerv: a small number of files in NSS still have the MPL/GPL/LGPL tri-license
headers.  Did you intend to skip them?  If not, I can update those files.
Gerv: I forgot to provide the names of those files.  Here they are.

$ find mozilla -name "*" | xargs grep "MPL 1.1"
mozilla/security/nss/lib/freebl/ecl/README:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/lib/freebl/mpi/doc/LICENSE-MPL:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/lib/freebl/mpi/README:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/lib/freebl/mpi/tests/LICENSE-MPL:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/lib/freebl/mpi/utils/LICENSE-MPL:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/lib/freebl/mpi/utils/README:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/pkg/solaris/common_files/copyright:Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/tests/chains/scenarios/scenarios:# Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/tests/iopr/server_scr/config:# Version: MPL 1.1/GPL 2.0/LGPL 2.1
mozilla/security/nss/tests/libpkix/sample_apps/README:# Version: MPL 1.1/GPL 2.0/LGPL 2.1
No, no files were intentionally skipped. Those files were missed out because the script could not automatically determine the correct comment character from the extension (often because the file didn't have an extension). Please feel free to fix them. Many thanks :-)

You need to log in before you can comment on or make changes to this bug.