Add document describing the goals and plan of p4c software license tracking #5110
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,138 @@ | ||
| # Introduction | ||
|
There was a problem hiding this comment. I would not create a new folder for this, that seems like waste of space. Instead this should be part of docs. There was a problem hiding this comment. If we have any docs related to writing downstream backends, this might go near them, or at least be linked from them. I think putting it into There was a problem hiding this comment. In commit 12 I moved all of the new files into the |
||
|
|
||
| The P4 compiler `p4c` is a leading project of the P4 Consortium, and | ||
| used by several companies as the front end of P4 compilers for a | ||
| variety of hardware targets. Most of these companies develop | ||
| significant proprietary back end code, and the resulting binary | ||
| executables are released, with no copyleft obligation for those | ||
| companies to release their back end source code. | ||
|
|
||
| This is allowed, because the `p4c` front source files are licensed | ||
|
There was a problem hiding this comment. Did you mean "frontend source files" or did you mean "source code" or anything else? There was a problem hiding this comment. Would it be clearer to you if I replaced it with something like this? "because There was a problem hiding this comment. I went ahead and made that replacement in commit 7 of this PR. Feel free to suggest other wordings if that is not clear enough. |
||
| under the Apache 2.0 license. This license was chosen for multiple | ||
| reasons, but in part to enable companies to do this. It is the P4 | ||
| Consortium's intent to continue enabling this. | ||
|
|
||
|
|
||
| # Linux Foundation review of P4.org software licenses in published code | ||
|
|
||
| In early 2024 P4.org became part of The Linux Foundation. In November | ||
| 2024 the Linux Foundation appointed someone to do a quick review of | ||
|
There was a problem hiding this comment. I do not know how formal this document is supposed to be but "someone" sounds a little too non-specific. There was a problem hiding this comment. I don't exactly feel comfortable putting their name in here without asking them. My intent is that this file will be around for as long as this repository will exist. Any alternate suggestions? There was a problem hiding this comment. I propose designating a licensing specialist instead of appointing someone. There was a problem hiding this comment. I made this change in commit 8. |
||
| software licenses in the public repositories in the | ||
| https://github.com/p4lang organization. | ||
|
|
||
| They recommended a fairly light-weight mechanism to make the software | ||
| license of all source files explicit and easy to track with automated | ||
| tools: adding an SPDX-License-Identifier comment line [1]. | ||
|
|
||
| [1] https://spdx.org/licenses/ | ||
|
|
||
| These look like the following examples, where the syntax of everything | ||
| _except_ the comment indicator is required by SPDX, i.e. there is a | ||
| precise specified syntax for ethe "SPDX-License-Identifier:" | ||
| characters to be present, and exactly what sequence of characters may | ||
| follow it on the line. | ||
|
|
||
| ```c++ | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
| ``` | ||
|
|
||
| ```python | ||
| # SPDX-License-Identifier: GPL-2.0-only | ||
| ``` | ||
|
|
||
|
|
||
| # Why is the top level LICENSE file insufficient? | ||
|
|
||
| One short answer is that not all files in this repository can legally | ||
|
There was a problem hiding this comment. This model sounds questionable to me. This should be a big exception. Similar to the inbound-outbound model LLVM has: https://llvm.org/docs/DeveloperPolicy.html#copyright-license-and-patents There was a problem hiding this comment. This topic is on the agenda for the next P4 TST meeting on 2025-Feb-07, and seems worth discussing there. I am glad if this early draft gets better plans made, before we spend too much time on what it currently describes. |
||
| be released under the Apache 2.0 license. Source files that are an | ||
| exception are described below. We expect them to be a fairly small | ||
| set of files, and that these exceptions are _not_ among the source | ||
| files that are compiled to create a P4 compiler executable binary. | ||
|
|
||
| Given that, a per-file software license tracking mechanism becomes | ||
| useful. It is also useful when individual files or subsets of files | ||
| are copied into other open source software projects. | ||
|
|
||
|
|
||
| # Most source files will be released with Apache 2.0 license | ||
|
|
||
| The Apache 2.0 license is the default choice for all source files in | ||
| https://github.com/p4lang projects, unless this is not legally | ||
| allowed. | ||
|
|
||
|
|
||
| # Source files that cannot be released under the Apache 2.0 license | ||
|
|
||
| ## Python source files that import the Scapy library | ||
|
There was a problem hiding this comment. We should probably get rid of scapy entirely if it causes such head aches. We practically only use it for a couple function calls. There was a problem hiding this comment. I think it is more than a couple. grep through the p4c repo for occurrences of scapy, and you can see that in the ebpf back end test code, it uses a fair number of functions, not just Are you mainly hoping to eliminate the use of scapy in the p4c repo only? Or also the following p4lang repos?
There was a problem hiding this comment. Also I suspect that ptf Python code (most of the ptf code) probably needs to be GPL v2 because it imports scapy, and p4c imports ptf in several places, too. There was a problem hiding this comment. At least for eBPF I remember writing this code and it was mostly used for sniffing packets. There was new code added for uBPF however which we would need to take a look at. PTF already has been changed to be independent of scapy with p4lang/ptf#147. We just need to add a module and switch the default. Could be a GSoC project :). There was a problem hiding this comment. It is also important that the compiler code itself has no GPL dependencies. Just the test scaffolding we use may involve GPL components. There was a problem hiding this comment.
If the current PR does not make exactly this point very clear, please tell me how to make it more clear. There was a problem hiding this comment.
For example, the section of line 44 gives the impression that these are compiler source files, when they are in fact test framework source files. There is no explicit mention that both scapy and eBPF dependencies are unrelated to compiler source code. There was a problem hiding this comment. In commit 4, I have added a new short first paragraph explicitly mentioning this to the section you mention. I also added a note to the beginning of the next section, but it will need updating after we confirm the result of a more careful job. |
||
|
|
||
| The Python library Scapy is released under the GNU General Public | ||
| License v2.0 [2]. | ||
|
|
||
| [2] https://github.com/secdev/scapy/blob/master/LICENSE | ||
|
|
||
| Note: Scapy is released under the GPL, _not_ the Lesser GPL (aka | ||
| LGPL). | ||
|
|
||
| While the LGPL explicitly allows releasing proprietary binaries that | ||
| dynamically link with LGPL libraries, the GPL has no such provisions. | ||
|
|
||
| Unless someone can provide a legal ruling from an intellectual | ||
| property lawyer to the contrary, we believe we are required release | ||
| all Python source files meeting the following conditions under the GPL | ||
| v2.0 license: | ||
|
|
||
| (a) files that directly import the Scapy package | ||
| (b) files that indirectly import the Scapy package, by importing a | ||
| package that imports Scapy | ||
|
|
||
|
There was a problem hiding this comment. The bigger problem here is the licensing of the PTF itself, isn't it? There was a problem hiding this comment. Regardless of whether the https://github.com/p4lang/ptf source files are licensed under Apache 2.0 or GPL v2, I don't think it changes things for the p4c source files very much. If we put all source files that import scapy or ptf (or both) under GPL v2, they are still all purely test programs that are not part of p4c executables. There was a problem hiding this comment. One wrinkle added to my previous statement: It appears perhaps not allowed to have a program A (e.g. a test program in this p4c repo) that is GPLv2 licensed, and import the ptf package, if ptf is released under Apache 2. It might be a solution to release ptf under a dual license, e.g. (Apache-2.0 or GPL-2.0-only) at the users choice. Ugh. There was a problem hiding this comment. I have added to this PR a separate short-ish article specifically on the question of compatibility of Apache-2.0 and GPL v2 licenses, named apache-and-gpl-v2-licenses.md In short, it does NOT try to argue that they are compatible, or that they are not compatible. It tries to present a case that it is so unclear whether they are compatible, that without good legal advice, we should be cautious and avoid mixing them in P4 Consortium products, in the same program. (In different programs created from different sources files, there should be no problem, as long as we keep GPL v2 out of the p4c compiler executables.) I have also added a short-ish article specifically on how this applies to the question of importing ptf and scapy packages in a Python program, named ptf-and-scapy.md Please take a look at those and add your review comments, if you are interested. |
||
| We believe that this should not be a significant hindrance to | ||
| commercial users of this code, because all such Python source files | ||
| are test programs, run either during CI for testing p4c executables, | ||
| or during testing by P4 developers. These Python source files that | ||
| use Scapy are not part of P4 compiler executables. | ||
|
|
||
| If a company wishes to distribute Python programs that import the | ||
| Scapy package, they will have to decide how to comply with Scapy's | ||
| license themselves. P4.org can inform them of what we believe the | ||
| software license of Scapy requires, and make all efforts to keep Scapy | ||
| out of P4 compiler executables, or other programs that we expect that | ||
| companies will want to add proprietary extensions to. | ||
|
|
||
|
|
||
| ## C files intended to be compiled and executed in the Linux kernel, e.g. EBPF | ||
|
|
||
| One or more published P4C back ends produce C source files that are | ||
| intended to be compiled and loaded into the kernel via the EBPF | ||
| feature, at least [3], [4] and perhaps others. | ||
|
|
||
| [3] https://github.com/p4lang/p4c/blob/main/backends/ebpf/README.md | ||
| [4] https://github.com/p4lang/p4c/blob/main/backends/tc/README.md | ||
|
|
||
| While there are a few examples of companies releasing binaries of | ||
| Linux driver code for their hardware and not releasing the source | ||
| code, we leave it to their legal teams to navigate any of the | ||
| intricacies that may be involved in that endeavor. | ||
|
|
||
| Our plan is to release all of the following kinds of source files | ||
| under the GPL v2.0 license, the same as the Linux kernel: | ||
|
|
||
| (a) files that are intended to be compiled and loaded into the kernel | ||
| via EBPF. | ||
| (b) header files included from files in category (a). | ||
|
There was a problem hiding this comment. Are these files directly using a GPL content? Or are they just intended to be used in GPL-licensed "product" and Apache is not compatible with that (in which case maybe we should dual-license them). There was a problem hiding this comment. Whether Apache 2.0 is or not compatible with GPL is an open debate, IANAL, but as far as I know, this was never tested in the court. One way to workaround it is to introduce an exception (like in LLVM). There was a problem hiding this comment. If you want to distribute source files intended to be compiled and loaded into a running Linux kernel, and you want to license it under anything but GPL v2.0, I'm pretty sure you need really good lawyers giving you really carefully thought out advice. Is there any reason you'd like to avoid licensing such files as GPL v2.0? |
||
|
|
||
| If any subtle questions arise as to whether any P4 compiler | ||
| executable, e.g. `p4c-ebpf`, must thus be released under GPL v2.0, we | ||
| will raise these questions to the P4 Technical Steering Team for their | ||
| advice. | ||
|
There was a problem hiding this comment. Wouldn't this affect a particlar P4C executable, not any P4C executable? Of would it affect all if EBPF/TC/... targets are enabled? We should not cross-contaminate other targets with GPL files. There was a problem hiding this comment. My belief is that this could easily be constrained to affect only executables involving EBPF, if it even does affect back ends involving EBPF. I will try to change the wording to the following if that makes it clearer: "If any subtle questions arise as to whether a particular P4 compiler back end, e.g. |
||
|
|
||
| We expect that for P4 compiler back ends that do not produce source | ||
| code for use with EBPF, this question will never arise. | ||
|
|
||
|
|
||
| # Third party libraries used by p4c | ||
|
|
||
| There are many libraries used by `p4c` executable binaries, and for | ||
| some, several alternate libraries that can be used in their place. | ||
|
|
||
| TODO: We should summarize those, and their licenses, here, as advice | ||
| to those who wish to produce proprietary `p4c` executable binaries. | ||
|
There was a problem hiding this comment. If you (or anyone reading this) would like to make a list of libraries that p4c executables use, that would be much appreciated. To be thorough, it would be good to mention different options that various current build options provide. For example, I recall discussions of using dymamic linking with glibc, vs. musl, and maybe one or two other choices. I also suspect different back ends might have different libraries that only they use. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add reference to this file into the LINCENSE file, below the actual license.