Discussion:
Bitcoin Assistance
Add Reply
Radcliffe, Mark via bitcoin-dev
2017-09-25 21:53:40 UTC
Reply
Permalink
Raw Message
My apologies if this post has been answered, but I am new to the list. I am lawyer trying to understand the licensing of the Bitcoin core and I will be presenting in a webinar with Black Duck Software on Blockchain on September 28 (in case you are not familiar with them, Black Duck Software assists companies in managing their open source software resources). They have scanned the Bitcoin Core code for the open source licenses used in the codebase. I am enclosing a summary of the findings. I would be interested in communicating with the individuals who manage this codebase and can provide insight about the project manages contributions because the codebase includes projects with inconsistent licenses (for example, code licensed under the Apache Software License version 2 and GPLv2 cannot work together in some situations). Thanks in advance.

According to the scan, the code base includes code licensed under the following licenses:


Apache License 2.0

Boost Software License 1.0

BSD 2-clause "Simplified" License

BSD 3-clause "New" or "Revised" License

Creative Commons Attribution Share Alike 3.0

Expat License

GNU General Public License v2.0 or later

GNU General Public License v3.0 or later

GNU Lesser General Public License v2.1 or later

License for A fast alternative to the modulo reduction

License for atomic by Timm Kosse

MIT License

Public Domain

University of Illinois/NCSA Open Source License






Mark Radcliffe
Partner

T +1 650.833.2266
F +1 650.687.1222
M +1 650.521.5039
E ***@dlapiper.com <mailto:***@dlapiper.com>

[DLA Piper Logo]

DLA Piper LLP (US)
2000 University Avenue
East Palo Alto, California 94303-2215
United States
www.dlapiper.com <http://www.dlapiper.com>

Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to ***@dlapiper.com. Thank you.
Omar Shibli via bitcoin-dev
2017-09-26 13:12:48 UTC
Reply
Permalink
Raw Message
According to my understanding, Bitcoin protocol is a combination of several
components (node, miner, wallet..), you can use different licenses for
different components, as long as the components are well structured and
inter APIs are well defined and encapsulated, therefore, incompatible
licenses could be not an issue.
Please note that I'm not legal advisor and this is just my personal opinion.

On Tue, Sep 26, 2017 at 12:53 AM, Radcliffe, Mark via bitcoin-dev <
Post by Radcliffe, Mark via bitcoin-dev
My apologies if this post has been answered, but I am new to the list. I
am lawyer trying to understand the licensing of the Bitcoin core and I
will be presenting in a webinar with Black Duck Software on Blockchain on
September 28 (in case you are not familiar with them, Black Duck Software
assists companies in managing their open source software resources). They
have scanned the Bitcoin Core code for the open source licenses used in the
codebase. I am enclosing a summary of the findings. I would be interested
in communicating with the individuals who manage this codebase and can
provide insight about the project manages contributions because the
codebase includes projects with inconsistent licenses (for example, code
licensed under the Apache Software License version 2 and GPLv2 cannot work
together in some situations). Thanks in advance.
Apache License 2.0
Boost Software License 1.0
BSD 2-clause "Simplified" License
BSD 3-clause "New" or "Revised" License
Creative Commons Attribution Share Alike 3.0
Expat License
GNU General Public License v2.0 or later
GNU General Public License v3.0 or later
GNU Lesser General Public License v2.1 or later
License for A fast alternative to the modulo reduction
License for atomic by Timm Kosse
MIT License
Public Domain
University of Illinois/NCSA Open Source License
*Mark Radcliffe*
Partner
*T* +1 650.833.2266 <(650)%20833-2266>
*F* +1 650.687.1222 <(650)%20687-1222>
*M* +1 650.521.5039 <(650)%20521-5039>
[image: DLA Piper Logo]
DLA Piper LLP (US)
2000 University Avenue
East Palo Alto, California 94303-2215
United States
www.dlapiper.com
Please consider the environment before printing this email.
The information contained in this email may be confidential and/or legally
privileged. It has been sent for the sole use of the intended recipient(s).
If the reader of this message is not an intended recipient, you are hereby
notified that any unauthorized review, use, disclosure, dissemination,
distribution, or copying of this communication, or any of its contents, is
strictly prohibited. If you have received this communication in error,
please reply to the sender and destroy all copies of the message. To
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Cory Fields via bitcoin-dev
2017-09-27 21:20:26 UTC
Reply
Permalink
Raw Message
Hi Mark

Thank you very much for posting the findings. I took a look through our
repository and I think I can provide a bit of context.

I'll go through each one, annotating what I've found.
Post by Radcliffe, Mark via bitcoin-dev
Apache License 2.0
This is used by a few java files in the libsecp256k1 project. That library
(which lives here: https://github.com/bitcoin-core/secp256k1) is a
sub-module created and maintained by Bitcoin Core developers. The files in
question are bindings that allow other applications to use libsecp256k1
from Java. Bitcoin Core makes no use of them.
Post by Radcliffe, Mark via bitcoin-dev
Boost Software License 1.0
This comes from tinyformat.h. Bitcoin Core indeed uses it.
Post by Radcliffe, Mark via bitcoin-dev
BSD 2-clause "Simplified" License
I'm unable to find any 2-clause BSD licensed files.
Post by Radcliffe, Mark via bitcoin-dev
BSD 3-clause "New" or "Revised" License
This comes from leveldb, which is database software used by Bitcoin Core.
Because database software version inconsistencies can cause accidental
forks (this actually happened in 2013), we include these files in our
repository and use them rather than linking to arbitrary versions at
runtime.

There are a few non-upstream files we use in our leveldb tree to provide
windows support. Quoting from src/leveldb/util/env_win.cc:
This file contains source that originates from:

http://code.google.com/p/leveldbwin/source/browse/trunk/win32_impl_src/env_win32.h

http://code.google.com/p/leveldbwin/source/browse/trunk/win32_impl_src/port_win32.cc
Those files don't have any explicit license headers but the
project (http://code.google.com/p/leveldbwin/) lists the 'New BSD License'
Post by Radcliffe, Mark via bitcoin-dev
Creative Commons Attribution Share Alike 3.0
I didn't manage to find any CC-licensed files. The match probably comes
from our gui svg icons, which contain an xml tag with a link to
creativecommons.org. This seems to be the default behavior of inkscape,
which was used to create those icons. Any icons that we have not created
ourselves are listed in contrib/debian/copyright (they're all expat/public
domain).
Post by Radcliffe, Mark via bitcoin-dev
Expat License
See MIT.
Post by Radcliffe, Mark via bitcoin-dev
GNU General Public License v2.0 or later
The debian folder, which holds the files used to create debian/ubuntu
packages is licensed gplv2+. These are packaging resources only,
unnecessary for use of the code.

Additionally, some gplv2 m4 macros are used to bootstrap the code that is
used to build the Bitcoin code. These contain the additional exception:

As a special exception, the respective Autoconf Macro's copyright owner
gives unlimited permission to copy, distribute and modify the configure
scripts that are the output of Autoconf when processing the Macro. You
need not follow the terms of the GNU General Public License when using
or distributing such scripts, even though portions of the text of the
Macro appear in them. The GNU General Public License (GPL) does govern
all other use of the material that constitutes the Autoconf Macro.
Post by Radcliffe, Mark via bitcoin-dev
GNU General Public License v3.0 or later
The macdeploy script, useful for creating DMG files for macOS is gplv3. It
is not necessary for any other platform, and is only used during the build
process. Additionally, it is not the only way to create DMG files (apple's
native tools can be used as well).

Additionally, config.guess and config.sub are gplv3 scripts used to build
our buildsystem.
Post by Radcliffe, Mark via bitcoin-dev
GNU Lesser General Public License v2.1 or later
authproxy.py, A python script used in our test suite is licensed lgpl
v2.1+. It is only necessary for running optional tests during development.
Post by Radcliffe, Mark via bitcoin-dev
License for A fast alternative to the modulo reduction
This references a comment cuckoocache.h. No code from the site is used. The
link to the site was added after the code, as the site provides a helpful
explanation for the technique used.
Post by Radcliffe, Mark via bitcoin-dev
License for atomic by Timm Kosse
Another m4 file. As explained with the others above, this is a macro which
builds code which builds code. It is used in the build process only.
Post by Radcliffe, Mark via bitcoin-dev
MIT License
The primary and default license for all contributions.
Post by Radcliffe, Mark via bitcoin-dev
Public Domain
University of Illinois/NCSA Open Source License
clang-format-diff.py, a python script optionally used by developers to
clean up code changes.

tl;dr: Best I can tell, all source files that comprise Bitcoin Core
binaries are licensed (excluding the public domain ones) as MIT, BSD, or
Boost.

It's also worth repeating Omar's point that many of the files in the
Bitcoin Core repository are used for optional programs/libraries. None of
the artwork, for example, is needed for the primary bitcoin daemon.

Hope that helps!

Regards,
Cory
Tim Ruffing via bitcoin-dev
2017-09-27 21:54:09 UTC
Reply
Permalink
Raw Message
Post by Cory Fields via bitcoin-dev
Post by Radcliffe, Mark via bitcoin-dev
Creative Commons Attribution Share Alike 3.0
I didn't manage to find any CC-licensed files. The match probably
comes from our gui svg icons, which contain an xml tag with a link to
creativecommons.org. This seems to be the default behavior of
inkscape, which was used to create those icons. Any icons that we
have not created ourselves are listed in contrib/debian/copyright
(they're all expat/public domain).
This is somewhat weird. Back in 2014, most of icons were listed as
"CC BY-SA" (which is the correct license according to the original
source):
https://github.com/bitcoin/bitcoin/blob/31aac02446472ec5bfc4676ab190ec9d37056503/doc/assets-attribution.md

However the current docs list them as "Expat". A mistake?
https://github.com/bitcoin/bitcoin/blob/master/contrib/debian/copyright

Also, even the old version lists some icons "based on Stephan Hutchings
Typicons" as "License: MIT", which could be a violation of CC BY-SA if
I'm not mistaken.

Best,
Tim
Gregory Maxwell via bitcoin-dev
2017-09-27 22:21:12 UTC
Reply
Permalink
Raw Message
On Wed, Sep 27, 2017 at 9:54 PM, Tim Ruffing via bitcoin-dev
Post by Tim Ruffing via bitcoin-dev
Also, even the old version lists some icons "based on Stephan Hutchings
Typicons" as "License: MIT", which could be a violation of CC BY-SA if
I'm not mistaken.
Relicensed by the copyright holder:

https://github.com/bitcoin/bitcoin/commit/dae0a89d4b66f08c83ccc8c20cf37521084b6257

(For future reference, git log -p <file> makes it easy to go find
where some string was last in a file, so you can look at the commit
that changed it.)
Tim Ruffing via bitcoin-dev
2017-09-27 22:41:24 UTC
Reply
Permalink
Raw Message
Oh nevermind. I had a look at the history but missed that commit and
assumed the change was introduced when adding the text to
contrib/debian/copyright

Tim
Post by Gregory Maxwell via bitcoin-dev
On Wed, Sep 27, 2017 at 9:54 PM, Tim Ruffing via bitcoin-dev
Post by Tim Ruffing via bitcoin-dev
Also, even the old version lists some icons "based on Stephan Hutchings
Typicons" as "License: MIT", which could be a violation of CC BY-SA if
I'm not mistaken.
https://github.com/bitcoin/bitcoin/commit/dae0a89d4b66f08c83ccc8c20cf
37521084b6257
(For future reference, git log -p <file> makes it easy to go find
where some string was last in a file, so you can look at the commit
that changed it.)
Gregory Maxwell via bitcoin-dev
2017-09-27 22:06:58 UTC
Reply
Permalink
Raw Message
On Wed, Sep 27, 2017 at 9:20 PM, Cory Fields via bitcoin-dev
Post by Cory Fields via bitcoin-dev
Post by Radcliffe, Mark via bitcoin-dev
License for A fast alternative to the modulo reduction
This references a comment cuckoocache.h. No code from the site is used. The
link to the site was added after the code, as the site provides a helpful
explanation for the technique used.
As the author of that comment: the reference there is unrelated to the
code but just a found-on-the-internet explanation for an trivial, old,
and well known technique (which I've seen in code since at least the
80s) that manages to sometimes surprise people who aren't familiar
with fixed point signal processing. I wrote and submitted the comment
after encountering people confused by our code in another project,
long after it was written.
Loading...