Misrepresented Licensing #68
Description
It seems that several files based on aarch64 code has this license notice which seems to be a rare variant of BSD-3-Clause with the second clause removed, no disclaimer and some wording changed and GPL dual-licensing:
/*
* crt0-efi-aarch64.S - PE/COFF header for AArch64 EFI applications
*
* Copyright (C) 2014 Linaro Ltd. <ard.biesheuvel@linaro.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice and this list of conditions, without modification.
* 2. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License as published by the Free Software Foundation;
* either version 2 of the License, or (at your option) any later version.
*/
Some, but not all files with this license notice incorrectly label this notice as GPL-2.0-or-later OR BSD-2-Clause. This is not licensed under BSD-2-Clause. This should be updated to affect the reality.
inc/protocol/efidbg.h seems to be licensed under BSD-4-Clause.
inc/efipoint.h seems to be licensed under the MIT license.
inc/efiui.h is Copyright (C) 200 Intel Corporation which seems to suggest it's in the public domain 😜
efilib license does have an extra disclaimer not included in BSD-2-Clause, however since it refers to the EFI Spec and other information on the website it was originally distributed on, I believe it doesn't apply to this software and therefore doesn't put any extra restrictions on this project, but IANAL. I've labeled the efilib license as BSD-2-Clause but since the copyright notice has to be preserved, the extra sentence added to BSD-2-Clause has to be kept.
Given all the complexities of licensing in this project, I suggest a thorough review of all license notices in this repo and noting the SPDX identifier of the whole project in docs/README.packaging.md for us packagers. Here's my attempt at it, which might not be entirely correct so please triple check:
SPDX-License-Identifier: BSD-2-Clause AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND GPL-2.0-or-later AND MIT AND LicenseRef-scancode-bsd-no-disclaimer-unmodified
this is the license identifier according to fedora, I couldn't find the GPL-2.0-only files but maybe they were removed/relicensed between the version on fedora and master:
SPDX-License-Identifier: BSD-2-Clause AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND GPL-2.0-or-later AND GPL-2.0-only