-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use non-copyleft RNG implementation in Ready2Run #51448
Conversation
Using xorshiro128** because it is already used in the project, and licensed under CC0.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this work and analysis. This change will work well to fix the issue.
Looks like I made a mistake when I made the original 3PN entry for xorshift. I see now that it is not a compatible license. I'm not sure how I missed that. This PR -- from a licensing standpoint -- appears like a clear improvement. That said, upon further research, it doesn't appear like a 100% solution. Context: https://opensource.org/faq#cc-zero We should consider another implementation. I didn't have the context that OSI doesn't recommend/approve CC licenses for code. That makes me unenthusiastic about taking this PR. We should have a policy of not accepting CC licensed code going forward. |
The lack of OSI approval of CC-Zero's fallback license is indeed unfortunate. On the other hand, the FSF does recognize it as free software license, as GPL compatible, and simultaneously recommends using it if you really want to make your software public domain, while also discouraging its use for software due to the patent clause concerns. The United States Federal government also considers CC-Zero as a valid OSS license. They define OSS software as any software available under a license that meets the OSD or FSF's free software definition. So they don't actually officially care about either organization's license list except that it is a quick and way to to show a license does meet one of the two definitions. I'm not actually certain what the official licensing policy of the .NET Foundation is. It looks like the .NET Foundation policy is use of a list of permissive licenses approved by the Foundation, but it also sounds like this list may not actually be published anywhere. I would very much agree that code under any CC license except CC0 probably should be avoided for code. I'm just not certain of the need to avoid CC0 itself. This might really be a question for the Foundation to answer? |
That's good context and makes sense. I started a conversation with our team's legal council, and will pull in same for the .NET Foundation. That's usually how we handle these sorts of questions. It's not really a .NET Foundation board question unless the the response from council is unclear. Also, even if the Foundation is OK with CC0, that doesn't mean we have to be. The Foundation sets the outer ring of acceptable licenses, but isn't in a position to tell us which licenses we must accept/use within that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have determined that we can accept CC0 licensed code. Thank you again for highlighting this issue and fixing it.
@richlander will create a follow up PR to to clarify our policy for CC licensed code.
Using xorshiro128** because it is already used in the project, and licensed under CC0.
Credited this in the Third Party Maintainer files, despite the license not requiring it,
because we tend to do so even when not strictly required to. See "License notice
for Greg Parker" for example.
I've performed no performance testing, but I suspect it is unlikely to have a significant impact,
because both algorithms are of similar speed.
Fixes #51436.