TSC/Relicensing Procedure
Intro
The use of Scapy in python-based test code (not actual data plane code) necessitates relicensing some of that test code. In order to ensure an orderly and trustworthy relicensing process, the procedure is outlined here:
CSIT Procedure
- The gpl licensed subdir will contain a subdirectory 'relicense/'
- That subdirectory will contain a set of relicense assertion files, one per 'entity' where 'entity' is either a corporation or individual. If corporate, naming should be some appropriate lower case version of the corp name 'cisco' 'intel' if individual, it should be some appropriate lowercase identifier like ${user part of email address used to commit} or ${github id}. Example: relicense/edwarnicke (github id) or relicense/hagbard (user part of email address)
- Each relicense file must be pushed in a changeset containing just relicense file(s) (and obviously DCOed, as we require that of all commits).
- Individual relicense files must be pushed by the individual authorizing relicensing.
- Corporate relicense files must be pushed by an authorized employee of the corp
- Individual relicense file template:
- ******************
- I, ${legal name} hereby sign-off-by all of my past contributions which have been moved to the subdirectory ${subdir containing scapy affected files} subject to the Developer Certificate of Origin (DCO), Version 1.1 and relicense them under GPLv2.
- In the past, I have contributed using emails: ${list of emails}
- ******************
- Corporate relicense file template:
- ******************
- I, ${legal name} on behalf of ${corp} hereby sign-off-by all past contributions of ${corp} which have been moved to the subdirectory ${subdir containing scapy affected files} subject to the Developer Certificate of Origin (DCO), Version 1.1 and relicense them under GPLv2.
- ${corp} has contributed via the following individual's emails: ${list of emails}
- ******************
VPP Procedure (Proposal)
Due to the logical organization of the python test scripts in the vpp repo, putting them all in a single directory is not a reasonable solution. Falling back to the fundamental requirements that we have clarity about which python test scripts are relicensed as GPL due to scapy use and confidence we have gotten it right, a different approach can be adopted.
Currently, for purposes of python test scripts in the vpp repo, various make rules install their own copy of scapy in their own directory. This opens the possibility of patching it. A patch has already been developed that patches __init__.py for scapy such that when it is imported directly or indirectly, it can gather information about the importing file, and all intermediate imported files between that file and scapy. This allows a patch to be developed that:
- Check for GPL license file of the importing file, returning an error with a clear message as to how to remediate in the event it is not present.
- If the GPL license header is present, check for an entry in a gpl_index.txt file in the relicense/ directory for the importing file. Entries should be a single line of the form:
${importing file} -> ${imported file} -> ... -> scapy.py
allowing for both the identification of all GPL licensed files, but also demonstration of how they come to be importing scapy.py. If the file has a GPL header and is not listed in the index, an entry can be automatically added by the import process.
In addition, CI can check to see if the gpl_index.txt file has been changed by its running of the test scripts to differ from the gerrit (ie, it needs to be updated) and fail with a clear error about how to remediate.
Once this mechanism is in place, relicense certification can proceed as in the CSIT case.