Licensing on early PolicyKit code

[Simon McVittie]

On 09/07/15 15:45, Alan Perry wrote:
> I cited an ambiguously written licensing comment from an early PolicyKit
> header file and asked what was the intended licensing for the file. What
> am I trying to achieve? To determine what licensing applies to that
> particular header file.

Nothing that anyone on this mailing list says or does now is going to
change what it said in a version of PolicyKit that was released several
years ago; we don't have a time machine available to us.

If you are using a version > 0.91: the project appears to have been
entirely rewritten, by davidz under Red Hat copyright, in early 2009.
The rewrite is pretty unambiguously LGPL-2+; the headers in the files
say so, they were added by the author of most of the older code, and the
original GPL-2+|AFL-2.1 code was deleted from the tree entirely (the
interesting commits are between 0.9 and 0.91). If that license grant and
copyright declaration by the author is not enough for you, I'm not sure
what anyone could say that *would* be enough.

If you are using a version < 0.91, there's a limit to how much anyone
can help you. In practice I suspect that davidz intended it to be
"GPL-2+ or AFL-2.1" (disjunctive dual license, like D-Bus); but if you
consider it to be too much of a legal risk to ship that version, I would
recommend removing it from whatever environment you are working in, and
replacing it with a version > 0.91.

Regardless of whether it is a legal risk or not, using early versions of
PolicyKit is certainly a considerable technical risk (it is
security-sensitive software, and has had many security and correctness
fixes since 0.91); so if you are using an old PolicyKit version, I would
strongly recommend replacing it with a newer version anyway.

-- 
Simon McVittie
Collabora Ltd. <http://www.collabora.com/>