On Wed, Jun 10, 2020 at 12:11 AM Wim Vervoorn wvervoorn@eltan.com wrote:
You only need a single mainboard to be in the tree. A mainboard can trigger cloning a specific branch of this repository after warning for the license.
So I think you're basically just suggesting to use branches instead of different repositories to separate them, but still separate them all individually. I don't think it makes much of a difference, just that branches are usually used in Git to track different versions of the same thing, so I think it might be confusing to use them to track different things instead. I think if we decide that every affected vendor should have their blobs isolated by themselves, we might as well just make them different repositories (unless Patrick has any preferences about what scales better on the infra side there).
Would it be enough to just create a second repository (3rdparty/restrictive_blobs or something like that) which is not automatically checked out by CONFIG_USE_BLOBS so people can make a separate conscious decision if they want to check it out?
If it doesn't allow redistribution, we'd have to check if coreboot.org can host such repos (because we redistribute all the time) or if there's some implied license by the licensor (they pushed it for redistribution after all), and if we can mirror it to github.com and other places (or if that's not implied anymore). As coreboot.org maintainers we won't accept a special "redistribution by coreboot.org allowed" type of license: if those bits are _that_ precious, we don't want them.
No, wait, sorry, I never said they don't allow redistribution. I think it's clear that we can't host them if we can't redistribute them. (Note that blobs with licenses like this are hosted in other projects' big blob repos like https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/... too.)
These licenses explicitly *do* allow unlimited redistribution. It's just that the license text says you're only allowed to download it if you're agreeing to the license (whether that's enforceable in each jurisdiction is a different question, of course). So if anything this is on the downloader, not on the redistributor. Personally, I think this isn't much different than one of those bundled EULAs that say "if you don't agree to this, you must bring the CD back to the store"... but I'm not a lawyer and I can understand that some people may feel more concerned about it, so I'm hoping we can find a solution that allows those people to avoid downloading these blobs unintentionally.