Hi Richard,
Fedora used to maintain in its old license list an indication of
whether a "good" license was GPLv2 and (separately) GPLv3 compatible.
We thought this over carefully but decided not to continue this
practice in the migration of this data to the fedora-license-data
repository. This despite the fact that a lot of careful thought went
into those determinations (such that I think the preserved record of
those determinations has some significant historical value for GPL
interpretation). We did this because in essentially no real-world case
was the information ever used to take any action with respect to an
actual or proposed Fedora package.
This data is helpful. Adding this to SPDX would
be good, but given the
number of licenses, it would be most efficient if other interested
parties also contributed to this.
As for compatibility of arbitrary licenses more generally: If I'm
counting correctly, Fedora now has 286 licenses in the simple
"allowed" category (corresponding to the old "good [for software]"
category) and this is expected to increase substantially with the
ongoing migration to use of SPDX identifiers. So it is basically
impractical if not impossible to maintain any useful, well-reasoned
set of context-free compatibility relationships for each Fedora
allowed license with respect to any other arbitrary Fedora allowed
license.
For software licenses, probably a simple categorization is reasonable?
Permissive, weakly protective, strongly protective, network protective
Suggestions can then be issued to packagers to check license compliance
that typically either the most protective license applies, or contents
with separate licenses are in separate packages.
The Apache 2 and GPL conflict seems well known. There are 1012 packages
in the repositories with both GPL and Apache licenses:
$ dnf repoquery --all --info > allpackageinfo.txt
$ cat allpackageinfo.txt | grep -n "ASL.* GPL" >> GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n "Apache.* GPL" >>
GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n " GPL.*ASL" >> GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n " GPL.*Apache" >>
GPLonly_AND_APACHE.txt
$ wc -l GPLonly_AND_APACHE.txt
Need to check that either GPL license is the main one that applies with
Apache licensed software included in GPL software but no GPL software in
Apache licensed software or separate Apache and GPL packages are produced:
https://www.apache.org/licenses/GPL-compatibility.html
Maybe there are other well known cases that should be documented and
perhaps put in the review tool?
Any Fedora community member who has a concern about a license
compatibility issue involving a specific Fedora package or proposed
Fedora package is encouraged to raise it (probably most appropriately
in a Bugzilla bug) and it will be looked at in a context-specific way.
This context-specific analysis will consider not only architectural
issues (of the sort referred to by Miroslav) but also the licensing,
development and political history of the code at issue and general
relevant FOSS community practices. If it will prove useful we will try
to document some generalized conclusions in the Fedora license
documentation.
Generalized conclusions/suggestions would be helpful.
Lastly, I would suggest taking past promulgations on the general
topic
here by commentators with a fairly enormous grain of salt.
Richard