On Wed, Aug 9, 2023 at 7:35 AM Marián Konček <mkoncek(a)redhat.com> wrote:
Yes, I would like to package only that part.
Does license review need to be done before or after submitting a package
review in Bugzilla?
I don't think we (Fedora Legal people) care about that in general
(unless there's some specific reason to think that a package wouldn't
be allowed in Fedora for some non-license-related reason).
Regarding opening issues on fedora / spdx:
* one part is about adding / not adding Oracle / Sun's variant of
BSD-3-Clause
* the other is about accepting differently formatted Apache-1.1?
Does formatting matter to SPDX?
I have lost track of this but I think the issue was not formatting but
some of the language of the Apache Software License 1.1 variant did
not match the SPDX identifier. In general, formatting is irrelevant.
Richard
On 8. 8. 2023 20:24, Richard Fontana wrote:
> On Tue, Aug 8, 2023 at 9:00 AM Marián Konček <mkoncek(a)redhat.com> wrote:
>> As part of the jaxb 4.0.2 -> 4.0.3 update, part of this package is
>> needed for its code generation. Therefore, I would like to package it in
>> Fedora. This package has complex licensing which is why I am asking for
>> a review. Note that I only need the "xsdlib" subdirectory.
>>
>> I only need a stripped-down version of this package as if by
>> downloading:
>>
https://github.com/xmlark/msv/archive/refs/tags/msv-2022.7.tar.gz
>>
>> and running (inside the msv-msv-2022.7 directory):
>>
>> find . -mindepth 1 -maxdepth 1 -type d ! -name 'xsdlib' -exec rm -rf {}
+
>> rm -rf xsdlib/src/main/resources
>> rm -rf xsdlib/src/test
>> grep -l -r --ignore-case 'proprietary' | xargs rm -v
>>
>> Most problematic license files are: copyright.txt and license.txt in
>>
https://github.com/xmlark/msv/tree/main/docs/xsdlib. To my knowledge,
>> all files that remained use explicit BSD-3-Clause or Apache-1.1.
>> Question is whether we could have removed the copyright.txt and
>> license.txt files in the first place.
>>
>> Current upstream:
https://github.com/xmlark/msv
>> Previous package in Fedora (used different source repository):
>>
https://koji.fedoraproject.org/koji/packageinfo?packageID=2576
>> Previous bug related to licensing:
>>
https://bugzilla.redhat.com/show_bug.cgi?id=87684
>>
>> Also grep --ignore-case for "proprietary" "confidential",
"nuclear".
> Can you create a package just from that subset of the xsdlib
> directory as you indicated above?
>
> In those files, what I saw on a quick review was:
>
> - pom.xml : there's a Sun BSD license that is probably OK for Fedora
> but does not seem to match any known variant. (It's tempting to just
> ignore this but since it's probably OK we might as well add it.)
>
> - Oracle 3-clause BSD licenses: most of these seem to be BSD-3-Clause,
> but there was one for which SPDX would need to revise the markup, I
> think ( xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java)
>
> - The Apache 1.1 license appearing on a number of source files does
> not quite match SPDX Apache-1.1, would require SPDX revision to the
> Apache-1.1 markup
>
> So these seem fairly nonproblematic but it would be helpful if you
> could create issues for these in fedora-license-data and then at
>
github.com/spdx/license-list-XML.
>
> But if you need to package any of the other stuff in this repository
> that may complicate things further.
>
> Richard
>
--
Marián Konček
_______________________________________________
legal mailing list -- legal(a)lists.fedoraproject.org
To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue