#57: Seeking Council feedback/input on draft third party software policy
Reporter: pfrields | Owner:
Status: new | Priority: normal
Component: General | Resolution:
Keywords: workstation |
Comment (by spot):
Replying to [comment:21 rhughes]:
Replying to [comment:19 mattdm]:
> The use of SPDX resources for license tags is an example; they mean
different than Fedora does when we use "License: MIT".
Okay, this might be a concrete issue. The AppStream specification
specifies SPDX (and is shipped in AppStream and specified by
AppData files) as it's designed to be used by multiple distributions and
has already been adopted natively by both Debian and Suse. Being blunt,
although Fedora did a lot of "picking apart" of the license issues back in
the day, we can't base a freedesktop spec on the specific wording of how
Fedora Legal interprets specific parts of a license text. If SPDX and
Fedora disagree on the meaning of MIT we should probably fix that.
*deep breath* Boy, that'd be nice. I'm not sure it is ever going to
happen. We've got different philosophies. Take a look at the MIT
subsection at Fedora:
It begins with this text:
"There are many MIT variants, all of which are functionally identical."
SPDX disagrees. They think that any wording change in a license, no matter
how trivial, results in a new license. Fedora decided a long time ago that
all of these MIT variants, as long as they resulted in the same basic set
of permissions/restrictions, would be called "MIT". I've been talking to
the SPDX project team since they formed, and we long ago determined to
simply agree to disagree here. Fedora calls all 33 (known) MIT variants
"MIT", and SPDX only calls the one MIT entry from the OSI list as
(and doesn't have a classification for the other 32 variants).
Upstream is now specifying the license as an SPDX string in the
file, and we're showing that in preference to the license specified in
spec file. If that needs to change then we're going to need pages like
specifically for Fedora license IDs, and
we're also going to need an explicit grammar for the License: line in the
spec file -- at the moment lots of packages are just specifying case-
incorrect text not designed for machine reading.
Citation needed on "lots of packages". We also have an explicit grammar
for the License: line.
That said, I _do_ understand why you're using SPDX strings in the AppData
files. SPDX (with my help) has been putting in significant effort to
ensure that the majority of Fedora licenses have matching SPDX entries.
MIT is an exception, rather than the rule. I'm not concerned about how you
are currently using SPDX resources in this context.
Ticket URL: <https://fedorahosted.org/council/ticket/57#comment:24>
Fedora Council Public Tickets