You did not hear about SPDX for long time and you must be eager to hear a recent news. So here they are:
* There is a new CI test 'license-validate` that is run for **every** PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
* I updated the burn-down chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rp... There are 3 packages that are not SPDX complient. I opened PR for one them. The remaining 2 have open issue at fedora-license-data (lazarus, webkitgtk).
* There are still 1458 packages that contains LicenseRef-Callaway-* and need to be changed to proper license ID - see https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updati... for documentation. The list of affected packages can be find here: https://github.com/fedora-copr/license-validate/blob/main/packages-without-s...
* Our main focus is on licenses of linux-firmware that is ... complicated
* The license of tegrarcm was identified as not allowed in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=2477792
* I released new version of `fedora-license-data` with 7 new licenses.
Dne 20. 05. 26 v 9:00 Miroslav Suchý napsal(a):
You did not hear about SPDX for long time and you must be eager to hear a recent news. So here they are:
- There is a new CI test 'license-validate` that is run for **every**
PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
I wonder what is the difference between this and results provided by rpmlint / rpminspect. Of course one advantage of this test is that it is visible directly on the PR without too much clicking.
Vít
Dne 20. 05. 26 v 10:15 dop. Vít Ondruch napsal(a):
I wonder what is the difference between this and results provided by rpmlint / rpminspect.
Technically rpmlint/rpminspect uses regexps while license-validate use BNF grammar.
Rpmlint (not sure about rpminspect) uses python-rpm directly while license-validate uses python-specfile.
But....
Of course one advantage of this test is that it is visible directly on the PR without too much clicking.
... basicaly this ^^^. Better visibility without too much clicking.
On Wed, May 20, 2026 at 9:01 AM Miroslav Suchý msuchy@redhat.com wrote:
- There is a new CI test 'license-validate` that is run for **every** PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
Where can I report issues with the run-license-validate?
package: mysql8.4 PR: https://src.fedoraproject.org/rpms/mysql8.4/pull-request/14 test result: https://artifacts.dev.testing-farm.io/654a2027-7181-4718-a139-0ed2cb67c1ee/
--
Michal Schorm Senior Software Engineer Databases Team Red Hat
--
On Wed, May 20, 2026 at 9:01 AM Miroslav Suchý msuchy@redhat.com wrote:
You did not hear about SPDX for long time and you must be eager to hear a recent news. So here they are:
There is a new CI test 'license-validate` that is run for **every** PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
I updated the burn-down chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rp...
There are 3 packages that are not SPDX complient. I opened PR for one them. The remaining 2 have open issue at fedora-license-data (lazarus, webkitgtk).
- There are still 1458 packages that contains LicenseRef-Callaway-* and need to be changed to proper license ID - see https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updati... for documentation.
The list of affected packages can be find here: https://github.com/fedora-copr/license-validate/blob/main/packages-without-s...
Our main focus is on licenses of linux-firmware that is ... complicated
The license of tegrarcm was identified as not allowed in Fedora https://bugzilla.redhat.com/show_bug.cgi?id=2477792
I released new version of `fedora-license-data` with 7 new licenses.
-- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
On 2026/05/20 11:43, Michal Schorm wrote:
On Wed, May 20, 2026 at 9:01 AM Miroslav Suchý msuchy@redhat.com wrote:
- There is a new CI test 'license-validate` that is run for **every** PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
Where can I report issues with the run-license-validate?
As a rule of thumb, if it is Fedora-CI related (checks run in PR, tests in bodhi updates), and otherwise you don't know more specifically where to file it, just https://forge.fedoraproject.org/ci/tickets/issues.
package: mysql8.4 PR: https://src.fedoraproject.org/rpms/mysql8.4/pull-request/14 test result: https://artifacts.dev.testing-farm.io/654a2027-7181-4718-a139-0ed2cb67c1ee/
Yeah, this one is actually quite common, but did not make a ticket for it yet, only in the upstream [1]. Will try to dig into it a bit deeper
[1]: https://github.com/fedora-copr/license-validate/issues/45
On 2026/05/20 11:59, Cristian Le via devel wrote:
On 2026/05/20 11:43, Michal Schorm wrote:
On Wed, May 20, 2026 at 9:01 AM Miroslav Suchý msuchy@redhat.com wrote:
- There is a new CI test 'license-validate` that is run for
**every** PR at src.fedoraproject.org. It checks if your `License` tag is valid. This should help you catch typos (e.g., "GPLv2.0-or-later", "BSD 2-Clause"). You can see the example of the run here: https://src.fedoraproject.org/rpms/mbedtls/pull-request/12
Where can I report issues with the run-license-validate? package: mysql8.4 PR: https://src.fedoraproject.org/rpms/mysql8.4/pull-request/14 test result: https://artifacts.dev.testing-farm.io/654a2027-7181-4718-a139-0ed2cb67c1ee/
Yeah, this one is actually quite common, but did not make a ticket for it yet, only in the upstream. Will try to dig into it a bit deeper
So for anyone else monitoring this, I've got a reply on the source of the issue being [1], and basically it happens when you have a conditional spanning a section like ``` %if %{with foo}
%package foo ...
%endif ```
I think I can add a workaround for this on license-validate, to at least not fail as badly.
-
Cristian Le -
Michal Schorm -
Miroslav Suchý -
Vít Ondruch