We have quite a few packages in Fedora that are released under some
version of the LGPL with what SPDX calls OCaml-LGPL-linking-exception.
That exception does not appear in the rpmlint-fedora-license-data
package. I'm looking at /etc/xdg/rpmlint/fedora-spdx-licenses.toml,
at the bottom, in ValidLicenseExceptions. Indeed, when I tried to use
it, rpmlint complained:
frama-c.x86_64: W: invalid-license-exception OCaml-LGPL-linking-exception
Should I include this exception when converting OCaml package License
tags to SPDX format?
I'm in the progress of migrating the Mooltice  package to SPDX, but
it proved to be more difficult than anticipated. I would be grateful if
someone could review my current analysis.
The license tag and accompanying comment I have at the moment is the
# The entire source code is GPL-3.0-or-later except:
# src/qwinoverlappedionotifier.[cpp|h] which is LGPL-3.0 OR
# src/AnsiEscapeCodeHandler.[cpp|h] which is Qt-GPL-exception-1.0,
# src/CyoEncode/ which is BSD-2-Clause,
# src/QtAwesome/ which is MIT AND OFL-1.1 AND CC-BY-3.0 (see
src/QtAwesome/README.md for details),
# src/SimpleCrypt/ which is BSD-3-Clause,
# src/http-parser/ which is MIT,
# src/qtcsv/ which is MIT,
# src/qtcsv6/ which is MIT,
# src/utils/qurltlds_p.h which is MPL-2.0 OR GPL-2.0-or-later OR
# src/zxcvbn-c which is BSD-3-Clause.
License: GPL-3.0-only AND GPL-3.0-or-later AND (LGPL-3.0 OR
GPL-2.0-or-later) AND BSD-2-Clause AND BSD-3-Clause AND MIT AND OFL-1.1
AND CC-BY-3.0 AND (MPL-2.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later)
You can find the output of licensecheck here:
. Note that src/QSimpleUpdater is removed as a patch.
Besides that I also couldn't find any reference to Qt-GPL-exception-1.0.
Is this license allowed?
Thank in advance!
During package review of the fiat-crypto Rust library, I noticed that
it contains an implementation of an elliptic curve (p434) which isn't
mentioned on the "good" list here:
I also can't find any references or sources for this curve (search
results for P-434, p434, and curve434 all come up empty). The only
mention of "p434" with respect to cryptography is in this Microsoft
And looking at the source code, I'm not even sure whether the P-434
curve in fiat-crypto is at all related to SIKEp434 / SIDHp434 schemes
that are mentioned there, other than the fact that they happen to be
based on the same prime number (2^216 * 3^137 - 1).
Given that there's no mention of any elliptic curves that use p434 on
the internet (that I could find), is it OK to ship it in a Fedora
package, or do we need to remove it from the sources?