On Thu, Jun 9, 2022 at 6:01 PM Jilayne Lovejoy <jlovejoy(a)redhat.com> wrote:
On 6/8/22 12:23 PM, Neal Gompa wrote:
> On Wed, Jun 8, 2022 at 2:09 PM Richard Fontana <rfontana(a)redhat.com> wrote:
>> On Wed, Jun 8, 2022 at 1:58 PM Jilayne Lovejoy <jlovejoy(a)redhat.com>
wrote:
>>> ` If the license is not on the SPDX License List, then submit the license to
the to the SPDX-legal team at
https://tools.spdx.org/app/submit_new_license/. In addition
to the required information, include a note that it is under review for Fedora and a link
to the related Fedora License Data Gitlab issue.
>> Shouldn't this step depend on the license actually being approved by
>> Fedora first? I guess that's more of an SPDX question than a Fedora
>> question. Do you want people to be submitting licenses to SPDX even if
>> the end result might be that Fedora classifies it as "not allowed"?
Of
>> course the license might still meet SPDX's inclusion guidelines.
>>
> It should be approved by Fedora with a provisional identifier, and
> that identifier should be forwarded to SPDX. We don't want to have
> Fedora wait on SPDX.
I already responded to Richard's comment above as to why not wait on
this step, but to add to that and in light of Neal's comment about the
identifier - while "waiting on SPDX" is not ideal, we also don't want to
jump to fast to using a provisional identifier, as it's on the SPDX
legal team to ensure that identifier is not already used by another
license - pretty important aspect for all involved.
If we're already using SPDX identifiers for the basis of our license
identifier list, this problem isn't going to happen. It already
doesn't happen today even with our distinctly different identifier
systems. So I consider this optimization worth implementing, because
SPDX legal is inherently not bound to Fedora and I don't want to add
more drag to our already very slow FE-Legal process.
For insight as to how the process works over at SPDX - here is an
example of a (Fedora) license I submitted the other day:
https://github.com/spdx/license-list-XML/issues/1522
I'm aware of the process (now) after observing it for openSUSE to get
FDK-AAC added, but I've also observed that the process is pretty slow
with other licenses submitted over the past few months.
One reason I actually prefer our existing system is that we are able
to be responsive once *we've* decided we're good with it. Our
transition to SPDX-style identifiers should not cause us to lose this
advantage. Notably, even Debian has so far refused to transition to
SPDX identifiers and only merely made their existing DEP-5 identifiers
"SPDX-like"[1]. They maintain their own identifier base, it just
happens to be SPDX-ish.
From my perspective, this is the approach I want Fedora to have. Our
agency is important because *we're* considered a Linux world licensing
authority, just like Debian is. If Fedora and Debian disagree (which
happens sometimes), then both opinions are used by third parties to
make informed decisions.
One of the worst things openSUSE did was blindly drop their agency
around license policy. It was chaos and I refuse to allow that to
happen again.
[1]:
https://wiki.debian.org/Proposals/CopyrightFormat
--
真実はいつも一つ!/ Always, there's only one truth!