On Sun, Jul 10, 2022 at 3:15 PM Maxwell G <gotmax(a)e.email> wrote:
I am reviewing yq, which is an MIT-licensed, statically linked (all go binaries are
statically linked) go project that builds against
golang-github-timtadh-data-structures-devel. The latter is licensed under GPL-2.0-only. My
understanding is that distributing yq binaries with just the MIT license file as is
constitutes a GPL violation.
While we're waiting for upstram to rectify this situation (I filed an issue), would
it be permissible to set the License field to `MIT AND GPL-2.0-only`, include a copy of
the GPL v2 in the package, and add a comment to the specfile explaining the situation?
This is an interesting question since Jilayne Lovejoy and I have
recently been working on revised legal documentation for Fedora that
among other things deals with the topic of what to put in the License:
field given the anticipated migration to the use of SPDX identifiers.
But we haven't considered a case like this one. If I understand
correctly (I have passing familiarity with Go and close to zero
understanding of how Go projects are built and packaged for Fedora)
the yq rpm would contain a binary that is statically linked against
golang-github-timtadh-data-structures, but the source package of the
yq rpm will not itself contain the source code of
golang-github-timtadh-data-structures (i.e. it won't be "vendored"
[bleh]), which however will be separately packaged in Fedora. Is that
accurate or am I misunderstanding? Surely this sort of question has
come up before for Fedora Go packages... or has it?