Dne 06. 06. 22 v 21:33 Richard Fontana napsal(a):
Following up on this thread: A few of us in Red Hat discussed this
issue and settled on the idea that we should preserve the "licenses of
the contents of the binary rpm" policy, rather than the most obvious
alternative which would be "list the licenses found in the source
tarball". A major justification for that is that there isn't much
point in having the License: field merely replicate what you could get
by using a source code license scanner with some minimal analysis.
Please note that source licenses does not map to binary RPMs 1:1. It is
well possible the source tarball contains multiple licenses while some
subpackage content is licensed by only subset of the licenses. E.g. you
might have source tarball containing MIT code and CC0 data. Then you
have -data subpackage which contains just the data, therefore the
license for that subpackage should be just CC0.
Of course the guidelines could suggest against using specific License
field for subpackages. Dunno if that would help anything.
However, it seems clear that "licenses of the contents of the binary
rpm" is ambiguous and this partly explains why today Fedora packagers
seem to be applying non-uniform standards to figuring out what to
include in the License: field. There also may continue to be cases
where different licensing of binary subpackages makes a difference to
some package consumers.
We considered a few different options and we concluded that the best
approach is for the License: field to consist of a simple enumeration
of the licenses (including, possibly, disjunctive license expressions)
covering anything that ends up in a given binary RPM (whether compiled
to binary code or otherwise). The Fedora package maintainer is in the
best position to figure out what this subset of material in the source
code is, and how it appears to be licensed.
Importantly, this "simply enumerate" approach means not attempting to
do any sort of further analysis such as GPL derivative works analysis,
algebraic simplifications or resolutions of long strings of
conjunctive license expressions based on longstanding community
conventions around FOSS licensing, etc.
As before, any comments on this are most welcome!
On Mon, May 23, 2022 at 12:37 PM Jilayne Lovejoy <jlovejoy(a)redhat.com> wrote:
> Hi Fedora legal and packaging,
> I'm cross-posting this, as I think it's relevant to both groups.
> The current policy for filling out the license field of the spec file (as described
states, "The License: field refers to the licenses of the contents of the binary rpm.
When in doubt, ask."
> As we consider how to improve documentation related to Fedora licensing, it would be
helpful to hear people's thoughts on the following:
> 1) how do you (package maintainers) interpret this policy in practice?
> 2) what further information/documentation about this policy would be helpful?
> 3) should this policy be different, and if so, how?
> 4) any other related thoughts or observations
> packaging mailing list -- packaging(a)lists.fedoraproject.org
> To unsubscribe send an email to packaging-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> Do not reply to spam on the list, report it:
legal mailing list -- legal(a)lists.fedoraproject.org
To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure