On Wed, Jun 08, 2022 at 01:08:38PM -0600, Jilayne Lovejoy wrote:
On 6/8/22 12:08 PM, Richard Fontana wrote:
> On Wed, Jun 8, 2022 at 1:58 PM Jilayne Lovejoy <jlovejoy(a)redhat.com> wrote:
> > How to request review of a new license
> > If you find a license for a package you want to include in Fedora and that
license is not listed in the Fedora License Data, you can submit it for review as
follows:
> >
> > Note: you must be a Fedora contributer and become part of the Fedora Gitlab
group. See LINK for more on how to become a Fedora contributor.
> I can sort of see why you'd want the submitter to be a Fedora
> contributor (I assume that means a Fedora account holder) but is it
> necessary to become part of the Fedora Gitlab group just to submit an
> issue?
Not up to us, as far as I understand it, so was adding that as an
expectation. Looks like Neal may have answered this in next email as well.
>
> > 1) Create a new issue in the Fedora License Data repo with the following
information: license name, link to text of license, package name and link, why you want to
include it in Fedora, whether it is on the SPDX License List, and the SPDX expression as
applicable (see below for hints on determining if a license text matches a license on the
SPDX License List)
> Is "why you want to include it in Fedora" necessary? If they are
> linking to a package, presumably that's either an existing Fedora
> package (i.e., the license *should* have been approved but never was,
> or was approved based on outdated criteria and methodology) or a
> proposed Fedora package. So the rationale for inclusion should always
> be obvious and not require any further justification.
okay, fair enough. I wasn't sure if that was something that was included in
the past. I'll remove that part!
I think it's useful to specify a link to the package review or such.
(Why? For example the following scenario: a package review request is created,
then it becomes blocked on the license review, and for whatever reason it
takes a long time. Once the license ticket is closed, people would like
to jump back to the package review…) In general, more links is better,
it's hard to coordinate things between the different trackers that Fedora
uses.
So maybe make the "why you want to include it in Fedora" part optional:
"Reason for the license review? (Optional. E.g. link to package review
ticket.)"
> > ` If the license is not on the SPDX License List, then
submit the license to the to the SPDX-legal team at
https://tools.spdx.org/app/submit_new_license/. In addition to the required information,
include a note that it is under review for Fedora and a link to the related Fedora License
Data Gitlab issue.
> Shouldn't this step depend on the license actually being approved by
> Fedora first? I guess that's more of an SPDX question than a Fedora
> question. Do you want people to be submitting licenses to SPDX even if
> the end result might be that Fedora classifies it as "not allowed"? Of
> course the license might still meet SPDX's inclusion guidelines.
That is how I had it at first, but I am thinking that giving SPDX a heads up
sooner than later would be advantageous. That way the SPDX id can be sort
of prepped and then if the license ends up being not-allowed, well, closing
an issue on the SPDX side as "not accepted" (to the SPDX License List) is
relatively easy. :)
Zbyszek