On 1/5/22 10:42 AM, David Cantrell
wrote:
On Tue, Jan 04,
2022 at 09:05:59PM -0800, Jilayne Lovejoy wrote:
On 1/4/22 9:27 AM, David Cantrell wrote:
On Wed, Dec 29, 2021 at 11:46:44AM
-0500, Richard Fontana wrote:
On Wed, Dec 29, 2021 at 11:22 AM
Miroslav Suchý <msuchy@redhat.com> wrote:
I want to clarify one thing I am working on. When I have
this string in License tag in spec:
Good License or Bad license
Then the result is Good license and the package is allowed
to be in Fedora, right?
So first of all if I change your question to be about the
actual
underlying license terms of the package as opposed to the
representation in the spec file, I believe the answer must
be "yes"
and there are probably a lot of examples of this in Fedora.
(Think of
any arbitrary package that says it's under some FOSS license
and also
says informally that proprietary licenses are also
available.)
With the spec file, though, I believe there is an
inconsistency in how
Fedora deals with this, but this is just a casual
impression. On the
one hand, there is the common case of traditionally-licensed
Perl
modules (typically, a dual license involving unversioned GPL
and a
license identified as the Artistic License 1.0 [which I
realize exists
in multiple forms, but let's ignore that]). Fedora spec
files for such
Perl module packages generally say something like "GPL or
Artistic",
even though Fedora classifies the Artistic License as a
"bad" license.
I *think* there may be other examples, not involving Perl
modules or
the Artistic License, where the code is dual licensed under
a good
license and a bad license and the spec file only gives the
good
license. The only rationale I could come up with for the
difference in
approach is that the Artistic License, while "bad" from
Fedora's
perspective, is generally seen as plausibly-FOSS (it's an
OSI-approved
license, for one thing).
I think it comes down to whether Fedora wants to have spec
files that
say, for example, "GPL or Proprietary" much as it has spec
files that
say "GPL or Artistic".
It's true there is inconsistency regarding the License tag in
the spec
file. As the package maintainer and as part of the Fedora
project, I
would prefer that the License tag in the spec reflect the
license
terms that we are distributing the built package against. So
in the
case of Perl modules that are generally GPL or Artistic, the
Fedora
project is really redistributing them under the terms of the
GPL only,
right?
I think the answer to the inconsistency here is to set a policy
relating to disjunctive licensed packages and then document that
in the packaging guidelines. This would provide clarity for both
package maintainers as well as downstream recipients. My
recommendation would be that in the case where (random example):
The package license upstream is: AGPL-3.0-or-later OR SSPL-1.0
and where Fedora would not allow SSPL-1.0, then the License
field in the spec file would simply indicate:
AGPL-3.0-or-later
If one really wants to be thorough and there is some kind of
comment field in the Spec file (I think I've seen this?), then
one could note something along the lines of "This package is
licensed upstream as AGPL-3.0-or-later OR SSPL-1.0"
Yes, this is what I was thinking. And as Richard noted in a later
followup,
this has been the standard we've followed for a while--but I don't
think we've
actually written it down formally. We should do that.
So, I have just made another commit to the license packaging
guidelines to update the sections on dual-licensing, multiple
licenses and use of "with" for license exception over here:
https://pagure.io/packaging-committee/pull-request/1142
In light of this thread, I'd suggest we update the first sentence of
the Dual Licensing section to say, "If your package is dual licensed under a choice of two (or three, etc.) licenses and both licenses are "good" for Fedora, the License: field must reflect this by using "OR" as a separator. "
and add the following to the Dual Licensing section:
"If your package is licensed under a choice of two licenses and one
is a "good" license and one is a "bad" license, then the License:
field must reflect the "good" license only contain a comment
explaining the original choice.
Example: Package dbfoo is dual licensed under Affero General Public
License v3 or Server Side Public License and Fedora considers the
Server Side Public License as "bad". Note the choice in a comment
above the License: field and the License field as follows:
# The upstream package license is: AGPL-3.0-or-later OR SSPL-1.0
License: AGPL-3.0-or-later
"
How does that work in terms of making the guidelines for this case
more explicit?
Jilayne