Hi,
I tried to update python gelidum to SPDX.
I wanted to check the license file [0] with licensecheck.
The output is "MIT License". As I was not sure whether that is old notation or SPDX, I checked the documentation [1], and that says it is "Full name" instead.
I went to the list of allowed license [2] and searched for "MIT License" - but there is no license with such a name.
Do I need to open an issue for that license at [3]? Are the docs at [1] wrong? Did I use the wrong tool?
Thanks, David
[0] https://github.com/diegojromerolopez/gelidum/blob/main/LICENSE [1] https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_licensechec... [2] https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ [3] https://gitlab.com/fedora/legal/fedora-license-data/-/issues
Hi David,
I see the MIT License on the allowed licenses page, see the attached screenshot. Unless you have a MIT license with special modifications, you can use the "MIT" specifier.
https://spdx.org/licenses/MIT.html
Cheers, Justin (he/him) Sent from mobile
On Tue, May 2, 2023, 05:37 David Schwörer david08741@gmail.com wrote:
Hi,
I tried to update python gelidum to SPDX.
I wanted to check the license file [0] with licensecheck.
The output is "MIT License". As I was not sure whether that is old notation or SPDX, I checked the documentation [1], and that says it is "Full name" instead.
I went to the list of allowed license [2] and searched for "MIT License" - but there is no license with such a name.
Do I need to open an issue for that license at [3]? Are the docs at [1] wrong? Did I use the wrong tool?
Thanks, David
[0] https://github.com/diegojromerolopez/gelidum/blob/main/LICENSE [1] https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_licensechec... [2] https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ [3] https://gitlab.com/fedora/legal/fedora-license-data/-/issues _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Hi David,
I see the MIT License on the allowed licenses page, see the attached screenshot. Unless you have a MIT license with special modifications, you can use the "MIT" specifier.
Hi Justin,
So "MIT License" matches "MIT:Modern Style with sublicense"? In that case that answers my question, but is there somewhere this sort of mapping documented?
Best, David
https://spdx.org/licenses/MIT.html
Cheers, Justin (he/him) Sent from mobile
Hi David,
To the best of my knowledge, "MIT License" matches "MIT:Modern Style with sublicense". Someone else on the list should probably confirm though.
The reason for the several MIT mappings is that often, projects claim to use the MIT License but then add extra language that is not the standard license text. So, there are various flavors of the MIT License. The unusual flavors are often specific to a smaller project or group of projects. Perhaps it would be better to distinguish the Allowed Licenses list to better communicate which SPDX tag should be used as the "default" MIT license. I also thought the docs were unclear for someone who isn't immersed in licensing.
On Tue, May 2, 2023 at 7:39 AM David Schwörer david08741@gmail.com wrote:
Hi David,
I see the MIT License on the allowed licenses page, see the attached screenshot. Unless you have a MIT license with special modifications, you can use the "MIT" specifier.
Hi Justin,
So "MIT License" matches "MIT:Modern Style with sublicense"? In that case that answers my question, but is there somewhere this sort of mapping documented?
Best, David
https://spdx.org/licenses/MIT.html
Cheers, Justin (he/him) Sent from mobile
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Tue, May 2, 2023 at 7:59 AM Justin W. Flory (he/him) jwf@redhat.com wrote:
Hi David,
To the best of my knowledge, "MIT License" matches "MIT:Modern Style with sublicense". Someone else on the list should probably confirm though.
The reason for the several MIT mappings is that often, projects claim to use the MIT License but then add extra language that is not the standard license text. So, there are various flavors of the MIT License. The unusual flavors are often specific to a smaller project or group of projects. Perhaps it would be better to distinguish the Allowed Licenses list to better communicate which SPDX tag should be used as the "default" MIT license. I also thought the docs were unclear for someone who isn't immersed in licensing.
In SPDX, the identifier "MIT" is defined in this XML file: https://github.com/spdx/license-list-XML/blob/main/src/MIT.xml which should be understood in conjunction with the SPDX Matching Guidelines: https://spdx.github.io/spdx-spec/v2.3/license-matching-guidelines-and-templa... (not sure if there is a later authoritative version of this)
As an aside I think SPDX should do more to explain this issue of how the precise definitions of identifiers are the XML files along with the Matching Guidelines. I recently made this comment on an issue: https://github.com/spdx/license-list-XML/issues/1935#issuecomment-1519092889
Anyway, what Fedora used to call (under the Callaway system) "MIT Modern Style with Sublicense" as one common example of what the Callaway name "MIT" covered matches exactly to SPDX "MIT". The SPDX License Diff browser plugin is pretty useful for verifying things like this, though I'm pretty sure even this tool does not fully implement the SPDX matching guidelines or the XML definitions of the various SPDX license identifiers. This "MIT" happens to encompass the most widely used license commonly thought of as "the MIT License", probably due to the earlier influence of the OSI. I guess it would be helpful to point this out in the Fedora legal docs somewhere or on the allowed license list itself. But the fact that "MIT license" usually is something that maps to SPDX "MIT" is not really relevant for a large number of Fedora packages.
Richard
Hi David,
In the old Fedora system, "MIT" was a category shortname to refer to many variations that would be different licenses under SPDX. See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_mit
FWIW, here's how I checked how this text matched against the SPDX License List to begin with: - went to https://github.com/diegojromerolopez/gelidum/blob/main/LICENSE - highlight license text and used SPDX-diff browser plugin - which showed me an exact match to MIT
This was an easy one. Sometimes, you need to do a bit of interpreting with the SPDX-diff tool (see https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_spdx_licens...
Make sure to note the update in your commit comment, so it will get counted by Miroslav's tracker! https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_change...
I'm not sure what to say about license-check results.
Thanks, Jilayne
On 5/2/23 5:59 AM, Justin W. Flory (he/him) wrote:
Hi David,
To the best of my knowledge, "MIT License" matches "MIT:Modern Style with sublicense". Someone else on the list should probably confirm though.
The reason for the several MIT mappings is that often, projects claim to use the MIT License but then add extra language that is not the standard license text. So, there are various flavors of the MIT License. The unusual flavors are often specific to a smaller project or group of projects. Perhaps it would be better to distinguish the Allowed Licenses list to better communicate which SPDX tag should be used as the "default" MIT license. I also thought the docs were unclear for someone who isn't immersed in licensing.
On Tue, May 2, 2023 at 7:39 AM David Schwörer david08741@gmail.com wrote:
> Hi David, > > I see the MIT License on the allowed licenses page, see the attached > screenshot. Unless you have a MIT license with special modifications, you > can use the "MIT" specifier. Hi Justin, So "MIT License" matches "MIT:Modern Style with sublicense"? In that case that answers my question, but is there somewhere this sort of mapping documented? Best, David > > https://spdx.org/licenses/MIT.html > > Cheers, > Justin (he/him) > Sent from mobile _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue-- /Cheers/, *Justin W. Flory* (/he/him/) || 📧 jwf@redhat.com || 🔗 jwf.io http://jwf.io *Fedora* Community Architect TZ=America/New_York (UTC-4) 🕗
While I may be sending this email outside my normal office hours, I have no expectation to receive a reply outside yours.
legal mailing list --legal@lists.fedoraproject.org To unsubscribe send an email tolegal-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue
Hi David,
In the old Fedora system, "MIT" was a category shortname to refer to many variations that would be different licenses under SPDX. See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_mit
FWIW, here's how I checked how this text matched against the SPDX License List to begin with:
- went to https://github.com/diegojromerolopez/gelidum/blob/main/LICENSE
- highlight license text and used SPDX-diff browser plugin - which
showed me an exact match to MIT
I see, so I need that browser plugin to check the licenses. I was hoping for an scriptable tool, like license-check, but if that is the recommended way to go, then I will use that in the future.
This was an easy one. Sometimes, you need to do a bit of interpreting with the SPDX-diff tool (see https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_spdx_lic...
Make sure to note the update in your commit comment, so it will get counted by Miroslav's tracker! https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_cha...
Will do, thanks!
I'm not sure what to say about license-check results.
Thanks, Jilayne
Dne 02. 05. 23 v 11:36 David Schwörer napsal(a):
I wanted to check the license file [0] with licensecheck.
The output is "MIT License". As I was not sure whether that is old notation or SPDX, I checked the documentation [1], and that says it is "Full name" instead.
Jumping too late to this thread, but ....:
licensecheck--shortname-scheme=spdx .
-
David Schwörer -
Jilayne Lovejoy -
Justin W. Flory (he/him) -
Miroslav Suchý -
Richard Fontana