Hi all,
Richard has been very busy reviewing licenses and related activities, and consequently approx 13 new license submissions to SPDX on behalf of Fedora. See: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label... Some of these have corresponding issues in our Gitlab data repo and labeled as "blocked on SPDX."
From the SPDX side to best shepherd these, can I get a little help on two aspects: 1) which of these submissions are priority from a Fedora perspective? That is, are any package maintainers waiting on SPDX (I know some of these are from leftover Fedora licenses we tagged as "needs more research" when we did the initial compare, which seems to suggest it may not be a blocking issue) - comments in the SPDX Github issue would be appreciated as to any that should be prioritized above others.
2) By way of SPDX processes, when a license has been determined to be accepted, we ask the submitter to help prepare the files for the SPDX license data. However, I'm not sure if Richard should be on the hook for all of these! Can anyone else from the Fedora legal community offer to help with this part? If so, indicate in the relevant issue and SPDX folks will point you to documentation to explain the process further (it's pretty easy, even I can do it)
Thanks! Jilayne
Hi Jilayne,
All but a few of these came out of my own research into certain Fedora packages or the "Callaway" licenses previously analyzed by you and I think others on the SPDX-legal team. As such, they are all very low priority from my perspective. The priority should be given to any licenses submitted by actual Fedora package maintainers. I think there have only been a couple of those so far. In one or two cases I submitted a license on behalf of the Fedora package maintainer. Those should be higher priority. Generally, though, if I submit something to SPDX-legal it is (from my perspective, at least) low priority. I think it should be easy to identify the (so far) few high priority ones but I can help with that if needed.
BTW: I am pretty sure only a small percentage of Fedora package maintainers are subscribed to this list. I don't believe it is considered mandatory or even recommended for Fedora package maintainers to do so and I think many may not even know this list exists!
In the fedora-license-data project, I have been using the labels SPDX::blocked for any case where a license is determined (or already known from the Callaway era) to be 'allowed' and it has been submitted to SPDX in order to get an SPDX identifier as described in our documentation, and where we don't seem to have a final decision from SPDX yet. I am not using SPDX::blocked to mean "major event holding things up". If anyone thinks there is better terminology to use here I'm all ears. :) I do think it is very important to have a label showing that things are halted on the Fedora side until SPDX takes action, because that is a critical and, frankly, controversial element of the process we decided to set up: Fedora blocks on SPDX adding new license identifiers, probably the first time in Fedora's history when Fedora packaging processes have been dependent on actions taken by an external project/team. I will admit that I am a little skeptical about whether that is going to work out ultimately but so far (a month into the new process) it has been OK.
Regarding 2, I would be happy to help with this but haven't had time to look into what has to be done. I assume it involves XML and I have always hated XML aesthetically so that is partly why I have not contributed any work on the files yet. :)
Richard
On Tue, Aug 30, 2022 at 1:46 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi all,
Richard has been very busy reviewing licenses and related activities, and consequently approx 13 new license submissions to SPDX on behalf of Fedora. See: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label... Some of these have corresponding issues in our Gitlab data repo and labeled as "blocked on SPDX."
From the SPDX side to best shepherd these, can I get a little help on two aspects:
which of these submissions are priority from a Fedora perspective? That is, are any package maintainers waiting on SPDX (I know some of these are from leftover Fedora licenses we tagged as "needs more research" when we did the initial compare, which seems to suggest it may not be a blocking issue) - comments in the SPDX Github issue would be appreciated as to any that should be prioritized above others.
By way of SPDX processes, when a license has been determined to be accepted, we ask the submitter to help prepare the files for the SPDX license data. However, I'm not sure if Richard should be on the hook for all of these! Can anyone else from the Fedora legal community offer to help with this part? If so, indicate in the relevant issue and SPDX folks will point you to documentation to explain the process further (it's pretty easy, even I can do it)
Thanks! Jilayne _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
On 8/30/22 3:11 PM, Richard Fontana wrote:
Hi Jilayne,
All but a few of these came out of my own research into certain Fedora packages or the "Callaway" licenses previously analyzed by you and I think others on the SPDX-legal team. As such, they are all very low priority from my perspective. The priority should be given to any licenses submitted by actual Fedora package maintainers. I think there have only been a couple of those so far. In one or two cases I submitted a license on behalf of the Fedora package maintainer. Those should be higher priority. Generally, though, if I submit something to SPDX-legal it is (from my perspective, at least) low priority. I think it should be easy to identify the (so far) few high priority ones but I can help with that if needed.
Saw your comments as to what is low priority v. high in the SPDX issues, thanks, that's helpful! I've tagged them for upcoming milestones accordingly.
BTW: I am pretty sure only a small percentage of Fedora package maintainers are subscribed to this list. I don't believe it is considered mandatory or even recommended for Fedora package maintainers to do so and I think many may not even know this list exists!
good point, maybe I'll repost to devel later...
In the fedora-license-data project, I have been using the labels SPDX::blocked for any case where a license is determined (or already known from the Callaway era) to be 'allowed' and it has been submitted to SPDX in order to get an SPDX identifier as described in our documentation, and where we don't seem to have a final decision from SPDX yet. I am not using SPDX::blocked to mean "major event holding things up". If anyone thinks there is better terminology to use here I'm all ears. :)
thanks for the description. I just went through all the MRs and labeled them to be able to pull some data, so I have some thoughts I should jot down on this, so we are using the labels consistently.
I do think it is very important to have a label showing that things are halted on the Fedora side until SPDX takes action, because that is a critical and, frankly, controversial element of the process we decided to set up: Fedora blocks on SPDX adding new license identifiers, probably the first time in Fedora's history when Fedora packaging processes have been dependent on actions taken by an external project/team. I will admit that I am a little skeptical about whether that is going to work out ultimately but so far (a month into the new process) it has been OK.
yeah, I guess if we wanted to see where "block" meant waiting, then the current use of the labels doesn't catch that. but then maybe it's not worth the time to get that granular, as we'll kind of know more generally?
Regarding 2, I would be happy to help with this but haven't had time to look into what has to be done. I assume it involves XML and I have always hated XML aesthetically so that is partly why I have not contributed any work on the files yet. :)
well, I did one and we can look into getting more help - it's not hard, if I can do it! ;)
J.
Richard
On Tue, Aug 30, 2022 at 1:46 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi all,
Richard has been very busy reviewing licenses and related activities, and consequently approx 13 new license submissions to SPDX on behalf of Fedora. See: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+label... Some of these have corresponding issues in our Gitlab data repo and labeled as "blocked on SPDX."
From the SPDX side to best shepherd these, can I get a little help on two aspects:
which of these submissions are priority from a Fedora perspective? That is, are any package maintainers waiting on SPDX (I know some of these are from leftover Fedora licenses we tagged as "needs more research" when we did the initial compare, which seems to suggest it may not be a blocking issue) - comments in the SPDX Github issue would be appreciated as to any that should be prioritized above others.
By way of SPDX processes, when a license has been determined to be accepted, we ask the submitter to help prepare the files for the SPDX license data. However, I'm not sure if Richard should be on the hook for all of these! Can anyone else from the Fedora legal community offer to help with this part? If so, indicate in the relevant issue and SPDX folks will point you to documentation to explain the process further (it's pretty easy, even I can do it)
Thanks! Jilayne _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--