I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
Miroslav
* Miroslav Suchý:
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
For individual packages, should Fedora use the SPDX identifiers employed by upstream, or the ones we believe match the actual license of the package?
Thanks, Florian
Dne 10. 05. 22 v 9:17 Florian Weimer napsal(a):
For individual packages, should Fedora use the SPDX identifiers employed by upstream, or the ones we believe match the actual license of the package?
Good question.
I think this is the same situation as we have right now. I have seen SW which claims to be licensed under MIT license, but actually some files were under differente license. So we have in SPEC file:
# file foo.c is licensed under GPL # everything else is MIT License: MIT and GPL
To answer your question - you should use the identifier the you believe match the actual license and document the difference from upstream in comment above the tag. Ideally with the link to upstream issue.
Miroslav
Dne 10. 05. 22 v 9:06 Miroslav Suchý napsal(a):
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
Nice! Thx.
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
I am honestly not sure about:
There will be Phase 2, where we identify the remaining packages and
help them to migrate to the SPDX formula.
1) I think it will be risky to do this via automation.
2) I don't think we will ever have the man power to do this.
3) I don't think this should happen any time soon.
Vít
Miroslav _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 5/10/22 1:56 AM, Vít Ondruch wrote:
Dne 10. 05. 22 v 9:06 Miroslav Suchý napsal(a):
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
Nice! Thx.
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
at the risk of sounding naive or clueless - what does "ready for wrangler" mean?
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
I am honestly not sure about:
There will be Phase 2, where we identify the remaining packages and
help them to migrate to the SPDX formula.
- I think it will be risky to do this via automation.
only some of the ids could be done via automation in any case. many will need a closer inspection
- I don't think we will ever have the man power to do this.
I agree that some additional help or tooling process or hackfest or ... ??? would be good. need more brainstorming on this.
- I don't think this should happen any time soon.
but we also don't want a period of using a mix of Fedora ids and SPDX ids in Fedora to linger on for a long time as that would sort of defeat the purpose of making the change. hence some planning around 1 and 2 would help perhaps
Vít
Miroslav _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Dne 10. 05. 22 v 16:56 Jilayne Lovejoy napsal(a):
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
at the risk of sounding naive or clueless - what does "ready for wrangler" mean?
No question is naive.
Change Wrangler https://fedoraproject.org/wiki/Change_Wrangler
If you check source of the
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
there is
== Current status == [[Category:ChangePageIncomplete]] <!-- When your change proposal page is completed and ready for review and announcement --> <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> <!-- The Wrangler announces the Change to the devel-announce list and changes the category to Category:ChangeAnnounced (no action required) --> <!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->
When the Change proposal is in ChangePageIncomplete you can do whatever you want with that page and no one cares. Once you change the category to ChangeReadyForWrangler it will start ringing and Ben Cotton will announce it to developers and will file FESCO ticket and bunch of other tickets and machinery of discussion and voting about this proposal will start. The process is described here
https://docs.fedoraproject.org/en-US/program_management/changes_policy/#_cha...
Miroslav
Dne 10. 05. 22 v 16:56 Jilayne Lovejoy napsal(a):
On 5/10/22 1:56 AM, Vít Ondruch wrote:
Dne 10. 05. 22 v 9:06 Miroslav Suchý napsal(a):
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
Nice! Thx.
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
at the risk of sounding naive or clueless - what does "ready for wrangler" mean?
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
I am honestly not sure about:
There will be Phase 2, where we identify the remaining packages and
help them to migrate to the SPDX formula.
- I think it will be risky to do this via automation.
only some of the ids could be done via automation in any case. many will need a closer inspection
- I don't think we will ever have the man power to do this.
I agree that some additional help or tooling process or hackfest or ... ??? would be good. need more brainstorming on this.
- I don't think this should happen any time soon.
but we also don't want a period of using a mix of Fedora ids and SPDX ids in Fedora to linger on for a long time as that would sort of defeat the purpose of making the change. hence some planning around 1 and 2 would help perhaps
Well, yes, that is good point. Still not sure.
Actually, @Mirek shouldn't the Phase 2 be "SPDX is mandatory for new packages from certain point in time" instead followed by Phase 3 with complete migration to SPDX?
Vít
On 5/11/22 4:44 AM, Vít Ondruch wrote:
Dne 10. 05. 22 v 16:56 Jilayne Lovejoy napsal(a):
On 5/10/22 1:56 AM, Vít Ondruch wrote:
Dne 10. 05. 22 v 9:06 Miroslav Suchý napsal(a):
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
Nice! Thx.
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
at the risk of sounding naive or clueless - what does "ready for wrangler" mean?
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
I am honestly not sure about:
There will be Phase 2, where we identify the remaining packages
and help them to migrate to the SPDX formula.
- I think it will be risky to do this via automation.
only some of the ids could be done via automation in any case. many will need a closer inspection
- I don't think we will ever have the man power to do this.
I agree that some additional help or tooling process or hackfest or ... ??? would be good. need more brainstorming on this.
- I don't think this should happen any time soon.
but we also don't want a period of using a mix of Fedora ids and SPDX ids in Fedora to linger on for a long time as that would sort of defeat the purpose of making the change. hence some planning around 1 and 2 would help perhaps
Well, yes, that is good point. Still not sure.
Actually, @Mirek shouldn't the Phase 2 be "SPDX is mandatory for new packages from certain point in time" instead followed by Phase 3 with complete migration to SPDX?
I was thinking that Phase 1 (the point at which SPDX ids are officially adopted and the various tasks noted in the Change proposal) would mean: SPDX ids are mandatory for new packages as of DATE. Phase 2 would then be all about how to most efficiently get existing package spec files updated - which will be a longer phase.
Jilayne
Vít
legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Dne 11. 05. 22 v 19:24 Jilayne Lovejoy napsal(a):
Actually, @Mirek shouldn't the Phase 2 be "SPDX is mandatory for new packages from certain point in time" instead followed by Phase 3 with complete migration to SPDX?
Can be. But I really hope that we will able to do everything during Phase 2. That is my plan. And the God is smiling when human do plans. :)
I was thinking that Phase 1 (the point at which SPDX ids are officially adopted and the various tasks noted in the Change proposal) would mean: SPDX ids are mandatory for new packages as of DATE. Phase 2 would then be all about how to most efficiently get existing package spec files updated - which will be a longer phase.
+1
Miroslav
Dne 12. 05. 22 v 9:09 Miroslav Suchý napsal(a):
Dne 11. 05. 22 v 19:24 Jilayne Lovejoy napsal(a):
Actually, @Mirek shouldn't the Phase 2 be "SPDX is mandatory for new packages from certain point in time" instead followed by Phase 3 with complete migration to SPDX?
Can be. But I really hope that we will able to do everything during Phase 2. That is my plan. And the God is smiling when human do plans. :)
I was thinking that Phase 1 (the point at which SPDX ids are officially adopted and the various tasks noted in the Change proposal) would mean: SPDX ids are mandatory for new packages as of DATE.
But there is this sentence: "This move is opt-in." which implies to me that the SPDX is not mandatory as part of Phase 1. Not even for new packages.
Vít
Phase 2 would then be all about how to most efficiently get existing package spec files updated - which will be a longer phase.
+1
Miroslav
legal mailing list --legal@lists.fedoraproject.org To unsubscribe send an email tolegal-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
Dne 12. 05. 22 v 10:25 Vít Ondruch napsal(a):
But there is this sentence: "This move is opt-in." which implies to me that the SPDX is not mandatory as part of Phase
- Not even for new packages.
Fair enough.
So let's move the mandatory part to Phase 2. I amended the proposal.
Miroslav
This proposal has been announced on the devel mailing list: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/...
Dne 10. 05. 22 v 9:56 Vít Ondruch napsal(a):
Dne 10. 05. 22 v 9:06 Miroslav Suchý napsal(a):
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
Yesterday, I met with David. And we together edited the scope. And sorted it by priorities.
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1#Scope
And I have drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2
Note that Fedora 37 branching is on 2022-08-09
https://fedorapeople.org/groups/schedule/f-37/f-37-key-tasks.html
So we have almost three months to do the work.
Unless you stop me, I want to submit the proposal of "Phase 1" as Ready for Wrangler next week.
Miroslav
I tried to do the automatic conversion for all spec files. Just to get the numbers. Here are the results:
* 28478 - number of all lines with |License| tag in spec files * 2176 - errors in parsing the license. I estimate that about a hundred packages do not use correct short name identifiers https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/DXVRRXMYXCHTP47DXMLLIGYUX6C5TDVQ/. The rest of this is likely a result of this issue in fedora-license-data https://gitlab.com/fedora/legal/fedora-license-data/-/issues/3. * 14931 - there is more than one option on how to convert the short name to SPDX (i.e., the cases of MIT, BSD, etc.)
That means that 11371 license strings can be automatically converted.
I amended the Change proposal and added this findings there.
Miroslav
Hi Miroslav,
Thanks for doing this. I've been meaning to give a more thorough update, so now you've made that easier!
I'll try to add a few things to the wiki page you started. Ironically, another aspect of this is to move the licensing/legal info off the wiki! In doing so, review and needed updates to the documentation is also occurring which is why you've seen some topics being raised by Richard on this mailing list.
I have some questions about you license-fedora2spdx tool - is this using the data from the (new) TOML files in terms of mapping Fedora-SPDX ids?
Thanks, Jilayne
On 5/10/22 1:06 AM, Miroslav Suchý wrote:
I took the initiative and drafted
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
I did **not** set it as ready for wrangler yet. I welcome comments. And feel free to edit it directly. Especially these who I put there as proposal owners.
I would love to track all remaining work in the Scope section, so we know what needs to be done and who is responsible. I am sure I missed something there. Feel free to add it.
Miroslav
Dne 10. 05. 22 v 16:19 Jilayne Lovejoy napsal(a):
I have some questions about you license-fedora2spdx tool - is this using the data from the (new) TOML files in terms of mapping Fedora-SPDX ids?
Yes:
https://pagure.io/copr/license-validate/blob/main/f/license-fedora2spdx.py#_...
David indicated that the file can move to different package. If/when it change the location, I will update the script.
BTW: I am really sorry for the stupid typo in the subject of this thread. :(
Miroslav
-
Ben Cotton -
Florian Weimer -
Jilayne Lovejoy -
Miroslav Suchý -
Vít Ondruch