Fwd: SPDX Statistics - 108 packages remaining - legal - Fedora mailing-lists

4 Jun 2025

      -------- Přeposlaná zpráva --------
Předmět: 	SPDX Statistics - 108 packages remaining
Datum: 	Wed, 4 Jun 2025 12:01:54 +0200
Od: 	Miroslav Suchý msuchy@redhat.com
Společnost: 	Red Hat Czech, s.r.o.
Komu: 	Development discussions related to Fedora devel@lists.fedoraproject.org
Hot news:
- in fedora-license-data - Richard and I are working together on old and painful issues. The number of open issues is 
now less than 50. This has been done while new requests are still coming.
- several maintainers overwrote already migrated license tag or used incorrect license ID. I can detect this easily and 
I communicate with each of them individually to find the solution.
- while the numbers seems to be the same like month ago (108 packages remaining) it was about +20 and -20.
- Packages with invalid licenses are either resolved or are close to be resolved.
Five weeks ago we had:
...

24479 spec files in Fedora

31088license tags in all spec files

108 tags are not SPDX compliant (number from line bellow minus packages with LicenseRef-Callaway-*)

2143tags have not been converted to SPDX yet

11 tags can be trivially converted using `license-fedora2spdx`

Progress: 99.63% ░░░░░░░░░█100%

ELN subset:
58 out of 2322 packages are not converted yet (progress 97.65%)
Today we have:
* 24552 spec files in Fedora
* 31159license tags in all spec files
* 108 tags are not SPDX compliant (number from line bellow minus packages with LicenseRef-Callaway-*)
* 2093tags have not been converted to SPDX yet
* 8 tags can be trivially converted using `license-fedora2spdx`
* Progress: 99.65% ░░░░░░░░░█100%
ELN subset:
55 out of 2291 packages are not converted yet (progress 97.65%)
Graph of these data with the burndown chart:
https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rp...
The list of packages needed to be converted is here:
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-fi...
List by package maintainers is here
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-fi...
Packages that are neither in SPDX nor in Callaway format (highest priority for now) - 30 packages:
https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-pa...
Most of such packages has open issue in fedora-license-data. A lot of them are waiting for SPDX to approved the license 
and assign ID.
I released new version of fedora-license-data with 10 new license and several public domain or ultra permissive findings.
8 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%...
If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list
https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt
Either pull-request or direct email to me is fine.
Miroslav