-------- Přeposlaná zpráva -------- Předmět: SPDX Statistics - Wichterle edition Datum: Fri, 27 Oct 2023 09:41:57 +0200 Od: Miroslav Suchý msuchy@redhat.com Společnost: Red Hat Czech, s.r.o. Komu: Development discussions related to Fedora devel@lists.fedoraproject.org
Hot news:
fedora-license data now includes machine readable field with known exceptions to use otherwise not-allowed exception
https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/422
This field is already exported to JSON and license-validate understand it:
$ license-validate--packagefedora-logos LicenseRef-Fedora-Logos Uses not-allowed license, but package is known to be exception. Run with -v option to see more information. $ license-validate LicenseRef-Fedora-Logos Uses not-allowed license. Run with -v option to see more information. [exit code 1]
rpminspect feature is tracked under https://github.com/rpminspect/rpminspect/issues/1286
If you have a package that uses not-allowed license and you are using exception, please open issue at https://gitlab.com/fedora/legal/fedora-license-data
Now lets dive into numbers:
Two weeks ago we had:
23188 spec files in Fedora
29635license tags in all spec files
12724 tags have not been converted to SPDX yet
5742tags can be trivially converted using `license-fedora2spdx`
Progress: 57.06% ░░░░░█████ 100%
ELN subset:
490 out of 3139 packages are not converted yet
Today we have:
* 23282 spec files in Fedora
* 29750license tags in all spec files
* 12512 tags have not been converted to SPDX yet
* 5677tags can be trivially converted using `license-fedora2spdx`
* Progress: 57.94% ░░░░░█████ 100%
ELN subset:
437 out of 3013 packages are not converted yet (progress 85%)
Graph with the burndown chart:
https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rp...
The list of packages needed to be converted is here:
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-fi...
List by package maintainers is here
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-fi...
List of packages from ELN subset that needs to be converted:
https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt
New version of fedora-license-data has been released. With 1 new license (plus bunch of public domain declarations). 20 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%...
Legal docs and especially
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
was updated too.
New projection when we will be finished is 2024-09-07. Pure linear approximation.
If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list
https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt
Either pull-request or direct email to me is fine.
Tip of the day:
Do you know there is a standard to describe license of project that consist of different files with different licenses? https://reuse.software/
Why Wichterle edition? On today's date at 1913, the inventor of soft contact lens was born. His story is full of surprises: he used kids toy set to construct first Spin Casting Machine; Czech regime sold the patent to US company for couple of bucks because they did not want to allow traveling of this scientist to US to defend the patent. And Otto Wichterle spent most of his life as regular scientist without any glory because he signed petition against a regime.
https://en.wikipedia.org/wiki/Otto_Wichterle
https://web.archive.org/web/20150129033858/http://www.andrewgasson.co.uk/opi...
Do you hesitate how to proceed with the migration? Please follow
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/
Miroslav
-
Miroslav Suchý