I wrote a script which converts Fedora's shortname to SPDX
https://pagure.io/copr/license-validate/blob/main/f/license-fedora2spdx.py
It is not packaged yet. You need to have `license-validate` and `rpminspect-data-fedora` packages installed. Plus the script above. In fact you need
https://github.com/rpminspect/rpminspect-data-fedora/blob/c06dee22da8db10c65...
because the file fedora.json in master and in Fedora's `rpminspect-data-fedora` is not JSON valid.
If you go over these obstacles you can try it:
$ ./license-fedora2spdx.pyGPLv2 GPL-2.0
$ ./license-fedora2spdx.py'MIT or (GPLv1 and Glide)' Warning: more options how to interpret MIT. Possible options: ['Adobe-Glyph', 'MIT-CMU', 'MIT-CMU', 'HPND', 'HPND', 'no-spdx-yet (MIT license (also X11))', 'SGI-B-2.0', 'SGI-B-2.0', 'SMLNJ', 'MI T-enna', 'MIT-feh', 'mpich2'] mpich2 or ( GPL-1.0 and Glide )
I.e. it will honor operators and parenthesis, and if the conversion is straight script will give you the result. If there is some confusion, e.g., Fedora's MIT shortname can be converted to more than one SPDX identifier, it will print a warning. And you should investigate what is the right SPDX identifier.
I welcome your comments. I will resolve any issues you will find and then add it to `license-validate` package.
I hope this will ease the migration to SPDX when the time comes.
Miroslav
Hi Miroslav,
Thanks for this!
One point of concern - I'm not sure that the rpminspect license data has a full compare of SPDX-Fedora identifiers. I'm not sure if David Cantrell is on this list, so copying him as he would know.
When it's complete the new license database will have the full compare, so that would be the better data to use.
To expand on the category issue (e.g., Fedora's MIT, BSD, GPLvX with exceptions) we might want to explain what "you should investigate" means. That is, one would need to find and look at the actual license text in that package and compare it to licenses on the SPDX License List (there is a cool browser plug-in that makes it easy to do this) and then update the spec file license field accordingly.
Thanks, Jilayne
On 2/20/22 12:53 PM, Miroslav Suchý wrote:
I wrote a script which converts Fedora's shortname to SPDX
https://pagure.io/copr/license-validate/blob/main/f/license-fedora2spdx.py
It is not packaged yet. You need to have `license-validate` and `rpminspect-data-fedora` packages installed. Plus the script above. In fact you need
https://github.com/rpminspect/rpminspect-data-fedora/blob/c06dee22da8db10c65...
because the file fedora.json in master and in Fedora's `rpminspect-data-fedora` is not JSON valid.
If you go over these obstacles you can try it:
$ ./license-fedora2spdx.pyGPLv2 GPL-2.0
$ ./license-fedora2spdx.py'MIT or (GPLv1 and Glide)' Warning: more options how to interpret MIT. Possible options: ['Adobe-Glyph', 'MIT-CMU', 'MIT-CMU', 'HPND', 'HPND', 'no-spdx-yet (MIT license (also X11))', 'SGI-B-2.0', 'SGI-B-2.0', 'SMLNJ', 'MI T-enna', 'MIT-feh', 'mpich2'] mpich2 or ( GPL-1.0 and Glide )
I.e. it will honor operators and parenthesis, and if the conversion is straight script will give you the result. If there is some confusion, e.g., Fedora's MIT shortname can be converted to more than one SPDX identifier, it will print a warning. And you should investigate what is the right SPDX identifier.
I welcome your comments. I will resolve any issues you will find and then add it to `license-validate` package.
I hope this will ease the migration to SPDX when the time comes.
Miroslav
legal mailing list --legal@lists.fedoraproject.org To unsubscribe send an email tolegal-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
Dne 24. 02. 22 v 22:52 Jilayne Lovejoy napsal(a):
One point of concern - I'm not sure that the rpminspect license data has a full compare of SPDX-Fedora identifiers. I'm not sure if David Cantrell is on this list, so copying him as he would know.
When it's complete the new license database will have the full compare, so that would be the better data to use.
When the transition is unknow - either because we are missing something or because the maintainer has typo in original string - user will get the warning in the style "you should investigate".
To expand on the category issue (e.g., Fedora's MIT, BSD, GPLvX with exceptions) we might want to explain what "you should investigate" means. That is, one would need to find and look at the actual license text in that package and compare it to licenses on the SPDX License List (there is a cool browser plug-in that makes it easy to do this) and then update the spec file license field accordingly.
Agree.
Miroslav
On Thu, Feb 24, 2022 at 02:52:45PM -0700, Jilayne Lovejoy wrote:
Hi Miroslav,
Thanks for this!
One point of concern - I'm not sure that the rpminspect license data has a full compare of SPDX-Fedora identifiers. I'm not sure if David Cantrell is on this list, so copying him as he would know.
I am on this list.
When it's complete the new license database will have the full compare, so that would be the better data to use.
To expand on the category issue (e.g., Fedora's MIT, BSD, GPLvX with exceptions) we might want to explain what "you should investigate" means. That is, one would need to find and look at the actual license text in that package and compare it to licenses on the SPDX License List (there is a cool browser plug-in that makes it easy to do this) and then update the spec file license field accordingly.
Thanks, Jilayne
On 2/20/22 12:53 PM, Miroslav Suchý wrote:
I wrote a script which converts Fedora's shortname to SPDX
https://pagure.io/copr/license-validate/blob/main/f/license-fedora2spdx.py
It is not packaged yet. You need to have `license-validate` and `rpminspect-data-fedora` packages installed. Plus the script above. In fact you need
https://github.com/rpminspect/rpminspect-data-fedora/blob/c06dee22da8db10c65...
because the file fedora.json in master and in Fedora's `rpminspect-data-fedora` is not JSON valid.
If you go over these obstacles you can try it:
$ ./license-fedora2spdx.pyGPLv2 GPL-2.0
$ ./license-fedora2spdx.py'MIT or (GPLv1 and Glide)' Warning: more options how to interpret MIT. Possible options: ['Adobe-Glyph', 'MIT-CMU', 'MIT-CMU', 'HPND', 'HPND', 'no-spdx-yet (MIT license (also X11))', 'SGI-B-2.0', 'SGI-B-2.0', 'SMLNJ', 'MI T-enna', 'MIT-feh', 'mpich2'] mpich2 or ( GPL-1.0 and Glide )
I.e. it will honor operators and parenthesis, and if the conversion is straight script will give you the result. If there is some confusion, e.g., Fedora's MIT shortname can be converted to more than one SPDX identifier, it will print a warning. And you should investigate what is the right SPDX identifier.
I welcome your comments. I will resolve any issues you will find and then add it to `license-validate` package.
I hope this will ease the migration to SPDX when the time comes.
Miroslav
legal mailing list --legal@lists.fedoraproject.org To unsubscribe send an email tolegal-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
-
David Cantrell -
Jilayne Lovejoy -
Miroslav Suchý