Search results for "SPDX statistics" - devel

SPDX Statistics - Independence of Lithuania edition

by Miroslav Suchý

tl;dr - you converted 892 tags in 14 days, statistics script now does not mention recently introduced packages and you can put your package on ignore list Two weeks ago we had: > * 23060 spec files in Fedora > > * 29449license tags in all spec files > > * 21194 tags have not been converted to SPDX yet > > * 8439 tags can be trivially converted using `license-fedora2spdx` > Today we have: * 23107 spec files in Fedora * 29503license tags in all spec files * 20302 tags have not been converted to SPDX yet * 8096 tags can be trivially converted using `license-fedora2spdx` The list of packages needed to be converted is again here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... New version of fedora-license-data will be released tomorrow Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ will be updated too. I updated the progress in this spreadsheet: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... You converted 892 license tags in 14 days. Amazing! New projection when we will be finished is 2024-04-24. Pure linear approximation. Now, the script ignores packages that started after 2022-08-01, because by that time SPDX for License tags has been already mandatory. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or email to me is fine. I already put there some packages that has been reported in past. Tip: SPDX formula allows to list licenses that are not on SPDX list, is uses LicenseRef-* notation. In Fedora we use it on few places. You can read about it here https://docs.fedoraproject.org/en-US/legal/license-review-process/#_what_... Why Independence of Lithuania? Because today - 11th March 1990 Lithuania declared an independece. It was first republic from Soviet Union. It was not easy and several people had to pay by their life. https://en.wikipedia.org/wiki/Act_of_the_Re-Establishment_of_the_State_of... Do you hesitate how to proceed with the migration? Please follow https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ or attend SPDX office hours (see different thread in this mailing list) Miroslav

1 year, 2 months

SPDX Statistics - Book Smugglers edition

by Miroslav Suchý

Hot news: The last phase has been announce https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will proceed when approved with FESCO. RC2 of SPDX <https://rodina-sucha.cz/tags/SPDX> v.3 specification has been published. https://spdx.github.io/spdx-spec/v3.0/ <https://spdx.github.io/spdx-spec/v3.0/><https://spdx.github.io/spdx-spec/v3.0/>. Two weeks ago we had: > * 23786spec files in Fedora > > * 30396license tags in all spec files > > * 11182 tags have not been converted to SPDX yet > > * 5044 tags can be trivially converted using `license-fedora2spdx` > > * Progress: 63,21% ░░░░░░████ 100% > > ELN subset: > > 112 out of 2411 packages are not converted yet (progress 95.35%) > Today we have: * 23821spec files in Fedora * 30463license tags in all spec files * 11091 tags have not been converted to SPDX yet * 4996 tags can be trivially converted using `license-fedora2spdx` * Progress: 63,59% ░░░░░░████ 100% ELN subset: 105 out of 2411 packages are not converted yet (progress 95.64%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List of packages from ELN subset that needs to be converted: https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt New version of fedora-license-data has been released. With: 1 new license (plus two public domain declarations). 16 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%... Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. License analysis of remaining packages: http://miroslav.suchy.cz/fedora/spdx-reports/ New projection when we will be finished is 2025-02-22 (+21 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Book Smugglers? On this date, at 1846 was born Jurgis Bielinis who become successful book smugglers and even founded Garšviai Book Smuggling Society at the time of Lithuanian press ban. Bielinis is informally referred to as the King of Book Smugglers. Bielinis's birthday is commemorated as the Day of Book Smugglers. More reading about Lithuanian book smugglers: https://www.atlasobscura.com/articles/lithuanian-book-smugglers https://en.wikipedia.org/wiki/Jurgis_Bielinis (my favourite part is when he hid from police under his wife's skirt) Does it inspired you? You can become book smuggler even nowadays: https://wordsrated.com/global-book-banning-statistics/ Miroslav

2 months, 2 weeks

Re: SPDX Statistics - Book Smugglers edition

by Fabio Valentini

On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko <kloczko.tomasz(a)gmail.com> wrote: > > On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý <msuchy(a)redhat.com> wrote: >> >> Hot news: >> >> The last phase has been announce https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will proceed when approved with FESCO. > > > I think that generally you are wasting your man/hours posting such statistics. > The same time could be used better by going with a few grep. sort, sed oneliers to co update and align all packages License: fields and commit all those changes across all per packages repos in a few minutes. > Some of the proven packagers with RW access to all packages repos can apply necessary changes in a few tenths of minutes. > Subject of SPDX migrations are already IIRC active since July 2022 (soon it will be two years anniversary). > All those changes should not be applied relying on each package maintainers because that change is from Trival™️ class. While I agree with some of what you're saying here, the problem is that it is, in fact, *not trivial* in many cases. Migrating the License tag from Callaway to SPDX identifiers is only the "easy" part of the transition. Re-reviewing package contents and re-classifying licenses is the non-trivial part, and that definitely can't be scripted. Fabio

2 months, 2 weeks

SPDX Statistics - SPDX Hackfest edition

by Miroslav Suchý

Two weeks ago we had: > * 23000 spec files in Fedora (wow, nice round number :) ) > > * 29503license tags in all spec files > > * 18744 tags have not been converted to SPDX yet > > * 7157tags can be trivially converted using `license-fedora2spdx` > > * Progress: 36% ░░░███████ 100% > > ELN subset: > > * 1987 out of 4704 packages are not converted yet > Today we have: * 23030 spec files in Fedora (wow, nice round number :) ) * 29532license tags in all spec files * 18604 tags have not been converted to SPDX yet * 7059tags can be trivially converted using `license-fedora2spdx` * Progress: 37% ░░░███████ 100% ELN subset: * 1907 out of 4567 packages are not converted yet The list of packages needed to be converted is again here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List of packages from ELN subset that needs to be converted: https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt New version of fedora-license-data has been released. Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. I updated the progress in this spreadsheet: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... New projection when we will be finished is 2024-08-19. Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or email to me is fine. Why SPDX Hackfest edition? Because **today** we organize hackfest where we show you example of conversion and you will have opportunity to talk to us (both lawyers and engineers). https://communityblog.fedoraproject.org/fedora-legal-spdx-hackfest/ Note: this was rescheduled so you may find two dates there. The valid one is 2023-05-17 Do you hesitate how to proceed with the migration? Please follow https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ or attend SPDX office hours (see different thread in this mailing list) Miroslav

1 year

SPDX Statistics - Rust edition

by Miroslav Suchý

Two weeks ago we had: > * 23030 spec files in Fedora > > * 29532license tags in all spec files > > * 18604 tags have not been converted to SPDX yet > > * 7059tags can be trivially converted using `license-fedora2spdx` > > * Progress: 37% ░░░███████ 100% > Today we have: * 23060 spec files in Fedora * 29563license tags in all spec files * 18398 tags have not been converted to SPDX yet * 6955tags can be trivially converted using `license-fedora2spdx` * Progress: 37.8% ░░░███████ 100% ELN subset: * 1831 out of 4343 packages are not converted yet The list of packages needed to be converted is again here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List of packages from ELN subset that needs to be converted: https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt New version of fedora-license-data has been released. Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. I updated the progress in this spreadsheet: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... New projection when we will be finished is 2024-09-07. Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why SPDX Rust edition? Because on today's date on 28 May 1987. During the Cold war, Mathias Rust made a pirate flight from Helsinki to Moscow and landed near Red Square. https://en.wikipedia.org/wiki/Mathias_Rust Do you hesitate how to proceed with the migration? Please follow https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ or attend SPDX office hours (see different thread in this mailing list) Miroslav

1 year

Re: SPDX Statistics - Book Smugglers edition

by Tomasz Kłoczko

On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý <msuchy(a)redhat.com> wrote: > Hot news: > The last phase has been announce > https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will > proceed when approved with FESCO. > I think that generally you are wasting your man/hours posting such statistics. The same time could be used better by going with a few grep. sort, sed oneliers to co update and align all packages License: fields and commit all those changes across all per packages repos in a few minutes. Some of the proven packagers with RW access to all packages repos can apply necessary changes in a few tenths of minutes. Subject of SPDX migrations are already IIRC active since July 2022 (soon it will be two years anniversary). All those changes should not be applied relying on each package maintainers because that change is from Trival™️ class. kloczek -- Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH

2 months, 2 weeks

Re: SPDX Statistics

by Miroslav Suchý

Dne 01. 12. 22 v 16:43 Tomasz Torcz napsal(a): > What does this warning mean? > ladvd warning: valid as old and new and no changelong entry, please check Hmm, let me look. The ladvd license is ICS https://src.fedoraproject.org/rpms/ladvd/blob/rawhide/f/ladvd.spec#_10 and both license-validate'ISC' and license-validate--old 'ISC' validate it. I.e. this license is valid as both Callaway **and** SPDX identifier. It very often happens that the old Callaway id was identifier for the whole family of SPDX licenses (see MIT license case). I cannot guess if you investigated whether the old id is valid as the new one too **and** it reflect the same license. Or you still did not check it at all and the tag simply describe the old Callaway license id - and the validity using spdx rules are pure coincidence. If you checked that it actually match the SPDX license, then I recommend to put in a changelog (or even dist-git commit) a line - migrated to spdx license or - checked that license match spdx identifier In my script, I actually just check /spdx/i existence in the log. Miroslav

1 year, 6 months

Re: SPDX Statistics - stilus annunciationis edition

by Miroslav Suchý

Dne 27. 03. 23 v 11:45 Jonathan Wakely napsal(a): > > License: MIT > > > > > > Now going to https://spdx.org/licenses/ and looking for the SPDX Identifier > > shows: > > > > MIT License MIT > > > > > > What am I supposed to do as a maintainer of libtermkey? > > Double check which kind of MIT the package uses, and ensure it's the right SPDX identifier. > > https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_mit Right. The more verbose answer: MIT in previous system was used for whole family of licenses. Under SPDX we recognize them as 'mpich2', 'libtiff', 'SMLNJ', 'SGI-B-2.0', 'NTP', 'MIT', 'MIT-open-group', 'MIT-feh', 'MIT-enna', 'MIT-Modern-Variant', 'MIT-CMU', 'ICU', 'HPND', 'BSL-1.0', 'Adobe-Glyph' and this list may not be even complete. You as a maintainer should check the license of your package. There is high chance that it will be still MIT. But it is not 100%. I, personally, use SPDX License Diff plugin to see what license it is https://github.com/spdx/spdx-license-diff Once you update the package - and even if the package will have the same license string under SPDX - please add changelog entry https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_cha... Miroslav

1 year, 2 months

SPDX Statistics - Passenger pigeon edition

by Miroslav Suchý

Two weeks ago we had: > * 23030 spec files in Fedora > > * 29469license tags in all spec files > > * 16716 tags have not been converted to SPDX yet > > * 6149tags can be trivially converted using `license-fedora2spdx` > > * Progress: 43.28% ░░░░██████ 100% > > ELN subset: > > 895 out of 2492 packages are not converted yet > Today we have: * 23128 spec files in Fedora * 29572license tags in all spec files * 16519 tags have not been converted to SPDX yet * 6059tags can be trivially converted using `license-fedora2spdx` * Progress: 44.14% ░░░░██████ 100% ELN subset: 825 out of 2479 packages are not converted yet Graph with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List of packages from ELN subset that needs to be converted: https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt New version of fedora-license-data has been released. With 9 new licenses. 33 licenses have been submitted to SPDX.org and are waiting to be review (and then added to fedora-license-data). Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-01-22 (we are slowing down. Again. :( ). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Tip of the day: You can use Chrome or Firefox plugin to find what is the license and how much it differ from nearest SPDX match. https://github.com/spdx/spdx-license-diff#installation Why Passenger pigeon edition? Passenger pigeon is extinct species. On today's date at 1914, last known one died at Cincinnati Zoo. https://en.wikipedia.org/wiki/Passenger_pigeon Do you hesitate how to proceed with the migration? Please follow https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ Miroslav

9 months, 1 week

SPDX Statistics - stilus annunciationis edition

by Miroslav Suchý

Two weeks ago we had: > * 23107 spec files in Fedora > > * 29503license tags in all spec files > > * 20302 tags have not been converted to SPDX yet > > * 8096 tags can be trivially converted using `license-fedora2spdx` > Today we have: * 22882 spec files in Fedora * 29366license tags in all spec files * 19784 tags have not been converted to SPDX yet(huray, we are under 20k) * 7912tags can be trivially converted using `license-fedora2spdx` The list of packages needed to be converted is again here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx... New version of fedora-license-data has been released. Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. I updated the progress in this spreadsheet: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE80... You converted 381 license tags in 14 days. Plus additional 137 old license tags were in packages that has been retired. New projection when we will be finished is 2023-11-16. Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or email to me is fine. I already put there some packages that has been reported in past. Why stilus annunciationis? Because 25th March is the begging of the liturgical year https://en.wikipedia.org/wiki/Feast_of_the_Annunciation Do you hesitate how to proceed with the migration? Please follow https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ or attend SPDX office hours (see different thread in this mailing list) Miroslav

1 year, 2 months

devel search results for query "SPDX statistics"