Re: SPDX Statistics - Book Smugglers edition
by Fabio Valentini
On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko <kloczko.tomasz(a)gmail.com> wrote:
>
> On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý <msuchy(a)redhat.com> wrote:
>>
>> Hot news:
>>
>> The last phase has been announce https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will proceed when approved with FESCO.
>
>
> I think that generally you are wasting your man/hours posting such statistics.
> The same time could be used better by going with a few grep. sort, sed oneliers to co update and align all packages License: fields and commit all those changes across all per packages repos in a few minutes.
> Some of the proven packagers with RW access to all packages repos can apply necessary changes in a few tenths of minutes.
> Subject of SPDX migrations are already IIRC active since July 2022 (soon it will be two years anniversary).
> All those changes should not be applied relying on each package maintainers because that change is from Trival™️ class.
While I agree with some of what you're saying here, the problem is
that it is, in fact, *not trivial* in many cases.
Migrating the License tag from Callaway to SPDX identifiers is only
the "easy" part of the transition.
Re-reviewing package contents and re-classifying licenses is the
non-trivial part, and that definitely can't be scripted.
Fabio
2 months, 2 weeks
Re: SPDX Statistics - Book Smugglers edition
by Tomasz Kłoczko
On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý <msuchy(a)redhat.com> wrote:
> Hot news:
> The last phase has been announce
> https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will
> proceed when approved with FESCO.
>
I think that generally you are wasting your man/hours posting such
statistics.
The same time could be used better by going with a few grep. sort, sed
oneliers to co update and align all packages License: fields and commit all
those changes across all per packages repos in a few minutes.
Some of the proven packagers with RW access to all packages repos can apply
necessary changes in a few tenths of minutes.
Subject of SPDX migrations are already IIRC active since July 2022 (soon it
will be two years anniversary).
All those changes should not be applied relying on each package maintainers
because that change is from Trival™️ class.
kloczek
--
Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH
2 months, 2 weeks
Re: SPDX Statistics
by Miroslav Suchý
Dne 01. 12. 22 v 16:43 Tomasz Torcz napsal(a):
> What does this warning mean?
> ladvd warning: valid as old and new and no changelong entry, please check
Hmm, let me look. The ladvd license is ICS
https://src.fedoraproject.org/rpms/ladvd/blob/rawhide/f/ladvd.spec#_10
and both
license-validate'ISC'
and
license-validate--old 'ISC'
validate it. I.e. this license is valid as both Callaway **and** SPDX identifier.
It very often happens that the old Callaway id was identifier for the whole family of SPDX licenses (see MIT license case).
I cannot guess if you investigated whether the old id is valid as the new one too **and** it reflect the same license.
Or you still did not check it at all and the tag simply describe the old Callaway license id - and the validity using
spdx rules are pure coincidence.
If you checked that it actually match the SPDX license, then I recommend to put in a changelog (or even dist-git commit)
a line
- migrated to spdx license
or
- checked that license match spdx identifier
In my script, I actually just check /spdx/i existence in the log.
Miroslav
1 year, 6 months
Re: SPDX Statistics - stilus annunciationis edition
by Miroslav Suchý
Dne 27. 03. 23 v 11:45 Jonathan Wakely napsal(a):
> > License: MIT
> >
> >
> > Now going to https://spdx.org/licenses/ and looking for the SPDX Identifier
> > shows:
> >
> > MIT License MIT
> >
> >
> > What am I supposed to do as a maintainer of libtermkey?
>
> Double check which kind of MIT the package uses, and ensure it's the right SPDX identifier.
>
> https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_mit
Right.
The more verbose answer: MIT in previous system was used for whole family of licenses. Under SPDX we recognize them as
'mpich2', 'libtiff', 'SMLNJ', 'SGI-B-2.0', 'NTP', 'MIT', 'MIT-open-group', 'MIT-feh', 'MIT-enna', 'MIT-Modern-Variant',
'MIT-CMU', 'ICU', 'HPND', 'BSL-1.0', 'Adobe-Glyph'
and this list may not be even complete. You as a maintainer should check the license of your package. There is high
chance that it will be still MIT. But it is not 100%. I, personally, use SPDX License Diff plugin to see what license it
is https://github.com/spdx/spdx-license-diff
Once you update the package - and even if the package will have the same license string under SPDX - please add
changelog entry https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_cha...
Miroslav
1 year, 2 months