[Fedora-packaging] License tag in packages

Tim Jackson lists at timj.co.uk
Wed Jun 28 22:03:34 UTC 2006 

Hi,

There seems to be some disagreement about the use of "License" in packages.

Over in :

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185423

we are getting into a bit of discussion which is not specific to that 
package.

Basically, the question is:

License: Foo License

or

License: Foo License vX.Y


I'm in favour of the latter. Here's why:

- legally, "Foo License v1" is wholly and entirely unrelated to "Foo 
License v2", unless there is a GPL-style "you may use any future 
version" clause.

- despite the fact that License is for informational purposes and is not 
binding, we shouldn't confuse users. Importantly, we may imply that a 
package is licensed in a way that it's not which, whilst it may not have 
any legal consequences, is needlessly confusing. Licensing is already a 
mysterious enough area as far as most users are concerned without 
further confusing the issue.

- Because of the above, I am essentially saying that we should treat 
"Foo License v1" and "Foo License v2" in the same way as "Foo License" 
and "Bar License", i.e. as entirely separate licenses.

- we should respect the authors if they specify a specific license version.

To address some obvious objections:

Q: the License tag is not legally binding anyway
A: true, but we are using it, so we should use it accurately. If "Foo 
License" doesn't accurately describe the license of a package then we 
might as well "cat /dev/urandom" to it since we're not enlightening 
users - they'll have to go and read the docs in either case

Q: including specific version number has potential for bitrot
A: in the sense that the maintainer has to keep an eye on it, true, but 
that's true in any case since packages can and do change licenses over time.

Q: rpmlint moans
A: rpmlint needs to be fixed, not the package

Q: we're going to have to change loads of existing packages
A: I'm not suggesting that; there's clearly no pressing need to change 
existing packages but for new ones we should have a clear policy

Regardless of the above, I think some consistency and a policy is 
required, including across Core and Extras. For example, the Core php 
package recently switched *to* a versioned license field. So it seems 
silly for me to be being asked to take a version *out* of a package in 
Extras.

Frankly I don't really care what the outcome is and I think it's largely 
an academic argument but I think someone with some authority (FESco) 
should make a call on it and document the policy and reasoning.


Tim

More information about the packaging mailing list