[Fedora-packaging] Re: Licensing guidelines suggestions

Axel Thimm Axel.Thimm at ATrpms.net
Tue Aug 7 08:16:59 UTC 2007 

On Mon, Aug 06, 2007 at 11:05:50PM +0300, Ville Skyttä wrote:
> 3) Source licenses are not the only thing that affect the distributables' 
> copyrights.  For example when something is built from let's say LGPLv2+ 
> sources but linked with a GPLv2+ library, the resulting binary will be 
> GPLv2+, while the sources are still LGPLv2+ (unless their embedded copyright 
> notices are changed to GPLv2+, but that can't be done for many *GPL 
> licenses).
> 
> 
> Suggested combined fix for 2) and 3) above: change the licensing guidelines to 
> prominently note something like that the value of the License tag represents 
> the copyright/license info of binary packages only, and only when built in 
> the configuration specified by the Fedora build system, build 
> dependencies/conflicts in the specfile, and no non-Fedora software installed 
> that will affect the build in any way.  Source rpms' copyrights are 
> determined by the sources and other content included in them.

Sometimes a src.rpm/specfile does not know what it will be built
against, it doesn't even quite know whether it will be built against
the glibc and whether that glibc is undert GPL2, 3, 1001 and so forth.

Since we massage specfiles and not the environment we can't know what
this package will binary-wise end up like. It might be that gnutls
acts as a drop in replacement to openssl or libedit to readline
(actually the latter almost does) atlas to lapack (but the licenses
don't differ). Point is the build environment defines the final
license and the same specfile/src.rpm could end up with different
licenses for the binaries depending on which distribution and which
age of it we're looking at.

For example consider gnuplot BR'ing a readline librariy's headers w/o
specifying GNU readline. If you use GNU readline the binary's license
is "undistributable" (actually that's the kind of gnuplot we currently
do ship ...), if you use libedit it's "distributable".

So the License: tag needs to be closer to the sources than the
binaries. We can't have both unles we would introduce something like a
BinaryLicense: tag.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/packaging/attachments/20070807/ebf7a60b/attachment.bin

More information about the packaging mailing list