legal April 2019

legal@lists.fedoraproject.org

8 participants
4 discussions

Expat
by Gwyn Ciesla 22 Apr '19

22 Apr '19

Hi! I recently submitted libsquash for review: https://bugzilla.redhat.com/show_bug.cgi?id=1701995 licensecheck calls the licensing of this code Expat, which is a more permissive MIT. I don't see Expat on the Licenses list. Should I use Expat for the license tag, and have that page updated, or should I use MIT? Thanks! -- Gwyn Ciesla she/her/hers ------------------------------------------------ in your fear, seek only peace in your fear, seek only love -d. bowie Sent with ProtonMail Secure Email.

3 2

MPEG-1 and MPEG-2 Video
by Tom Callaway 11 Apr '19

11 Apr '19

Effective immediately, MPEG-1 (H.261) and MPEG-2 (H.262) video implementations are permitted in Fedora. Please note that while MPEG-2 is the video format for DVD-Video, support for encrypted DVD playback is not permitted in Fedora. See: https://fedoraproject.org/wiki/Forbidden_items#Encrypted_DVD_Playback Support for MPEG Video formats later than MPEG-2 is not currently permitted in Fedora. This includes, most notably, H.263, H.264 (MPEG-4), and H.265 (HEVC). If you have any questions, please feel free to reach out to me, or reply on list. Thanks, Tom Callaway Fedora Legal

2 1

New OpenSSH with post-quantum NTRU algorithm
by Jakub Jelen 03 Apr '19

03 Apr '19

Hello, This is a generic question for the legal, whether it is fine to bring the new OpenSSH 8.0 (due to be released in coming weeks) to Fedora, since it is implementing the following algorithm, which can be possibly considered problematic from legal point of view. From release notes [1]: OpenSSH 8.0 adds experimental support for quantum-computing resistant key exchange method, based on a combination of Streamlined NTRU Prime 4591^761 and X25519. Can you let me know, whether it is fine to bring this in Fedora and later in RHEL? [1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-March/037672.html Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.

1 0

Re: BSD-2-Clause
by J Lovejoy 02 Apr '19

02 Apr '19

regarding Tom’s comment on this topic: So this is the difficulty. We know of an order of magnitude of different variants of BSD and MIT (many of which are unclassified by the OSI and SPDX). They're all functionally identical. Are you volunteering to audit all the Fedora packages to correct the license tags? I'm not. :) I could be possible to come up with a correlation of the Fedora tags and SPDX ids (where Fedora groups licenses under one age, but SPDX uses different ones) and then automate updating the tags, no? I have a summary of the work done thus far to align and a spreadsheet from a few years ago with the correlation. It would need updating on both sides, but it could provide a decent start. https://wiki.spdx.org/view/Legal_Team/Fedora-comparison <https://wiki.spdx.org/view/Legal_Team/Fedora-comparison> Jilayne SPDX legal team

3 3

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal April 2019