Hi! I recently submitted libsquash for review: https://bugzilla.redhat.com/show_bug.cgi?id=1701995
licensecheck calls the licensing of this code Expat, which is a more permissive MIT. I don't see Expat on the Licenses list. Should I use Expat for the license tag, and have that page updated, or should I use MIT?
Thanks!
--
Gwyn Ciesla
she/her/hers
------------------------------------------------
in your fear, seek only peace
in your fear, seek only love
-d. bowie
Sent with ProtonMail Secure Email.
Effective immediately, MPEG-1 (H.261) and MPEG-2 (H.262) video
implementations are permitted in Fedora.
Please note that while MPEG-2 is the video format for DVD-Video, support
for encrypted DVD playback is not permitted in Fedora. See:
https://fedoraproject.org/wiki/Forbidden_items#Encrypted_DVD_Playback
Support for MPEG Video formats later than MPEG-2 is not currently permitted
in Fedora. This includes, most notably, H.263, H.264 (MPEG-4), and H.265
(HEVC).
If you have any questions, please feel free to reach out to me, or reply on
list.
Thanks,
Tom Callaway
Fedora Legal
Hello,
This is a generic question for the legal, whether it is fine to bring
the new OpenSSH 8.0 (due to be released in coming weeks) to Fedora,
since it is implementing the following algorithm, which can be possibly
considered problematic from legal point of view. From release notes
[1]:
OpenSSH 8.0 adds experimental support for quantum-computing resistant
key exchange method, based on a combination of Streamlined NTRU
Prime 4591^761 and X25519.
Can you let me know, whether it is fine to bring this in Fedora and
later in RHEL?
[1]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-March/037672.html
Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.
regarding Tom’s comment on this topic:
So this is the difficulty. We know of an order of magnitude of different variants of BSD and MIT (many of which are unclassified by the OSI and SPDX). They're all functionally identical. Are you volunteering to audit all the Fedora packages to correct the license tags? I'm not. :)
I could be possible to come up with a correlation of the Fedora tags and SPDX ids (where Fedora groups licenses under one age, but SPDX uses different ones) and then automate updating the tags, no?
I have a summary of the work done thus far to align and a spreadsheet from a few years ago with the correlation. It would need updating on both sides, but it could provide a decent start.
https://wiki.spdx.org/view/Legal_Team/Fedora-comparison <https://wiki.spdx.org/view/Legal_Team/Fedora-comparison>
Jilayne
SPDX legal team