Hi all,
Richard has been very busy reviewing licenses and related activities,
and consequently approx 13 new license submissions to SPDX on behalf of
Fedora. See:
https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+labe…
Some of these have corresponding issues in our Gitlab data repo and
labeled as "blocked on SPDX."
From the SPDX side to best shepherd these, can I get a little help on
two aspects:
1) which of these submissions are priority from a Fedora perspective?
That is, are any package maintainers waiting on SPDX (I know some of
these are from leftover Fedora licenses we tagged as "needs more
research" when we did the initial compare, which seems to suggest it may
not be a blocking issue) - comments in the SPDX Github issue would be
appreciated as to any that should be prioritized above others.
2) By way of SPDX processes, when a license has been determined to be
accepted, we ask the submitter to help prepare the files for the SPDX
license data. However, I'm not sure if Richard should be on the hook for
all of these! Can anyone else from the Fedora legal community offer to
help with this part? If so, indicate in the relevant issue and SPDX
folks will point you to documentation to explain the process further
(it's pretty easy, even I can do it)
Thanks!
Jilayne
Hello license folks.
I see that Fedora's rpmlint is yet to be taught to understand SPDX:
python3-lxml.x86_64: W: invalid-license BSD-3-Clause
python3-lxml.x86_64: W: invalid-license MIT-CMU
Is this support tracked somewhere? I know openSUSE already uses SPDX, so
rpmlint probably knows how to read that. Right?
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
Hi Fedorians,
I'm back with more ansible license updates. Upstream, some of the community
Ansible Collections have adopted the REUSE specification, which makes it much
easier to determine the overall license. For collections that have adopted
this, the license texts are all stored as files in one directory, instead of
being spread out throughout the source tree as file headers. I would like to
thank the upstream developers for working with me on this.
The License tag of ansible-collection-community-general has changed from
"GPLv3+ and BSD and Python" to "GPL-3.0-or-later AND BSD-2-Clause AND PSF-2.0
AND MIT". See https://src.fedoraproject.org/rpms/ansible-collection-community-general/pul….
The License tag of ansible has changed from "GPLv3+" to "GPL-3.0-or-later AND
Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND MIT AND MPL-2.0 AND PSF-2.0".
I cannot claim this to be 100% accurate, but I have done my best to determine
the overall license. Note that ansible is a curated bundle of 103 Ansible
collections, so this task is a bit difficult. See https://src.fedoraproject.org/rpms/ansible/pull-request/32.
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His
Hello legal.
I see that ECDSA is already included in Fedora in various packages, so I assume
that is OK.
This software here:
https://github.com/starkbank/ecdsa-python
Says:
> We currently support secp256k1 [curve].
Is that OK to package in Fedora or not?
Thanks.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
Hi Legal folks,
Can you please consider removing the following rule?
> Fedora package maintainers are expected to announce upstream license
> changes that they become aware of on the Fedora devel list.
-- https://docs.fedoraproject.org/en-US/legal/license-review-process/#_what_if…
This creates unnecessary friction for packagers that simply wish to have
correct License fields. I'm also not sure what purposes it serves.
Richard explicitly said that Fedora does not concern itself with
cross-package license compatibility. And even if it did, a "GPLv3+" to
"GPL-3.0-or-later AND MIT" license change shouldn't cause any new
license compatibility issues.
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His
I've corrected the license of python-ntlm-auth from LGPLv3+ to MIT. It
was relicensed upstream 5 years ago, but the previous maintainer never
updated the License field.
--
Thanks,
Maxwell G (@gotmax23)
Pronouns: He/Him/His
The licensing wiki says that the IEEE license is a “good” documentation
license. However, with the 2017 release, IEEE switched to this license:
| The Institute of Electrical and Electronics Engineers and The Open Group,
| have given us permission to reprint portions of their documentation.
|
| In the following statement, the phrase ``this text'' refers to portions of
| the system documentation.
|
| Portions of this text are reprinted and reproduced in electronic form in
| the Linux man-pages project, from IEEE Std 1003.1-2017, Standard for
| Information Technology -- Portable Operating System Interface (POSIX), The
| Open Group Base Specifications Issue 7, 2018 Edition, Copyright (C) 2018
| by The Institute of Electrical and Electronics Engineers, Inc and The Open
| Group. In the event of any discrepancy between these versions and the
| original IEEE and The Open Group Standard, the original IEEE and The Open
| Group Standard is the referee document. The original Standard can be
| obtained online at http://www.opengroup.org/unix/online.html .
|
| This notice shall appear on any product containing this material.
<https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/man-pages-posix/ma…>
This license no longer permits modified redistribution, as far as I can
see. Is this still an acceptable documentation license as far as Fedora
is concerned?
Thanks,
Florian