legal August 2022

legal@lists.fedoraproject.org

13 participants
14 discussions

license submissions to SPDX on behalf of Fedora
by Jilayne Lovejoy 02 Sep '22

02 Sep '22

Hi all, Richard has been very busy reviewing licenses and related activities, and consequently approx 13 new license submissions to SPDX on behalf of Fedora. See: https://github.com/spdx/license-list-XML/issues?q=is%3Aopen+is%3Aissue+labe… Some of these have corresponding issues in our Gitlab data repo and labeled as "blocked on SPDX." From the SPDX side to best shepherd these, can I get a little help on two aspects: 1) which of these submissions are priority from a Fedora perspective? That is, are any package maintainers waiting on SPDX (I know some of these are from leftover Fedora licenses we tagged as "needs more research" when we did the initial compare, which seems to suggest it may not be a blocking issue) - comments in the SPDX Github issue would be appreciated as to any that should be prioritized above others. 2) By way of SPDX processes, when a license has been determined to be accepted, we ask the submitter to help prepare the files for the SPDX license data. However, I'm not sure if Richard should be on the hook for all of these! Can anyone else from the Fedora legal community offer to help with this part? If so, indicate in the relevant issue and SPDX folks will point you to documentation to explain the process further (it's pretty easy, even I can do it) Thanks! Jilayne

2 2

rpmlint and SPDX licenses: W: invalid-license BSD-3-Clause
by Miro Hrončok 31 Aug '22

31 Aug '22

Hello license folks. I see that Fedora's rpmlint is yet to be taught to understand SPDX: python3-lxml.x86_64: W: invalid-license BSD-3-Clause python3-lxml.x86_64: W: invalid-license MIT-CMU Is this support tracked somewhere? I know openSUSE already uses SPDX, so rpmlint probably knows how to read that. Right? -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

4 6

ansible-collection-community-mysql License Change
by Maxwell G 27 Aug '22

27 Aug '22

Hi Fedorians, The license of ansible-collection-community-mysql has been updated from "GPLv3+ and Python" to "GPL-3.0-or-later AND PSF-2.0 AND BSD-2-Clause". See https://src.fedoraproject.org/rpms/ansible-collection-community-mysql/c/242…. -- Thanks, Maxwell G (@gotmax23) Pronouns: He/Him/His

1 0

More Ansible license changes
by Maxwell G 26 Aug '22

26 Aug '22

Hi Fedorians, I'm back with more ansible license updates. Upstream, some of the community Ansible Collections have adopted the REUSE specification, which makes it much easier to determine the overall license. For collections that have adopted this, the license texts are all stored as files in one directory, instead of being spread out throughout the source tree as file headers. I would like to thank the upstream developers for working with me on this. The License tag of ansible-collection-community-general has changed from "GPLv3+ and BSD and Python" to "GPL-3.0-or-later AND BSD-2-Clause AND PSF-2.0 AND MIT". See https://src.fedoraproject.org/rpms/ansible-collection-community-general/pul…. The License tag of ansible has changed from "GPLv3+" to "GPL-3.0-or-later AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND MIT AND MPL-2.0 AND PSF-2.0". I cannot claim this to be 100% accurate, but I have done my best to determine the overall license. Note that ansible is a curated bundle of 103 Ansible collections, so this task is a bit difficult. See https://src.fedoraproject.org/rpms/ansible/pull-request/32. -- Thanks, Maxwell G (@gotmax23) Pronouns: He/Him/His

2 1

Is ECDSA secp256k1 elliptic curve permitted to be packaged in Fedora?
by Miro Hrončok 26 Aug '22

26 Aug '22

Hello legal. I see that ECDSA is already included in Fedora in various packages, so I assume that is OK. This software here: https://github.com/starkbank/ecdsa-python Says: > We currently support secp256k1 [curve]. Is that OK to package in Fedora or not? Thanks. -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

5 5

Consider changing the license change announcement policy
by Maxwell G 24 Aug '22

24 Aug '22

Hi Legal folks, Can you please consider removing the following rule? > Fedora package maintainers are expected to announce upstream license > changes that they become aware of on the Fedora devel list. -- https://docs.fedoraproject.org/en-US/legal/license-review-process/#_what_if… This creates unnecessary friction for packagers that simply wish to have correct License fields. I'm also not sure what purposes it serves. Richard explicitly said that Fedora does not concern itself with cross-package license compatibility. And even if it did, a "GPLv3+" to "GPL-3.0-or-later AND MIT" license change shouldn't cause any new license compatibility issues. -- Thanks, Maxwell G (@gotmax23) Pronouns: He/Him/His

3 3

Updating the Python license tag to SPDX and adjusting the license of Python documentation
by Miro Hrončok 23 Aug '22

23 Aug '22

Hello. I plan to update the license tag of Python interpreters in Fedora from "Python" to "Python-2.0.1". See this PR which added it to fedora-license-data: https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/61 See this PR to Python 3.11 (to be backported to older Pythons later): https://src.fedoraproject.org/rpms/python3.11/pull-request/78 I also plan to update the license of python3-docs to: Python-2.0.1 AND (Python-2.0.1 OR 0BSD) Because examples, recipes, and other code in the documentation are dual licensed under Python-2.0.1/0BSD. This was previously not reflected in the License tag. See this PR: https://src.fedoraproject.org/rpms/python3-docs/pull-request/82 Unfortunately, Python-2.0.1 is still not listed at https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ -- Miro Hrončok -- Phone: +420777974800 IRC: mhroncok

2 2

python-ntlm-auth License Correction
by Maxwell G 19 Aug '22

19 Aug '22

I've corrected the license of python-ntlm-auth from LGPLv3+ to MIT. It was relicensed upstream 5 years ago, but the previous maintainer never updated the License field. -- Thanks, Maxwell G (@gotmax23) Pronouns: He/Him/His

1 0

Modified Apache Software licenses
by Benson Muite 17 Aug '22

17 Aug '22

The software wrk[0] is currently under review[1]. It uses a modified Apache Software license[2]. Is this something that can be included in Fedora? 0) https://github.com/wg/wrk/ 1) https://bugzilla.redhat.com/show_bug.cgi?id=2116187 2) https://github.com/wg/wrk/commit/db6da47fe3ee604d70304c8d10896f8349b972da

2 1

Updated IEEE license
by Florian Weimer 09 Aug '22

09 Aug '22

The licensing wiki says that the IEEE license is a “good” documentation license. However, with the 2017 release, IEEE switched to this license: | The Institute of Electrical and Electronics Engineers and The Open Group, | have given us permission to reprint portions of their documentation. | | In the following statement, the phrase ``this text'' refers to portions of | the system documentation. | | Portions of this text are reprinted and reproduced in electronic form in | the Linux man-pages project, from IEEE Std 1003.1-2017, Standard for | Information Technology -- Portable Operating System Interface (POSIX), The | Open Group Base Specifications Issue 7, 2018 Edition, Copyright (C) 2018 | by The Institute of Electrical and Electronics Engineers, Inc and The Open | Group. In the event of any discrepancy between these versions and the | original IEEE and The Open Group Standard, the original IEEE and The Open | Group Standard is the referee document. The original Standard can be | obtained online at http://www.opengroup.org/unix/online.html . | | This notice shall appear on any product containing this material. <https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/man-pages-posix/ma…> This license no longer permits modified redistribution, as far as I can see. Is this still an acceptable documentation license as far as Fedora is concerned? Thanks, Florian

2 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

legal August 2022