On 7/13/07, Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxxx> wrote:
On Fri, 2007-07-13 at 03:34 -0800, Jeff Spaleta wrote: > On 7/13/07, Alexandre Oliva <aoliva@xxxxxxxxxx> wrote: > > New builds that change licensing terms should check any library > > dependencies for license incompatibility. E.g., a GPLv2 program must > > not depend on a GPLv3+ or LGPLv3+ library, and a GPLv3+ program must > > not depend on a GPLv2 library. (not sure about GPLv3+ / LGPLv2 > > compatibility, I haven't thought much about it, and IANAL :-) > > > I'm very wary at attempting to rely the licensing tag in spec files > for any automation like this out of the gate. There are packages which > include multiple pieces of code under different licenses and of course > packages with code under multiple licenses. These situations aren't > codified in the licensing tag. Agreed.
I think we went over this twice in the last 2 years.. the consensus in the past was that the Licensing Tag was insufficient (yet another item showing the age of RPM :)) to express the complexity of licensing of a lot of packages. Ideas on improving things was that all applicable licences would need to be included in /usr/share/<package-name-version-release>/ or that a helper item be created that could allow a package to symlink the appropriate license to that directory. Most of the ideas required either extra bueracracy or code changes in how we layout packages. [Everypackage requiring fedora-licenses which would be a copy of all GPL's, MPL's, etc and have the appropriate symlink tool]. -- Stephen J Smoogen. -- CSIRT/Linux System Administrator How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
