On Tue, Jan 04, 2022 at 09:05:59PM -0800, Jilayne Lovejoy wrote:
On 1/4/22 9:27 AM, David Cantrell wrote:
On Wed, Dec 29, 2021 at 11:46:44AM -0500, Richard Fontana wrote:
On Wed, Dec 29, 2021 at 11:22 AM Miroslav Suchý
<msuchy@xxxxxxxxxx> wrote:
I want to clarify one thing I am working on. When I have this
string in License tag in spec:
Good License or Bad license
Then the result is Good license and the package is allowed to be
in Fedora, right?
So first of all if I change your question to be about the actual
underlying license terms of the package as opposed to the
representation in the spec file, I believe the answer must be "yes"
and there are probably a lot of examples of this in Fedora. (Think of
any arbitrary package that says it's under some FOSS license and also
says informally that proprietary licenses are also available.)
With the spec file, though, I believe there is an inconsistency in how
Fedora deals with this, but this is just a casual impression. On the
one hand, there is the common case of traditionally-licensed Perl
modules (typically, a dual license involving unversioned GPL and a
license identified as the Artistic License 1.0 [which I realize exists
in multiple forms, but let's ignore that]). Fedora spec files for such
Perl module packages generally say something like "GPL or Artistic",
even though Fedora classifies the Artistic License as a "bad" license.
I *think* there may be other examples, not involving Perl modules or
the Artistic License, where the code is dual licensed under a good
license and a bad license and the spec file only gives the good
license. The only rationale I could come up with for the difference in
approach is that the Artistic License, while "bad" from Fedora's
perspective, is generally seen as plausibly-FOSS (it's an OSI-approved
license, for one thing).
I think it comes down to whether Fedora wants to have spec files that
say, for example, "GPL or Proprietary" much as it has spec files that
say "GPL or Artistic".
It's true there is inconsistency regarding the License tag in the spec
file. As the package maintainer and as part of the Fedora project, I
would prefer that the License tag in the spec reflect the license
terms that we are distributing the built package against. So in the
case of Perl modules that are generally GPL or Artistic, the Fedora
project is really redistributing them under the terms of the GPL only,
right?
I think the answer to the inconsistency here is to set a policy
relating to disjunctive licensed packages and then document that in
the packaging guidelines. This would provide clarity for both package
maintainers as well as downstream recipients. My recommendation would
be that in the case where (random example):
The package license upstream is: AGPL-3.0-or-later OR SSPL-1.0
and where Fedora would not allow SSPL-1.0, then the License field in
the spec file would simply indicate:
AGPL-3.0-or-later
If one really wants to be thorough and there is some kind of comment
field in the Spec file (I think I've seen this?), then one could note
something along the lines of "This package is licensed upstream as
AGPL-3.0-or-later OR SSPL-1.0"
Yes, this is what I was thinking. And as Richard noted in a later followup,
this has been the standard we've followed for a while--but I don't think we've
actually written it down formally. We should do that.
Does it follow that we [Fedora] take an open source project that is
dual licensed and use the license that is acceptable in our project
and redistribute under those terms? Is that even a thing one can do?
Given the "or" usage, my assumption is yes. The author is giving the
downstream user the choice of using that work under the terms of the
GPL or the terms of the Artistic license. In the case of Fedora,
we've deemed Artistic undesirable which means our use of the modules
is technically under the terms of the GPL.
Correct.
For me, I would prefer to see this reflected in the License tags in
spec files so we can see how we're integrating components in to
Fedora. If we note a license that we can't use or that we are not
using, it makes it harder to see at a glance _what_ terms actually
apply to that component. And that makes it harder for other packagers
looking for license-compatible dependencies.
Agreed.
I realize this is yet another work project and also that I may be
incorrect regarding what we can and can't do with regard to
dual-licensed projects. If we are unable to say "we're using the Perl
modules under the terms of the GPL" and exclude the Artistic license,
then really the "or" boolean doesn't apply and it's really always
"and".
I think you mean that there would not be a need for the "OR" operator
in Fedora, but there are open source projects that may be licensed
under a choice of two "good" Fedora licenses, in which case, it would
make sense to simply pass downstream the choice of both, I would
think.
Right, sorry for the confusion. What you said is actually what I meant.
So many licenses, so many questions....
:)
Jilayne
--
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat, Inc. | Boston, MA | EST5EDT
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
