On 1/5/22 7:59 AM, David Cantrell wrote:
On Mon, Jan 03, 2022 at 12:12:38PM -0500, Matthew Miller wrote:
On Mon, Jan 03, 2022 at 01:26:33PM +0100, Miroslav Suchý wrote:
The License tag was never formally defined. If we agree that there
can be
anything, then let it be.
The Pending PR here updates that to: SPDX License identifier or
expression
(from our "Good" list).
https://pagure.io/packaging-committee/pull-request/1142#_1__38
Although given the context here, I note that that's ambiguous about
whether
the _whole expression_ must be on the list — I don't think that's the
intention!
I think in some cases, it may be. As our discussions on this PR have
noted,
Fedora may approve an expression but not all expressions that SPDX can
represent. So the objective is more about using the tokens and
expression
syntax defined by SPDX, but then we have our list of approved
expressions.
This is also necessary because we need to maintain our own list of
LicenseRef
tokens for things we approve for Fedora but that do not have an
upstream SPDX
token.
There were some license combinations (could be AND, OR, or WITH) that
are on the "good" list but a different combination might need separate
approval.
Off top of head, I think any L/GPL WITH [exception] would fall into the
category of needing to be capture as the full license expression since
the specific exception would need to be reviewed and approved and would
be different text than another exception.
But for any combination of previously approved license for Fedora -
e.g., "MIT OR GPL-2.0-only", "Apache-2.0 AND BSD-3-Clause" and so on -
separate listings would not be necessary - agreed?
(and this concept needs to be documented... adding to the list of items
to better document)
However, in many cases Fedora is ok with combining something with
GPL-2.0-or-later with BSD-3-Clause using AND. The good list we've been
working through has some of these expressions that are a license token
and
then a WITH qualifier. So this may be more about ensuring that a WITH
clause
isn't noted as approved without also requiring the main token.
See above. Also, as per SPDX License List expression syntax (found in an
appendix to the SPDX spec), you have to have a valid license ID on the
left side of the WITH operator and a valid exception ID on the right
side (as one would expect)
IANAL, so take my comments with that in mind. And this is where I
defer to
Jilayne for the actual expertise here. :)
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
