I think a few things got lost in translation - let me clarify. I also
just went back and read this entire thread again, as I was only trying
to reflect the things stated as either status quo (to then explicitly
document) or clarification on things where there is sort of a status quo
but may be some inconsistency (to take away inconsistency or questions
for package maintainers). :)
On 1/11/22 9:17 PM, Richard Fontana wrote:
On Tue, Jan 11, 2022 at 10:49 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote:
So, I have just made another commit to the license packaging guidelines to update the sections on dual-licensing, multiple licenses and use of "with" for license exception over here: https://pagure.io/packaging-committee/pull-request/1142
In light of this thread, I'd suggest we update the first sentence of the Dual Licensing section to say, "If your package is dual licensed under a choice of two (or three, etc.) licenses and both licenses are "good" for Fedora, the License: field must reflect this by using "OR" as a separator. "
Note - this is a slight amendment to the current guidelines under the
Dual Licensing section to explicitly state that if both licenses are
"good" to pass along the choice which it seemed everyone on the thread
agreed should be the case and is the common practice.
and add the following to the Dual Licensing section:
"If your package is licensed under a choice of two licenses and one is a "good" license and one is a "bad" license, then the License: field must reflect the "good" license only contain a comment explaining the original choice.
Note - the Multiple Licensing Scenarios -
https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_multiple_licensing_scenarios
in the packaging guidelines requires a comment for these scenarios and
gives some examples. So, I thought it would be consistent to use a
similar approach in the "Good or Bad" dual licensing section and copied
one of the examples of how to comment.
Example: Package dbfoo is dual licensed under Affero General Public License v3 or Server Side Public License and Fedora considers the Server Side Public License as "bad". Note the choice in a comment above the License: field and the License field as follows:
# The upstream package license is: AGPL-3.0-or-later OR SSPL-1.0
License: AGPL-3.0-or-later
I don't think this is a good idea. Obviously if a packager wants to
put in such a comment they can, but I don't think this should be
required or even recommended for the following reasons:
See comment above
First, it arguably creates more work for the packager to analyze
licenses. Maybe in some cases this is work that the packager would be
doing already, I realize. (For example, encountering SSPL-1.0, in your
hypothetical, and verifying that it actually is a match to SPDX
SSPL-1.0.)
I did not mean to imply that SPDX identifiers had to be used in the
comment whatsoever, so we can simply change the example to something
like the following (which would be consistent with other examples in the
Multiple Licensing Scenarios examples):
# The upstream package license is: Affero General Public License v3 or
later or Server Side Public License
License: AGPL-3.0-or-later
or we could add another example like:
# The upstream package license is: GNU General Public License v2 or
later or a commercial license
License: GPL-2.0-or-later
I think we could also add the word "known" to the guideline so it reads:
"If your package is licensed under a _known_ choice of two licenses and one is a "good" license and one is a "bad" license, then the License: field must reflect the "good" license only contain a comment explaining the original choice."
Point being that the package maintainer doesn't need to research the upstream licensing scenario deeply, but where it's known or obvious, then notate that for clarity.
Does that help?
Other posts on the mailing thread suggested a more complex notation in the actual License field, but that seems to risk breaking some checks or something (see David's response) and then runs into the problem you expressed re: using SPDX identifiers in the License: field. But if it's merely a comment, it's more flexible and yet the info if there for anyone who cares downstream or is wondering why the License field reflects just the one license and not the choice. Documenting this explicitly also sets expectations downstream as well that Fedora is not going to pass along the option to redistribute a package under a license considered "bad" by Fedora.
Jilayne
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
