Re: SPDX Change for F37?

Miroslav Suchý <msuchy@xxxxxxxxxx> · Fri, 22 Apr 2022 16:19:17 +0200



    Dne 21. 04. 22 v 23:47 Jilayne Lovejoy
      napsal(a):

    
      In terms of what needs to happen to
        start using SPDX license ids in new packages, particularly: 

        - the new license data base that maps SPDX ids to Fedora ids to
        be up and running (David Cantrell is leading this work and
        making great progress)

      
    This is done, right? 

      
    https://github.com/rpminspect/rpminspect-data-fedora/blob/master/licenses/fedora.json

      
     - Fedora licensing documentation to be
        updated as well, preferably including a "human readable" table
        (like what's on the wiki currently) to be up on the new
        Fedora-legal Docs section (Richard and I are working on this
        currently)

        
        Now that I think of it - I'm not sure this needs to be tied to a
        release, necessarily?
    No. It does not need to be tied to release. But having it
      documented as Change Proposal give it good visibility. Both
      internaly and externaly.
    The other part of this is the question of
        how do we update all the existing packages (efficiently) - some
        of which will require some amount of "looking" at the actual
        license text to match it to an SPDX license id for licenses
        Fedora has "categorized" (e.g., MIT, BSD, GPLx "with
        exceptions") - That is a bigger task that will (ideally) need
        more of a throught-through plan and will likely be on-going for
        a bit. I can't see how updating all the existing packages would
        be tied to a release, but more of a rolling effort that
        eventually is done (hopefully)

      
    I can run `license-fedora2spdx(1)` (part of license-validate
      package) on all spec file. For those where the conversion is
      without ambiguity I can open PR. For the rest of the packages I
      can notify devel list and after grace period, start opening BZ for
      each package.
    Miroslav

  
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure