On Mon, May 23, 2022 at 12:37 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > Hi Fedora legal and packaging, > > I'm cross-posting this, as I think it's relevant to both groups. > > The current policy for filling out the license field of the spec file (as described at https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ ) states, "The License: field refers to the licenses of the contents of the binary rpm. When in doubt, ask." > > As we consider how to improve documentation related to Fedora licensing, it would be helpful to hear people's thoughts on the following: > > 1) how do you (package maintainers) interpret this policy in practice? > > 2) what further information/documentation about this policy would be helpful? > > 3) should this policy be different, and if so, how? > > 4) any other related thoughts or observations > I generally interpret it to mean the effective license that covers the resulting artifacts shipped in the binary RPM. I think this is fine, but we definitely have a gap in RPM packaging in that we can't declare the license of the Source RPM anywhere. This is particularly kludgy when you have vendored or bundled code. To be honest, I don't particularly relish redoing the licensing of some things with SPDX identifiers because it's going to triple the length of the license string there. Too much specificity can hurt... I don't have specific solutions here, but I would like to avoid having the list licenses for literally everything in a source tree when it doesn't matter for binary RPMs. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
