On Mon, May 23, 2022 at 3:53 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > > > On 5/23/22 1:30 PM, Richard Fontana wrote: > > On Mon, May 23, 2022 at 2:03 PM Neal Gompa <ngompa13@xxxxxxxxx> wrote: > >> On Mon, May 23, 2022 at 1:03 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > >>> > >>> > >>> On 5/23/22 10:44 AM, Neal Gompa wrote: > >>>> On Mon, May 23, 2022 at 12:37 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > >>>>> Hi Fedora legal and packaging, > >>>>> > >>>>> I'm cross-posting this, as I think it's relevant to both groups. > >>>>> > >>>>> The current policy for filling out the license field of the spec file (as described at https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ ) states, "The License: field refers to the licenses of the contents of the binary rpm. When in doubt, ask." > >>>>> > >>>>> As we consider how to improve documentation related to Fedora licensing, it would be helpful to hear people's thoughts on the following: > >>>>> > >>>>> 1) how do you (package maintainers) interpret this policy in practice? > >>>>> > >>>>> 2) what further information/documentation about this policy would be helpful? > >>>>> > >>>>> 3) should this policy be different, and if so, how? > >>>>> > >>>>> 4) any other related thoughts or observations > >>>>> > >>>> I generally interpret it to mean the effective license that covers the > >>>> resulting artifacts shipped in the binary RPM. I think this is fine, > >>>> but we definitely have a gap in RPM packaging in that we can't declare > >>>> the license of the Source RPM anywhere. > >>> Are you saying we should have a way to declare both 1) the license that > >>> covers the resulting artifacts shipped in the binary RPM > >>> and 2) the license of the source (that creates said binary)? > >>>> This is particularly kludgy > >>>> when you have vendored or bundled code. > >>>> > >>>> > >>>> I don't have specific solutions here, but I would like to avoid having > >>>> the list licenses for literally everything in a source tree when it > >>>> doesn't matter for binary RPMs. > >>> isn't having to list license for everything in the source the same as 2?? > >>> > >> We are required to document source licensing for bundled stuff, which > >> contravenes the "effective binary licensing" policy we have in > >> general. If we didn't have that, we could avoid this whole problem. > > Do you mean bundled stuff that is distributed with the binary RPM > > (whether in the same form or somehow transformed), or bundled stuff > > that happens to be in the source tarball or whatever but is ignored in > > building the binary RPM? > > > > If it's the latter then that does seem to contradict the "license of > > the binary" policy. > > > > Richard > > > I'm also wondering where the "required to document source licensing for > bundled stuff" is documented? Can you point to that? > It was something we were told to do years ago for Rust/Go stuff. I'm not sure I can find a specific reference for it. I have mentioned it before though[1]. [1]: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx/thread/POAC4FDCIPU3W24DGY2LCDTDC7WYBNPN/ -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
