Re: license of the binary policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 23, 2022 at 3:58 PM Neal Gompa <ngompa13@xxxxxxxxx> wrote:
>
>
> > I'm also wondering where the "required to document source licensing for
> > bundled stuff" is documented? Can you point to that?
> >
>
> It was something we were told to do years ago for Rust/Go stuff. I'm
> not sure I can find a specific reference for it. I have mentioned it
> before though[1].
>
> [1]: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx/thread/POAC4FDCIPU3W24DGY2LCDTDC7WYBNPN/

Leaving aside the specifics of the bundling/Rust cases, one of the
questions here is whether we want to have License: fields that state
something relatively complex like

License: ASL 2.0 and (ASL 2.0 or Boost) and (ASL 2.0 or MIT) and ISC
and MIT and ((MIT or ASL 2.0) and BSD) and (Unlicense or MIT)
or its equivalent in SPDX which if anything might seem slightly more
complex depending on the details.

The assumption I've been making is that we basically can't avoid
having complex license expressions in the general case, and that is
(for me) a major justification for switching from Callaway to SPDX,
since SPDX is a somewhat richer and more coherent expression language
for complex licensing details.

But if people think we should find ways of making license expressions
simpler, that doesn't mean not using SPDX or something that seems
syntactically/symbolically identical to SPDX for the representation of
the resulting simplified expressions.

I think this also goes to how "licenses of the contents of the binary
RPM" is ambiguous. It might mean, for example:
* Every identifiable license in a source file that is included (in
compiled form or otherwise) in the binary RPM -- I think we see some
packages that attempt this
* A simplified representation of those licenses based on application
of common / seemingly noncontroversial FOSS (often
GPL-community-specific) folkloric legal conventions. Two examples:
  1) an executable program built from GPLv2+ and MIT licensed source
files gets represented simply as "GPLv2+" (GPL-2.0-or-later in SPDX)
  2) an executable program built from GPLv2+ source files but which
dynamically links against a GPLv3+ separately-packaged library (also
distributed in Fedora) gets represented as "GPLv3+"
I think there are many examples of 1) and I know of one example of 2),
but I think neither of those kinds of cases are handled consistently
across Fedora packages today (not saying that we need absolute
consistency)

Are simpler or more complex license expressions preferable, even if
simpler expressions mean some loss of useful information or accuracy?
That's one issue that is connected to Jilayne's question.

Richard



* something else?
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux