On Thu, Jun 9, 2022 at 7:06 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > > > On 6/9/22 4:27 PM, Neal Gompa wrote: > > On Thu, Jun 9, 2022 at 6:01 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > >> > >> > >> On 6/8/22 12:23 PM, Neal Gompa wrote: > >>> On Wed, Jun 8, 2022 at 2:09 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote: > >>>> On Wed, Jun 8, 2022 at 1:58 PM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > >>>>> ` If the license is not on the SPDX License List, then submit the license to the to the SPDX-legal team at https://tools.spdx.org/app/submit_new_license/. In addition to the required information, include a note that it is under review for Fedora and a link to the related Fedora License Data Gitlab issue. > >>>> Shouldn't this step depend on the license actually being approved by > >>>> Fedora first? I guess that's more of an SPDX question than a Fedora > >>>> question. Do you want people to be submitting licenses to SPDX even if > >>>> the end result might be that Fedora classifies it as "not allowed"? Of > >>>> course the license might still meet SPDX's inclusion guidelines. > >>>> > >>> It should be approved by Fedora with a provisional identifier, and > >>> that identifier should be forwarded to SPDX. We don't want to have > >>> Fedora wait on SPDX. > >> I already responded to Richard's comment above as to why not wait on > >> this step, but to add to that and in light of Neal's comment about the > >> identifier - while "waiting on SPDX" is not ideal, we also don't want to > >> jump to fast to using a provisional identifier, as it's on the SPDX > >> legal team to ensure that identifier is not already used by another > >> license - pretty important aspect for all involved. > >> > > If we're already using SPDX identifiers for the basis of our license > > identifier list, this problem isn't going to happen. > well, no, this could happen if Fedora reviewed a new license, not on > SPDX License List and waited to submit it to SPDX License List, started > using a proposed identifier in the package spec file, and then SPDX > determined, 'oh, can't use that identifier, as it's already used' - this > may be unlikely, but still something I think we want to prevent. The likelihood would be very low. We can already search if an existing identifier is present. If not, we can make our own and submit at the same time. We will use the new identifier as if it's approved, since SPDX will eventually approve it based on our usage anyway. > > It already > > doesn't happen today even with our distinctly different identifier > > systems. So I consider this optimization worth implementing, because > > SPDX legal is inherently not bound to Fedora and I don't want to add > > more drag to our already very slow FE-Legal process. > I'm not sure what you meant by SPDX legal is inherently not bound to > Fedora but let me add some key things for people to understand here who > may not be familiar with SPDX License List inclusion principles: > - if Fedora or even Debian have already concluded that a license meets > their free/open guidelines and that license is used for software > included in a major Linux distribution - this is pretty much a shoe-in > for inclusion on the SPDX License List. In other words, this make the > decision-making part easy for the SPDX legal team. > > (for those on this list who are not already aware - I have been a > maintainer of the SPDX License List since its inception) If this is the case, then my proposal on process should be fine. SPDX's purpose is to document the world, Fedora's purpose is to create that world. My problem with us blocking on SPDX is that it punishes packagers for trying to ship new software by forcing them to wait on a group that doesn't really need to align to us if they don't want to. Moreover, we wouldn't submit a request anyway if the license isn't good for Fedora anyway. So it doesn't make sense to submit to SPDX first, but instead for us to do the process ourselves, give an identifier, and then submit to SPDX to let them incorporate it eventually. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure