On Thu, Nov 24, 2022 at 1:07 PM Omair Majid <omajid@xxxxxxxxxx> wrote: > > Hi, > > I have been working on moving the (still in review) .NET 7 package to > the new SPDX identifiers in the License field and I had some additional > questions that I could use some guidance on. > > 1. What, if anything, do I need to do about the "MS Patent Promise"? > > Full text here: https://github.com/dotnet/runtime/blob/main/PATENTS.TXT > > Is this something that needs to be tracked as a license? There's no current explicit policy on this but (1) such standalone patent statements of this sort should be reviewed for conformance with Fedora legal standards, much as non-patent-specific software licenses should be reviewed, and (2) my current inclination is that they should be documented in the license tag. If you could submit an issue about the Microsoft patent promise to fedora-license-data we can proceed from there. > 2. What to do about code that uses answers from StackOverflow? > > StackOverflow answers are licensed under some variant of CC: > https://stackoverflow.com/help/licensing > > .NET has some code that's adapted from there. For example, > https://github.com/dotnet/runtime/blob/ac03fbd184b182a6632a50bbe70bc733e487264c/src/libraries/System.Private.CoreLib/src/System/Runtime/Intrinsics/Vector128.cs#L398-L420 > > CC-BY-SA-4.0 is in the "allowed content" list in Fedora, but not in > the "allowed-for-code" list. What should I do here? Ah, yes, this is an unfortunate problem that Stack Exchange has created, though I'm not sure it's explicitly come up in a Fedora context before. CC BY-SA cannot generally be "allowed" (e.g. for code) in Fedora for the same reason that CC0 now isn't, namely, it has a "no patent licenses" clause, which is less annoying in the CC BY-SA case because, leaving aside this Stack Overflow license policy, it is very uncommon to see CC BY-SA used for code. It seems appropriate to create an exception (documented in a "usage" note) that would permit reasonable cases involving efforts to comply with the StackOverflow policy. If you could submit an issue about this at fedora-license-data we can proceed from there. > 3. Some code seems to have warranty disclaimers > > Example: https://github.com/dotnet/fsharp/blob/main/tests/fsharp/typecheck/sigs/neg70.fsx > > How should I handle this? Would this file be covered under the > license at the root of the repository (MIT), or would this be a > separate license? I don't think I can give a general answer but looking at this particular case (and this would also apply to other F# tests in that repository using the same boilerplate language, if any), I would just assume that the license is the MIT license (the intention was probably more like a no-conditions broad permission grant). > 5. Is there an SPDX identifier for "Unicode Mappings License"? > > An example of this license is also at > https://android.googlesource.com/platform/external/unicode/+/49008729606a2dca67c1572bd6e2e196be1eda24/ConvertUTF.h This license was recently determined to be not allowed: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/69 As noted there, a similar Unicode license was treated as "good" in the past, for unclear reasons, and I speculated that this UTF conversion code probably appeared in a number of Fedora packages. You are welcome to submit an issue about this at fedora-license-data. The best result here, long term at least, would be to either get the upstream to replace this code with something under a FOSS license or to see whether a more recent FOSS Unicode license might cover the same code (which might require finding someone at the Unicode Consortium). > 6. Is there an SPDX identifier for this MIT variant? > > https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#HP_Variant > > Internally, I have seen Red Hat refer to this as OSF-1990. I don't believe so. Jilayne would know whether there was any past attempt to submit this to SPDX. > 7. Is there a known SPDX identifier for the IETF license? > > License text available at bottom of > https://datatracker.ietf.org/doc/rfc3492/ > > Internally, Red Hat refers to this as just "ietf". I don't think so. Please submit an issue to fedora-license-data. Note, I created an issue at fedora-legal-docs not too long ago about the same license, suggesting that RFC documents should be classified as "content" rather than "documentation" for Fedora license standards purposes. See: https://gitlab.com/fedora/legal/fedora-legal-docs/-/issues/26 BTW, just to clarify, whether a license encountered in a package has an SPDX identifier is a secondary issue; the primary question is whether the license meets Fedora licensing standards (https://docs.fedoraproject.org/en-US/legal/license-approval/). Many licenses with SPDX identifiers are not allowed in Fedora; there are also licenses allowed in Fedora that do not have SPDX identifiers, though we are aiming to get SPDX identifiers assigned for any license that is included in an RPM license tag. > 9. Is there anything that I need to do about these public domain > disclaimers? Can I just refer to these as CC-PDDC? > > - https://github.com/dotnet/runtime/blob/de84cf9f723f5d4342e95c692d088ed2af63fdbe/src/coreclr/inc/utilcode.h#L2417-L2425 > - https://github.com/dotnet/fsharp/blob/23e22eadf193cdd7e38ea4fa68c0f76d1b14ca9b/src/FSharp.Core/tasks.fs#L3-L12 > - https://github.com/dotnet/fsharp/blob/23e22eadf193cdd7e38ea4fa68c0f76d1b14ca9b/tests/fsharp/typecheck/sigs/neg72.fsx#L2-L7 So as to the third one there, see my response above about the other F# test/sample code. Regarding the other two: Back in the Callaway era, there was an expectation that public domain dedications would be documented in the license tag using the "Public Domain" name. We currently don't have a great post-Callaway solution (and how best to deal with this remains uncertain) but what we are doing for the time being is using "LicenseRef-Fedora-Public-Domain" as the SPDX expression (https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/LicenseRef-Fedora-Public-Domain.toml) and we are asking package maintainers to add the public domain dedication language to this file: https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt basically so that we can get a better sense of the range of permission statements at issue here. Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
