Re: Additional SPDX questions for .NET 7 (dotnet7.0)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 24, 2022 at 1:07 PM Omair Majid <omajid@xxxxxxxxxx> wrote:
>
> Hi,
>
> I have been working on moving the (still in review) .NET 7 package to
> the new SPDX identifiers in the License field and I had some additional
> questions that I could use some guidance on.
>
> 1. What, if anything, do I need to do about the "MS Patent Promise"?
>
>    Full text here: https://github.com/dotnet/runtime/blob/main/PATENTS.TXT
>
>    Is this something that needs to be tracked as a license?

There's no current explicit policy on this but (1) such standalone
patent statements of this sort should be reviewed for conformance with
Fedora legal standards, much as non-patent-specific software licenses
should be reviewed, and (2) my current inclination is that they should
be documented in the license tag. If you could submit an issue about
the Microsoft patent promise to fedora-license-data we can proceed
from there.

> 2. What to do about code that uses answers from StackOverflow?
>
>    StackOverflow answers are licensed under some variant of CC:
>    https://stackoverflow.com/help/licensing
>
>    .NET has some code that's adapted from there. For example,
>    https://github.com/dotnet/runtime/blob/ac03fbd184b182a6632a50bbe70bc733e487264c/src/libraries/System.Private.CoreLib/src/System/Runtime/Intrinsics/Vector128.cs#L398-L420
>
>    CC-BY-SA-4.0 is in the "allowed content" list in Fedora, but not in
>    the "allowed-for-code" list. What should I do here?

Ah, yes, this is an unfortunate problem that Stack Exchange has
created, though I'm not sure it's explicitly come up in a Fedora
context before. CC BY-SA cannot generally be "allowed" (e.g. for code)
in Fedora for the same reason that CC0 now isn't, namely, it has a "no
patent licenses" clause, which is less annoying in the CC BY-SA case
because, leaving aside this Stack Overflow license policy, it is very
uncommon to see CC BY-SA used for code. It seems appropriate to create
an exception (documented in a "usage" note) that would permit
reasonable cases involving efforts to comply with the StackOverflow
policy. If you could submit an issue about this at fedora-license-data
we can proceed from there.

> 3. Some code seems to have warranty disclaimers
>
>    Example: https://github.com/dotnet/fsharp/blob/main/tests/fsharp/typecheck/sigs/neg70.fsx
>
>    How should I handle this? Would this file be covered under the
>    license at the root of the repository (MIT), or would this be a
>    separate license?

I don't think I can give a general answer but looking at this
particular case (and this would also apply to other F# tests in that
repository using the same boilerplate language, if any), I would just
assume that the license is the MIT license (the intention was probably
more like a no-conditions broad permission grant).

> 5. Is there an SPDX identifier for "Unicode Mappings License"?
>
>    An example of this license is also at
>    https://android.googlesource.com/platform/external/unicode/+/49008729606a2dca67c1572bd6e2e196be1eda24/ConvertUTF.h

This license was recently determined to be not allowed:
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/69

As noted there, a similar Unicode license was treated as "good" in the
past, for unclear reasons, and I speculated that this UTF conversion
code probably appeared in a number of Fedora packages. You are welcome
to submit an issue about this at fedora-license-data. The best result
here, long term at least, would be to either get the upstream to
replace this code with something under a FOSS license or to see
whether a more recent FOSS Unicode license might cover the same code
(which might require finding someone at the Unicode Consortium).

> 6. Is there an SPDX identifier for this MIT variant?
>
>    https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT#HP_Variant
>
>    Internally, I have seen Red Hat refer to this as OSF-1990.

I don't believe so. Jilayne would know whether there was any past
attempt to submit this to SPDX.

> 7. Is there a known SPDX identifier for the IETF license?
>
>    License text available at bottom of
>    https://datatracker.ietf.org/doc/rfc3492/
>
>    Internally, Red Hat refers to this as just "ietf".

I don't think so. Please submit an issue to fedora-license-data. Note,
I created an issue at fedora-legal-docs not too long ago about the
same license, suggesting that RFC documents should be classified as
"content" rather than "documentation" for Fedora license standards
purposes. See:
https://gitlab.com/fedora/legal/fedora-legal-docs/-/issues/26

BTW, just to clarify, whether a license encountered in a package has
an SPDX identifier is a secondary issue; the primary question is
whether the license meets Fedora licensing standards
(https://docs.fedoraproject.org/en-US/legal/license-approval/). Many
licenses with SPDX identifiers are not allowed in Fedora; there are
also licenses allowed in Fedora that do not have SPDX identifiers,
though we are aiming to get SPDX identifiers assigned for any license
that is included in an RPM license tag.

> 9. Is there anything that I need to do about these public domain
>    disclaimers? Can I just refer to these as CC-PDDC?
>
>   - https://github.com/dotnet/runtime/blob/de84cf9f723f5d4342e95c692d088ed2af63fdbe/src/coreclr/inc/utilcode.h#L2417-L2425
>   - https://github.com/dotnet/fsharp/blob/23e22eadf193cdd7e38ea4fa68c0f76d1b14ca9b/src/FSharp.Core/tasks.fs#L3-L12
>   - https://github.com/dotnet/fsharp/blob/23e22eadf193cdd7e38ea4fa68c0f76d1b14ca9b/tests/fsharp/typecheck/sigs/neg72.fsx#L2-L7

So as to the third one there, see my response above about the other F#
test/sample code.

Regarding the other two: Back in the Callaway era, there was an
expectation that public domain dedications would be documented in the
license tag using the "Public Domain" name. We currently don't have a
great post-Callaway solution (and how best to deal with this remains
uncertain) but what we are doing for the time being is using
"LicenseRef-Fedora-Public-Domain"  as the SPDX expression
(https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/LicenseRef-Fedora-Public-Domain.toml)
and we are asking package maintainers to add the public domain
dedication language to this file:
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt
basically so that we can get a better sense of the range of permission
statements at issue here.

Richard
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux