On 1/2/23 11:49, Miroslav Suchý wrote: > Dne 02. 01. 23 v 6:34 Benson Muite napsal(a): >> available in a package. However, not all licenses are compliant with >> each other. A chart indicating which licenses can be included with other >> licenses is available at: >> https://dwheeler.com/essays/floss-license-slide.html >> Would it be possible to create a similar chart for all SPDX identifiers >> that can be used in Fedora? This would enable adding such a check to >> fedora-review. > > IANAL but this can be hardly applied to package. This graph can be > applied on the same or derived work. But not on the collection of work. > Which package is. > > E.g., I can have a package which contains tools: > > /usr/bin/foo > > /usr/bin/bar > > foo is licensed as LGPLv2.1 and bar is licensed as MPL 1.1. Although > these two licenses are not compatible, I see no problem to have these > two separate tools in the same package. And package to have license > LGPL-2.1-or-later AND MPL 1.1 (or what is the SPDX id). It is reasonable to have the tools as separate binaries within the same package. At present, license check will indicate which license declarations have been made. Having reviewer guidance on license compatibility would be helpful. A full automatic check maybe difficult, but warnings would be helpful for reviewers to check licensing and seek clarification if necessary. As there is an ever growing number of open source licenses, automating some of this process is helpful. Motivation for this is a review of a package that contains files under GPL2+, but intention of developers is to use Apache 2.0. https://bugzilla.redhat.com/show_bug.cgi?id=2157252 _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
