On 1/2/23 12:11, Benson Muite wrote: > On 1/2/23 11:49, Miroslav Suchý wrote: >> Dne 02. 01. 23 v 6:34 Benson Muite napsal(a): >>> available in a package. However, not all licenses are compliant with >>> each other. A chart indicating which licenses can be included with other >>> licenses is available at: >>> https://dwheeler.com/essays/floss-license-slide.html >>> Would it be possible to create a similar chart for all SPDX identifiers >>> that can be used in Fedora? This would enable adding such a check to >>> fedora-review. >> >> IANAL but this can be hardly applied to package. This graph can be >> applied on the same or derived work. But not on the collection of work. >> Which package is. >> >> E.g., I can have a package which contains tools: >> >> /usr/bin/foo >> >> /usr/bin/bar >> >> foo is licensed as LGPLv2.1 and bar is licensed as MPL 1.1. Although >> these two licenses are not compatible, I see no problem to have these >> two separate tools in the same package. And package to have license >> LGPL-2.1-or-later AND MPL 1.1 (or what is the SPDX id). > It is reasonable to have the tools as separate binaries within the same > package. At present, license check will indicate which license > declarations have been made. Having reviewer guidance on license > compatibility would be helpful. A full automatic check maybe difficult, > but warnings would be helpful for reviewers to check licensing and seek > clarification if necessary. As there is an ever growing number of open > source licenses, automating some of this process is helpful. Motivation > for this is a review of a package that contains files under GPL2+, but > intention of developers is to use Apache 2.0. > https://bugzilla.redhat.com/show_bug.cgi?id=2157252 > There is some work on this. In particular the Open Source Automation Development lab [1] publishes a compatibility matrix in Json format. This information is available in a Python library [2], though can also build something specifically for Fedora. Creative commons licenses [3] also have compatibility requirements. 1) https://www.osadl.org/Access-to-raw-data.oss-compliance-raw-data-access.0.html 2) https://github.com/priv-kweihmann/osadl-matrix 3) https://en.wikipedia.org/wiki/License_compatibility#Creative_Commons_license_compatibility _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
