Re: License compliance in fedora-review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Richard,
> 
> Fedora used to maintain in its old license list an indication of
> whether a "good" license was GPLv2 and (separately) GPLv3 compatible.
> We thought this over carefully but decided not to continue this
> practice in the migration of this data to the fedora-license-data
> repository. This despite the fact that a lot of careful thought went
> into those determinations (such that I think the preserved record of
> those determinations has some significant historical value for GPL
> interpretation). We did this because in essentially no real-world case
> was the information ever used to take any action with respect to an
> actual or proposed Fedora package.
This data is helpful. Adding this to SPDX would be good, but given the
number of licenses, it would be most efficient if other interested
parties also contributed to this.
> 
> As for compatibility of arbitrary licenses more generally: If I'm
> counting correctly, Fedora now has 286 licenses in the simple
> "allowed" category (corresponding to the old "good [for software]"
> category) and this is expected to increase substantially with the
> ongoing migration to use of SPDX identifiers. So it is basically
> impractical if not impossible to maintain any useful, well-reasoned
> set of context-free compatibility relationships for each Fedora
> allowed license with respect to any other arbitrary Fedora allowed
> license.
> 
For software licenses, probably a simple categorization is reasonable?
Permissive, weakly protective, strongly protective, network protective
Suggestions can then be issued to packagers to check license compliance
that typically either the most protective license applies, or contents
with separate licenses are in separate packages.

The Apache 2 and GPL conflict seems well known. There are 1012 packages
in the repositories with both GPL and Apache licenses:
$ dnf repoquery --all --info > allpackageinfo.txt
$ cat allpackageinfo.txt | grep -n "ASL.* GPL" >> GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n "Apache.* GPL" >> GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n " GPL.*ASL" >> GPLonly_AND_APACHE.txt
$ cat allpackageinfo.txt | grep -n " GPL.*Apache" >> GPLonly_AND_APACHE.txt
$ wc -l GPLonly_AND_APACHE.txt

Need to check that either GPL license is the main one that applies with
Apache licensed software included in GPL software but no GPL software in
Apache licensed software or separate Apache and GPL packages are produced:
https://www.apache.org/licenses/GPL-compatibility.html

Maybe there are other well known cases that should be documented and
perhaps put in the review tool?
> Any Fedora community member who has a concern about a license
> compatibility issue involving a specific Fedora package or proposed
> Fedora package is encouraged to raise it (probably most appropriately
> in a Bugzilla bug) and it will be looked at in a context-specific way.
> This context-specific analysis will consider not only architectural
> issues (of the sort referred to by Miroslav) but also the licensing,
> development and political history of the code at issue and general
> relevant FOSS community practices. If it will prove useful we will try
> to document some generalized conclusions in the Fedora license
> documentation.
> 
Generalized conclusions/suggestions would be helpful.
> Lastly, I would suggest taking past promulgations on the general topic
> here by commentators with a fairly enormous grain of salt.
> 
> Richard
> 

_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux