Hi Richard, > > Fedora used to maintain in its old license list an indication of > whether a "good" license was GPLv2 and (separately) GPLv3 compatible. > We thought this over carefully but decided not to continue this > practice in the migration of this data to the fedora-license-data > repository. This despite the fact that a lot of careful thought went > into those determinations (such that I think the preserved record of > those determinations has some significant historical value for GPL > interpretation). We did this because in essentially no real-world case > was the information ever used to take any action with respect to an > actual or proposed Fedora package. This data is helpful. Adding this to SPDX would be good, but given the number of licenses, it would be most efficient if other interested parties also contributed to this. > > As for compatibility of arbitrary licenses more generally: If I'm > counting correctly, Fedora now has 286 licenses in the simple > "allowed" category (corresponding to the old "good [for software]" > category) and this is expected to increase substantially with the > ongoing migration to use of SPDX identifiers. So it is basically > impractical if not impossible to maintain any useful, well-reasoned > set of context-free compatibility relationships for each Fedora > allowed license with respect to any other arbitrary Fedora allowed > license. > For software licenses, probably a simple categorization is reasonable? Permissive, weakly protective, strongly protective, network protective Suggestions can then be issued to packagers to check license compliance that typically either the most protective license applies, or contents with separate licenses are in separate packages. The Apache 2 and GPL conflict seems well known. There are 1012 packages in the repositories with both GPL and Apache licenses: $ dnf repoquery --all --info > allpackageinfo.txt $ cat allpackageinfo.txt | grep -n "ASL.* GPL" >> GPLonly_AND_APACHE.txt $ cat allpackageinfo.txt | grep -n "Apache.* GPL" >> GPLonly_AND_APACHE.txt $ cat allpackageinfo.txt | grep -n " GPL.*ASL" >> GPLonly_AND_APACHE.txt $ cat allpackageinfo.txt | grep -n " GPL.*Apache" >> GPLonly_AND_APACHE.txt $ wc -l GPLonly_AND_APACHE.txt Need to check that either GPL license is the main one that applies with Apache licensed software included in GPL software but no GPL software in Apache licensed software or separate Apache and GPL packages are produced: https://www.apache.org/licenses/GPL-compatibility.html Maybe there are other well known cases that should be documented and perhaps put in the review tool? > Any Fedora community member who has a concern about a license > compatibility issue involving a specific Fedora package or proposed > Fedora package is encouraged to raise it (probably most appropriately > in a Bugzilla bug) and it will be looked at in a context-specific way. > This context-specific analysis will consider not only architectural > issues (of the sort referred to by Miroslav) but also the licensing, > development and political history of the code at issue and general > relevant FOSS community practices. If it will prove useful we will try > to document some generalized conclusions in the Fedora license > documentation. > Generalized conclusions/suggestions would be helpful. > Lastly, I would suggest taking past promulgations on the general topic > here by commentators with a fairly enormous grain of salt. > > Richard > _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
