Re: License compliance in fedora-review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 16, 2023 at 02:09:12PM -0500, Neal Gompa wrote:
> On Mon, Jan 16, 2023 at 2:04 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote:
> >
> > On Mon, Jan 16, 2023 at 2:47 AM Neal Gompa <ngompa13@xxxxxxxxx> wrote:
> >
> > > It's fine that SPDX doesn't offer this guidance, but Fedora as a
> > > distributor *needs* it. Fedora provided very valuable guidance with
> > > its "will-it-blend" chart and offering explicit interpretation. It was
> > > useful for both packagers and upstreams to figure out what they can
> > > and cannot do. Eliminating that guidance is creating problems now
> > > because with the transition to SPDX, you're effectively requiring
> > > everyone to re-evaluate all packages for their licensing and document
> > > it without any real ability to figure out if it makes any sense
> > > anymore.
> >
> > In my opinion, the default assumption (and I think we should say this
> > in documentation) should be that if the licenses are all
> > Fedora-allowed, a particular combination of licenses embodied in a
> > particular package is okay.  If there are specific concerns about some
> > combination of Fedora-allowed licenses that package maintainers or
> > others want to raise, they can do so and this will be investigated.
> > Over the past nearly 15 years, most of them under the previous
> > documentation/guidance/process regime, my impression has been that
> > such concerns were raised only in very rare cases, typically involving
> > a well known upstream issue.
> >
> 
> I suspect part of the reason is because Tom Callaway proactively
> documented compatibility as part of incorporating licenses. That
> eliminated a large portion of the need to ask. Now that the
> information is gone, people are asking. :)

The big thing that Tom's chart did was assume that license compatibility
between two licenses is simply a true or false issue.  What Jilayne was saying
is that this is not the case and even if a project like Fedora were to provide
a similar chart or an opinion on license compatibility, that's all it is--an
opinion.  Many in Fedora agree with those interpretations, but if an actual
legal issue is raised then that information is still just part of the process
of figuring out if something wrong has been done.

> > The migration to SPDX has been under way now for ~five months and
> > Benson's issue is the first time I'm aware of that anyone has brought
> > up a license compatibility issue in a Fedora package during that time
> > period, FWIW.
> >
> > I think you've raised an interesting philosophical question, which is
> > whether FOSS licensing is supposed to "make sense" beyond the mere
> > juxtaposition of the various licenses that apply to some set of
> > binaries or source files. I have some preliminary thoughts on this but
> > will have to think about it some more. :)
> >
> 
> I'd argue that it's supposed to make sense, or otherwise people can't
> reasonably use it. Part of the value of a distribution is sorting this
> mess out for people. :)

That's really the point of the fedora-license-data effort.  And a lot of that
is simplifying things as much as possible and getting package maintainers and
developers out of the business of providing legal interpretations.

Thanks,

-- 
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat, Inc. | Boston, MA | EST5EDT
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux