On Tue, Jan 17, 2023 at 2:08 AM Benson Muite <benson_muite@xxxxxxxxxxxxx> wrote: > > Some developers are aware of this, especially for packages made by > people backed by large corporations. However, for many small projects, > this is more difficult. When good practice has been followed and > license information of included software is available, producing a > warning of possible license incompatibility and asking reviewers to > check it is helpful. The aim should be a best efforts check when > license incompatibilities are known. I could go into so much more detail about this but the fundamental issue is that they are not *known*. Even if we suppose that there is some sort of undisputed truth here, as Jilayne and Miroslav and David have said in different ways, the issue has to be context-dependent if it is going to make sense at all. What we've found over many years is that there are so many contextual reasons why a supposed license incompatibility can't actually be present that it would be wrong to start out with a context-free assumption that a license incompatibility exists at all. Fedora had a confusing but historically-understandable position on this in the past, because it tried to give meaning to and elaborate on this doctrine by classifying approved licenses as GPLv2/GPLv3 (in)compatible, but it also actually found that typically the doctrine wasn't applicable when someone brought it up. This can be seen in the fact that so few packages were kept out of Fedora for license incompatibility-related reasons (offhand I can only think of two over a ~15 year period). So if say 90% of the time an identified GPLv2/Apache-2.0 juxtaposition in a package turns out not to be a demonstrable problem for one or multiple reasons, how should Fedora address the 10% where there is at least some basis for saying there is a problem? I truly believe based on past experience working with Fedora that it *at least* that lopsided. Fedora's treatment of this issue should reflect the marginality of the issue, and that's why I say a good solution is to encourage Fedora contributors to raise license incompatibility issues they think might exist with a specific package in a Fedora Bugzilla bug report and they will be investigated in a context-specific way in due course. > For commonly used > licenses, license compatibilities have likely been determined and > suggestions can be made by software without an offer of support for > legal representation in the case of a law suit should be made. To be clear, this is not at all my concern about having Fedora get overly proscriptive on this topic. Rather, I do not want to slow down Fedora for no good reason. I also want us to continue to actively shape how these licenses are interpreted ourselves (sometimes collaborating with our peer community Linux distributions) rather than rely uncritically on something someone one or more steps removed from Fedora and other Linux distributions may have said about the topic. Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue