Re: License compliance in fedora-review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 17, 2023 at 2:08 AM Benson Muite
<benson_muite@xxxxxxxxxxxxx> wrote:
>
> Some developers are aware of this, especially for packages made by
> people backed by large corporations.  However, for many small projects,
> this is more difficult.  When good practice has been followed and
> license information of included software is available, producing a
> warning of possible license incompatibility and asking reviewers to
> check it is helpful.  The aim should be a best efforts check when
> license incompatibilities are known.

I could go into so much more detail about this but the fundamental
issue is that they are not *known*.

Even if we suppose that there is some sort of undisputed truth here,
as Jilayne and Miroslav and David have said in different ways, the
issue has to be context-dependent if it is going to make sense at all.
What we've found over many years is that there are so many contextual
reasons why a supposed license incompatibility can't actually be
present that it would be wrong to start out with a context-free
assumption that a license incompatibility exists at all. Fedora had a
confusing but historically-understandable position on this in the
past, because it tried to give meaning to and elaborate on this
doctrine by classifying approved licenses as GPLv2/GPLv3
(in)compatible, but it also actually found that typically the doctrine
wasn't applicable when someone brought it up. This can be seen in the
fact that so few packages were kept out of Fedora for license
incompatibility-related reasons (offhand I can only think of two over
a ~15 year period).

So if say 90% of the time an identified GPLv2/Apache-2.0 juxtaposition
in a package turns out not to be a demonstrable problem for one or
multiple reasons, how should Fedora address the 10% where there is at
least some basis for saying there is a problem? I truly believe based
on past experience working with Fedora that it *at least* that
lopsided. Fedora's treatment of this issue should reflect the
marginality of the issue, and that's why I say a good solution is to
encourage Fedora contributors to raise license incompatibility issues
they think might exist with a specific package in a Fedora Bugzilla
bug report and they will be investigated in a context-specific way in
due course.

> For commonly used
> licenses, license compatibilities have likely been determined and
> suggestions can be made by software without an offer of support for
> legal representation in the case of a law suit should be made.

To be clear, this is not at all my concern about having Fedora get
overly proscriptive on this topic. Rather, I do not want to slow down
Fedora for no good reason. I also want us to continue to actively
shape how these licenses are interpreted ourselves (sometimes
collaborating with our peer community Linux distributions) rather than
rely uncritically on something someone one or more steps removed from
Fedora and other Linux distributions may have said about the topic.

Richard
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux