On Wed, Jan 18, 2023 at 3:12 AM T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> wrote: > > On Tue, Jan 3, 2023 at 11:02 AM Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > Any Fedora community member who has a concern about a license > > compatibility issue involving a specific Fedora package or proposed > > Fedora package is encouraged to raise it (probably most appropriately > > in a Bugzilla bug) and it will be looked at in a context-specific way. > > This context-specific analysis will consider not only architectural > > issues (of the sort referred to by Miroslav) but also the licensing, > > development and political history of the code at issue and general > > relevant FOSS community practices. If it will prove useful we will try > > to document some generalized conclusions in the Fedora license > > documentation. > > Speaking of "political history", there is a lot of talk about the > unintentional incompatibility of (Apache-2.0 AND GPL-2.0) but nothing > about the allegedly intentional incompatibility of (CDDL-1.0 AND > GPL-*). > > Would you really want to reconsider previously thoroughly litigated > matters such as cdrtools or OpenZFS each individually? These are 2 > real-world cases that were probably considered on their own merits but > nevertheless ultimately banned by the documented incompatibility in > the license wiki. While I don't think anyone is seriously proposing > going back to the first one in the year 2022 AD, I can't help but > wonder if the author of the former might have been one motivation for > capturing this information in the first place LOL. And OpenZFS might > reasonably be proposed for inclusion in Fedora now that it is relaxing > its restrictions around third party modules such as Nvidia's driver > and at least one prominent distribution ships it. These are the two cases I was thinking of (does anyone know any others?). Not specific to Fedora, but my impression is that some fans of or contributors to (Open)ZFS will stop at nothing to promote its wider adoption so it wouldn't surprise me to see that one "relitigated". Despite the general doubt I am casting on license compatibility doctrine I actually think the copyleft/copyleft cases have a clearer basis. Anyway, I am not concerned about past decided issues being brought up again if the volume is sufficiently small. On the license approval side I think we say in the documentation that anyone can file an issue arguing that a license approval decision was wrong, so it would be consistent with that policy. > I don't think we need a big old "will it blend?" list, it's not > necessary to consider and document the GPL compatibility of each and > every license on the Fedora allowed list. But I do think there is > merit in a Not Allowed SPDX "AND" Expressions List that is scoped > similarly to the Not Allowed Fedora Licenses List, that is only to > combinations which exist in actual software that has been proposed for > or previously included in Fedora. If you feel that (Apache-2.0 AND > GPL-2.0) doesn't belong on it due to the different history of that > incompatibility that's fantastic, but I would love to hear your > counterexample for how anything with (CDDL-1.0 AND GPL-2.0) could ever > possibly be allowed. :-D Both you and Benson have mentioned SPDX expressions in the context of this topic but I don't think the replacement of Callaway license names with SPDX identifiers changes anything here. I guess the thought may be that the adoption of SPDX expressions would make it easier to check for a license incompatibility programmatically because SPDX expressions are more easily parseable than Callaway license tags. I actually think that increases my concern about Fedora maintaining the "does it blend" guidance. The problem again is the context-dependent nature of the issue. SPDX expressions are not designed to capture the kinds of different contexts we're talking about here. "CDDL-1.0 AND GPL-2.0-only" could refer to a source file, a Fedora package, an executable file, a whole distribution ... any number of things. I suppose you might be suggesting that the CDDL/GPL case is different from the Apache/GPL case because most cases you're likely to encounter are more likely to be problematic. But that seems equivalent to saying that the most likely situation where CDDL/GPL comes up is with OpenZFS. Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
