Re: License compliance in fedora-review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 18, 2023 at 3:12 AM T.C. Hollingsworth
<tchollingsworth@xxxxxxxxx> wrote:
>
> On Tue, Jan 3, 2023 at 11:02 AM Richard Fontana <rfontana@xxxxxxxxxx> wrote:

> > Any Fedora community member who has a concern about a license
> > compatibility issue involving a specific Fedora package or proposed
> > Fedora package is encouraged to raise it (probably most appropriately
> > in a Bugzilla bug) and it will be looked at in a context-specific way.
> > This context-specific analysis will consider not only architectural
> > issues (of the sort referred to by Miroslav) but also the licensing,
> > development and political history of the code at issue and general
> > relevant FOSS community practices. If it will prove useful we will try
> > to document some generalized conclusions in the Fedora license
> > documentation.
>
> Speaking of "political history", there is a lot of talk about the
> unintentional incompatibility of (Apache-2.0 AND GPL-2.0) but nothing
> about the allegedly intentional incompatibility of (CDDL-1.0 AND
> GPL-*).
>
> Would you really want to reconsider previously thoroughly litigated
> matters such as cdrtools or OpenZFS each individually?  These are 2
> real-world cases that were probably considered on their own merits but
> nevertheless ultimately banned by the documented incompatibility in
> the license wiki.  While I don't think anyone is seriously proposing
> going back to the first one in the year 2022 AD, I can't help but
> wonder if the author of the former might have been one motivation for
> capturing this information in the first place LOL.  And OpenZFS might
> reasonably be proposed for inclusion in Fedora now that it is relaxing
> its restrictions around third party modules such as Nvidia's driver
> and at least one prominent distribution ships it.

These are the two cases I was thinking of (does anyone know any
others?). Not specific to Fedora, but my impression is that some fans
of or contributors to (Open)ZFS will stop at nothing to promote its
wider adoption so it wouldn't surprise me to see that one
"relitigated". Despite the general doubt I am casting on license
compatibility doctrine I actually think the copyleft/copyleft cases
have a clearer basis. Anyway, I am not concerned about past decided
issues being brought up again if the volume is sufficiently small. On
the license approval side I think we say in the documentation that
anyone can file an issue arguing that a license approval decision was
wrong, so it would be consistent with that policy.

> I don't think we need a big old "will it blend?" list, it's not
> necessary to consider and document the GPL compatibility of each and
> every license on the Fedora allowed list.  But I do think there is
> merit in a Not Allowed SPDX "AND" Expressions List that is scoped
> similarly to the Not Allowed Fedora Licenses List, that is only to
> combinations which exist in actual software that has been proposed for
> or previously included in Fedora.  If you feel that (Apache-2.0 AND
> GPL-2.0) doesn't belong on it due to the different history of that
> incompatibility that's fantastic, but I would love to hear your
> counterexample for how anything with (CDDL-1.0 AND GPL-2.0) could ever
> possibly be allowed.  :-D

Both you and Benson have mentioned SPDX expressions in the context of
this topic but I don't think the replacement of Callaway license names
with SPDX identifiers changes anything here. I guess the thought may
be that the adoption of SPDX expressions would make it easier to check
for a license incompatibility programmatically because SPDX
expressions are more easily parseable than Callaway license tags. I
actually think that increases my concern about Fedora maintaining the
"does it blend" guidance.

The problem again is the context-dependent nature of the issue. SPDX
expressions are not designed to capture the kinds of different
contexts we're talking about here. "CDDL-1.0 AND GPL-2.0-only" could
refer to a source file, a Fedora package, an executable file, a whole
distribution ... any number of things.

I suppose you might be suggesting that the CDDL/GPL case is different
from the Apache/GPL case because most cases you're likely to encounter
are more likely to be problematic. But that seems equivalent to saying
that the most likely situation where CDDL/GPL comes up is with
OpenZFS.

Richard
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux