Re: License question on rewrites in different languages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 28, 2023 at 11:13 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote:
>
> On Wed, Jun 28, 2023 at 4:44 PM <h-k-81@xxxxxxxxxxx> wrote:
> >
> > I am in the process of reviewing this package [1]. The author of the pacakge mentions "A lot of the code in this package was based on Julien Schmidt's httprouter." in the documentation and includes the license file of httprouter.
> > The thing is that httprouter is written in Go and the library, that is being packaged, is written in Rust.
> >
> > So the question here is, does the Rust library have to include and mention the license of httprouter?
>
> I think you may be asking one of more of the following questions:
>
> 1. Given that httprouter is written in Go, can we assume that the
> license of httprouter doesn't apply to this Rust crate?
>
> 2. Does the binary package need to install the httprouter license file?
>
> 3. Should the httprouter license be included in the spec file License: field?
>
> As to 1: I don't think we can assume that, no. The upstream project
> says it's based on httprouter and it could be that some of it is a
> close translation from Go to Rust. While the BSD licenses are not
> entirely clear on this issue I think you should assume that the Rust
> crate copies from httprouter in such a way that the httprouter license
> requirements are triggered.
>
> As to 2: We still don't have updated standards around how to deal with
> installation of license files and (in my opinion) the existing
> packaging guidelines on that topic don't entirely make sense. In this
> case I'd take a conservative approach and assume the httprouter
> license needs to be installed along with the rust-matchit project
> license.
>
> As to 3, this follows from 1: you should assume the License: field
> should include `BSD-3-Clause` as appropriate.

Thanks for the explanations! (I submitted the package in question for review.)

I only have one remaining question:

The upstream project's metadata uses the SPDX expression "MIT" for the
project's license, but includes both the license text for MIT (which
covers the "matchit" project) and the one for BSD-3-Clause (which is
the license of the "httprouter" project, which "matchit" is based on).

Following the logic from points 1 and 3, should the upstream project's
metadata use "MIT AND BSD-3-Clause" for the project license? I assume
similar reasons apply to the tarballs that the upstream project
distributes as would to the RPM packages that Fedora distributes.

Should this discrepancy (i.e. license texts for both licenses
included, but license in metadata does not) be reported / fixed in the
upstream project as well?

Fabio
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux