Re: License question on rewrites in different languages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> The upstream project's metadata uses the SPDX expression "MIT" for the
> project's license, but includes both the license text for MIT (which
> covers the "matchit" project) and the one for BSD-3-Clause (which is
> the license of the "httprouter" project, which "matchit" is based on).
>
> Following the logic from points 1 and 3, should the upstream project's
> metadata use "MIT AND BSD-3-Clause" for the project license? I assume
> similar reasons apply to the tarballs that the upstream project
> distributes as would to the RPM packages that Fedora distributes.

> Should this discrepancy (i.e. license texts for both licenses
> included, but license in metadata does not) be reported / fixed in the
> upstream project as well?

I checked crates.io and couldn't find any guidelines on license
metadata. I don't think I personally would bother if I were the Fedora
packager but I think you've previously explained that for Rust
packages having the upstream metadata match the Fedora metadata would
have some benefits on the Fedora side. So it may be worth a try. The
upstream maintainer may be sympathetic to this given how they
emphasize the httprouter license.

Richard

>

On Wed, Jun 28, 2023 at 6:18 PM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:
>
> On Wed, Jun 28, 2023 at 11:13 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote:
> >
> > On Wed, Jun 28, 2023 at 4:44 PM <h-k-81@xxxxxxxxxxx> wrote:
> > >
> > > I am in the process of reviewing this package [1]. The author of the pacakge mentions "A lot of the code in this package was based on Julien Schmidt's httprouter." in the documentation and includes the license file of httprouter.
> > > The thing is that httprouter is written in Go and the library, that is being packaged, is written in Rust.
> > >
> > > So the question here is, does the Rust library have to include and mention the license of httprouter?
> >
> > I think you may be asking one of more of the following questions:
> >
> > 1. Given that httprouter is written in Go, can we assume that the
> > license of httprouter doesn't apply to this Rust crate?
> >
> > 2. Does the binary package need to install the httprouter license file?
> >
> > 3. Should the httprouter license be included in the spec file License: field?
> >
> > As to 1: I don't think we can assume that, no. The upstream project
> > says it's based on httprouter and it could be that some of it is a
> > close translation from Go to Rust. While the BSD licenses are not
> > entirely clear on this issue I think you should assume that the Rust
> > crate copies from httprouter in such a way that the httprouter license
> > requirements are triggered.
> >
> > As to 2: We still don't have updated standards around how to deal with
> > installation of license files and (in my opinion) the existing
> > packaging guidelines on that topic don't entirely make sense. In this
> > case I'd take a conservative approach and assume the httprouter
> > license needs to be installed along with the rust-matchit project
> > license.
> >
> > As to 3, this follows from 1: you should assume the License: field
> > should include `BSD-3-Clause` as appropriate.
>
> Thanks for the explanations! (I submitted the package in question for review.)
>
> I only have one remaining question:
>
> The upstream project's metadata uses the SPDX expression "MIT" for the
> project's license, but includes both the license text for MIT (which
> covers the "matchit" project) and the one for BSD-3-Clause (which is
> the license of the "httprouter" project, which "matchit" is based on).
>
> Following the logic from points 1 and 3, should the upstream project's
> metadata use "MIT AND BSD-3-Clause" for the project license? I assume
> similar reasons apply to the tarballs that the upstream project
> distributes as would to the RPM packages that Fedora distributes.
>
> Should this discrepancy (i.e. license texts for both licenses
> included, but license in metadata does not) be reported / fixed in the
> upstream project as well?
>
> Fabio
>
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux