Re: License question on rewrites in different languages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 29, 2023 at 9:37 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote:
>
>
> Dne 29. 06. 23 v 14:54 Richard Fontana napsal(a):
> >> The upstream project's metadata uses the SPDX expression "MIT" for the
> >> project's license, but includes both the license text for MIT (which
> >> covers the "matchit" project) and the one for BSD-3-Clause (which is
> >> the license of the "httprouter" project, which "matchit" is based on).
> >>
> >> Following the logic from points 1 and 3, should the upstream project's
> >> metadata use "MIT AND BSD-3-Clause" for the project license? I assume
> >> similar reasons apply to the tarballs that the upstream project
> >> distributes as would to the RPM packages that Fedora distributes.
> >> Should this discrepancy (i.e. license texts for both licenses
> >> included, but license in metadata does not) be reported / fixed in the
> >> upstream project as well?
> > I checked crates.io and couldn't find any guidelines on license
> > metadata. I don't think I personally would bother
>
>
> This is surprising position.
>
> Why it should be based on crates.io guidelines? I think that most of us
> struggling with licenses. Fedora is struggling with licenses. I am quite
> sure crates.io is struggling with licenses.
>
> So maybe the Fedora position should be at minimum to recommend to fix it
> upstream if the time was already spent on the analysis.

I think Jilayne might agree with this. My concern is that different
packaging systems may (legitimately) have different standards for how
to document licenses in metadata, even if superficially they use the
same syntax (increasingly, SPDX). Fedora's current (and historical)
standards at least in theory are based on this binary/source
distinction, but that may not make sense for other systems. There's no
universal standard for what package license metadata should signify.
To a large extent I think the question is about what license
information should/can be *ignored* despite it being detectable
somehow in the source code of a package. SPDX could probably provide
this but I don't think it wants to.

Richard
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux