On Wed, Jul 26, 2023 at 12:19 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > Dne 26. 07. 23 v 0:12 Neal Gompa napsal(a): > > Yes, that makes sense, although for the *GPL licenses we'd have to use > what SPDX considers to be deprecated identifiers (GPL-2.0, etc.). > However, I would specifically propose *not* using the SPDX plain text > pseudo-renditions of particular license identifiers, which I believe > are generated automatically from XML files and don't really serve the > purpose I have in mind. We should use the license steward-authorized > version of the license in question; so, for example, the file > /usr/share/licenses/common-licenses/GPL-2.0 would be a copy of > https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt > For all the licenses I listed, there is a license steward (FSF, and > the Apache Software Foundation) who publishes an official plain text > version of the license in question. > > Yes, that makes sense to me. > > > That does not make sense to me :) > > Can you elaborate what is the difference between https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt and > > https://github.com/spdx/license-list-XML/blob/main/src/GPL-2.0-or-later.xml#L17 The generated text file (I assume this is generated from the XML file) https://raw.githubusercontent.com/spdx/license-list-data/main/text/GPL-2.0-only.txt is not easily readable compared to the license steward version, which is *designed* to be readable. Actually, the XML file may be more easy to read than the text file. I also have the impression that SPDX's approach of generating text files from XML files has tended to result in subtle errors in some cases. You can argue that no one actually reads the license, but then that's an argument for not including the license text to begin with. After all, it will be in the source code (usually). Fedora really doesn't have a clear rationale for why particular license texts get installed in /usr/share/licenses. > And if there are really some difference can we rather ask for the change in SPDX? And include in the XML what we need? I really want to avoid maintaining other list of licenses and they relation to SPDX ids. Well in my proposal we're really only talking about a handful of license texts that are known to get (typographically) updated only very rarely and in nonsubstantive ways. The idea of having all packages symbolically link to hundreds of SPDX-standardized license texts is much more problematic, though worth thinking about as it may help clarify why we are bothering to include any license files at all. Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
