Re: msv (xsdlib) licensing review

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 8, 2023 at 9:00 AM Marián Konček <mkoncek@xxxxxxxxxx> wrote:
>
> As part of the jaxb 4.0.2 -> 4.0.3 update, part of this package is
> needed for its code generation. Therefore, I would like to package it in
> Fedora. This package has complex licensing which is why I am asking for
> a review. Note that I only need the "xsdlib" subdirectory.
>
> I only need a stripped-down version of this package as if by
> downloading:
> https://github.com/xmlark/msv/archive/refs/tags/msv-2022.7.tar.gz
>
> and running (inside the msv-msv-2022.7 directory):
>
> find . -mindepth 1 -maxdepth 1 -type d ! -name 'xsdlib' -exec rm -rf {} +
> rm -rf xsdlib/src/main/resources
> rm -rf xsdlib/src/test
> grep -l -r --ignore-case 'proprietary' | xargs rm -v
>
> Most problematic license files are: copyright.txt and license.txt in
> https://github.com/xmlark/msv/tree/main/docs/xsdlib. To my knowledge,
> all files that remained use explicit BSD-3-Clause or Apache-1.1.
> Question is whether we could have removed the copyright.txt and
> license.txt files in the first place.
>
> Current upstream: https://github.com/xmlark/msv
> Previous package in Fedora (used different source repository):
> https://koji.fedoraproject.org/koji/packageinfo?packageID=2576
> Previous bug related to licensing:
> https://bugzilla.redhat.com/show_bug.cgi?id=87684
>
> Also grep --ignore-case for "proprietary" "confidential", "nuclear".

Can you create  a package just from that subset of the xsdlib
directory as you indicated above?

In those files, what I saw on a quick review was:

- pom.xml : there's a Sun BSD license that is probably OK for Fedora
but does not seem to match any known variant. (It's tempting to just
ignore this but since it's probably OK we might as well add it.)

- Oracle 3-clause BSD licenses: most of these seem to be BSD-3-Clause,
but there was one for which SPDX would need to revise the markup, I
think ( xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java)

- The Apache 1.1 license appearing on a number of source files does
not quite match SPDX Apache-1.1, would require SPDX revision to the
Apache-1.1 markup

So these seem fairly nonproblematic but it would be helpful if you
could create issues for these in fedora-license-data and then at
github.com/spdx/license-list-XML.

But if you need to package any of the other stuff in this repository
that may complicate things further.

Richard
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux