On Tue, Aug 8, 2023 at 9:00 AM Marián Konček <mkoncek@xxxxxxxxxx> wrote: > > As part of the jaxb 4.0.2 -> 4.0.3 update, part of this package is > needed for its code generation. Therefore, I would like to package it in > Fedora. This package has complex licensing which is why I am asking for > a review. Note that I only need the "xsdlib" subdirectory. > > I only need a stripped-down version of this package as if by > downloading: > https://github.com/xmlark/msv/archive/refs/tags/msv-2022.7.tar.gz > > and running (inside the msv-msv-2022.7 directory): > > find . -mindepth 1 -maxdepth 1 -type d ! -name 'xsdlib' -exec rm -rf {} + > rm -rf xsdlib/src/main/resources > rm -rf xsdlib/src/test > grep -l -r --ignore-case 'proprietary' | xargs rm -v > > Most problematic license files are: copyright.txt and license.txt in > https://github.com/xmlark/msv/tree/main/docs/xsdlib. To my knowledge, > all files that remained use explicit BSD-3-Clause or Apache-1.1. > Question is whether we could have removed the copyright.txt and > license.txt files in the first place. > > Current upstream: https://github.com/xmlark/msv > Previous package in Fedora (used different source repository): > https://koji.fedoraproject.org/koji/packageinfo?packageID=2576 > Previous bug related to licensing: > https://bugzilla.redhat.com/show_bug.cgi?id=87684 > > Also grep --ignore-case for "proprietary" "confidential", "nuclear". Can you create a package just from that subset of the xsdlib directory as you indicated above? In those files, what I saw on a quick review was: - pom.xml : there's a Sun BSD license that is probably OK for Fedora but does not seem to match any known variant. (It's tempting to just ignore this but since it's probably OK we might as well add it.) - Oracle 3-clause BSD licenses: most of these seem to be BSD-3-Clause, but there was one for which SPDX would need to revise the markup, I think ( xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java) - The Apache 1.1 license appearing on a number of source files does not quite match SPDX Apache-1.1, would require SPDX revision to the Apache-1.1 markup So these seem fairly nonproblematic but it would be helpful if you could create issues for these in fedora-license-data and then at github.com/spdx/license-list-XML. But if you need to package any of the other stuff in this repository that may complicate things further. Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue