As for https://github.com/xmlark/msv/blob/main/docs/xsdlib/copyright.txt I think this should be ignored. On Tue, Aug 8, 2023 at 2:24 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > On Tue, Aug 8, 2023 at 9:00 AM Marián Konček <mkoncek@xxxxxxxxxx> wrote: > > > > As part of the jaxb 4.0.2 -> 4.0.3 update, part of this package is > > needed for its code generation. Therefore, I would like to package it in > > Fedora. This package has complex licensing which is why I am asking for > > a review. Note that I only need the "xsdlib" subdirectory. > > > > I only need a stripped-down version of this package as if by > > downloading: > > https://github.com/xmlark/msv/archive/refs/tags/msv-2022.7.tar.gz > > > > and running (inside the msv-msv-2022.7 directory): > > > > find . -mindepth 1 -maxdepth 1 -type d ! -name 'xsdlib' -exec rm -rf {} + > > rm -rf xsdlib/src/main/resources > > rm -rf xsdlib/src/test > > grep -l -r --ignore-case 'proprietary' | xargs rm -v > > > > Most problematic license files are: copyright.txt and license.txt in > > https://github.com/xmlark/msv/tree/main/docs/xsdlib. To my knowledge, > > all files that remained use explicit BSD-3-Clause or Apache-1.1. > > Question is whether we could have removed the copyright.txt and > > license.txt files in the first place. > > > > Current upstream: https://github.com/xmlark/msv > > Previous package in Fedora (used different source repository): > > https://koji.fedoraproject.org/koji/packageinfo?packageID=2576 > > Previous bug related to licensing: > > https://bugzilla.redhat.com/show_bug.cgi?id=87684 > > > > Also grep --ignore-case for "proprietary" "confidential", "nuclear". > > Can you create a package just from that subset of the xsdlib > directory as you indicated above? > > In those files, what I saw on a quick review was: > > - pom.xml : there's a Sun BSD license that is probably OK for Fedora > but does not seem to match any known variant. (It's tempting to just > ignore this but since it's probably OK we might as well add it.) > > - Oracle 3-clause BSD licenses: most of these seem to be BSD-3-Clause, > but there was one for which SPDX would need to revise the markup, I > think ( xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java) > > - The Apache 1.1 license appearing on a number of source files does > not quite match SPDX Apache-1.1, would require SPDX revision to the > Apache-1.1 markup > > So these seem fairly nonproblematic but it would be helpful if you > could create issues for these in fedora-license-data and then at > github.com/spdx/license-list-XML. > > But if you need to package any of the other stuff in this repository > that may complicate things further. > > Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
