https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2230450
On 9. 8. 2023 13:35, Marián Konček wrote:
Yes, I would like to package only that part.
Does license review need to be done before or after submitting a
package review in Bugzilla?
Regarding opening issues on fedora / spdx:
* one part is about adding / not adding Oracle / Sun's variant of
BSD-3-Clause
* the other is about accepting differently formatted Apache-1.1?
Does formatting matter to SPDX?
On 8. 8. 2023 20:24, Richard Fontana wrote:
On Tue, Aug 8, 2023 at 9:00 AM Marián Konček <mkoncek@xxxxxxxxxx> wrote:
As part of the jaxb 4.0.2 -> 4.0.3 update, part of this package is
needed for its code generation. Therefore, I would like to package
it in
Fedora. This package has complex licensing which is why I am asking for
a review. Note that I only need the "xsdlib" subdirectory.
I only need a stripped-down version of this package as if by
downloading:
https://github.com/xmlark/msv/archive/refs/tags/msv-2022.7.tar.gz
and running (inside the msv-msv-2022.7 directory):
find . -mindepth 1 -maxdepth 1 -type d ! -name 'xsdlib' -exec rm -rf
{} +
rm -rf xsdlib/src/main/resources
rm -rf xsdlib/src/test
grep -l -r --ignore-case 'proprietary' | xargs rm -v
Most problematic license files are: copyright.txt and license.txt in
https://github.com/xmlark/msv/tree/main/docs/xsdlib. To my knowledge,
all files that remained use explicit BSD-3-Clause or Apache-1.1.
Question is whether we could have removed the copyright.txt and
license.txt files in the first place.
Current upstream: https://github.com/xmlark/msv
Previous package in Fedora (used different source repository):
https://koji.fedoraproject.org/koji/packageinfo?packageID=2576
Previous bug related to licensing:
https://bugzilla.redhat.com/show_bug.cgi?id=87684
Also grep --ignore-case for "proprietary" "confidential", "nuclear".
Can you create a package just from that subset of the xsdlib
directory as you indicated above?
In those files, what I saw on a quick review was:
- pom.xml : there's a Sun BSD license that is probably OK for Fedora
but does not seem to match any known variant. (It's tempting to just
ignore this but since it's probably OK we might as well add it.)
- Oracle 3-clause BSD licenses: most of these seem to be BSD-3-Clause,
but there was one for which SPDX would need to revise the markup, I
think (
xsdlib/src/main/java/com/sun/msv/datatype/regexp/InternalImpl.java)
- The Apache 1.1 license appearing on a number of source files does
not quite match SPDX Apache-1.1, would require SPDX revision to the
Apache-1.1 markup
So these seem fairly nonproblematic but it would be helpful if you
could create issues for these in fedora-license-data and then at
github.com/spdx/license-list-XML.
But if you need to package any of the other stuff in this repository
that may complicate things further.
Richard
--
Marián Konček
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue