On Mon, Aug 28, 2023 at 10:31 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote: > > > Dne 24. 08. 23 v 20:52 Richard Fontana napsal(a): > > Some of the complaints that have surfaced since the migration from the > > Callaway system to SPDX seem to be, at root, an aesthetic distaste for > > complex license expressions in RPM license metadata. This may explain > > why some favor application of "effective license" analysis. I suspect > > there is also a sort of psychological desire to hide the underlying > > licensing complexity that characterizes many packages. > > > > I do think that the current approach can be criticized as being overly > > pedantic, and perhaps also internally contradictory (some of Florian's > > recent comments get at the various ways in which we are being > > contradictory). We have a still-undocumented rule that what I call > > "true public domain" should not be reflected in the License: field > > > The problem is that leaving out this "true public domain" tag makes > license review harder in a sense. > > Let me explain. If I am reviewing license and find some file being "true > public domain", leaving it out might mean that it won't be recorded > anywhere that it was already identified as a "true public domain". Doing > the review next time, I (or somebody else) will need to find it the hard > way again. > > I think that the current license field is unfortunately very limited in > expressing the source license. I wish if we were able to record the > license per file or even per file lines. But admittedly, this won't be > easier. I guess we have been stretching the "License: " field beyond whatever purpose it was originally supposed to have (probably never well defined or thought out). It is not useful by itself for keeping track of source-file-specific license review. The REUSE specification (https://reuse.software), which enforces a per-source-file license identification discipline, might be a way to facilitate that, but that is something that is generally adopted by upstream projects, not by downstream packagers. fedora-license-data and fedora-legal-docs themselves conform to REUSE, largely relying on the use of a dep5 file (even though I think REUSE disapproves of that approach) and using some custom-defined license identifiers that I think REUSE might frown upon (but which do serve to keep track of "true public domain" stuff). See: https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/.reuse/dep5?ref_type=heads https://gitlab.com/fedora/legal/fedora-legal-docs/-/blob/main/.reuse/dep5?ref_type=heads Richard _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
