Fwd: SPDX Statistics - Munich Agreement edition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-------- Přeposlaná zpráva --------
Předmět: SPDX Statistics - Munich Agreement edition
Datum: Fri, 29 Sep 2023 09:02:33 +0200
Od: Miroslav Suchý <msuchy@xxxxxxxxxx>
Společnost: Red Hat Czech, s.r.o.
Komu: Development discussions related to Fedora <devel@xxxxxxxxxxxxxxxxxxxxxxx>


Hot news: we are over 50 %!!! With almost 4k license tags converted in past 2 weeks. How it was possible?

First - it is because you rocks and really lots of work has been done. Both on our (Change owners) side and on you as package maintainers.

But the biggest impact was migration of texlive package. Texlive is huge package and it has 6558 subpackages and 4010 License tags. Texlive package was converted to SPDX format long time ago. But it is not sufficient to use SPDX formula. The license has to be approved for usage in Fedora too. I.e. SPDX IDs added to fedora-license-data collection. It took some time and the licenses ware review few days ago. This resulted in 3700 license tags being suddenly marked as migrated. That is good, because it was result of several months of work. There will be additional work because there is still 339 tags that does not conform our guidelines and one license has been found as not-allowed. Richard and Than is working on it and I applaud to them.

I must highlight that we added 25 license to fedora-license-data in past 2 weeks. That is almost 2 licenses per day (including weekends). When you realize that it requires legal audit, comparing to existing licenses, diving into history, sometimes communicating with stewards of the licenses. Submitting them to SPDX where we discuss it and add markup that allow to have template for several similar licenses... This is simply amazing pace.

Can I ask for additional help? Robert-André packaged scancode-toolkit for Fedora. This is license-check on steroids. Very useful and powerful tool. But it has lots of dependencies. Robert packaged them too. He "just" need reviewers to get this in Fedora. If you can check "Depends on" of https://bugzilla.redhat.com/show_bug.cgi?id=2235055 and do review of one of these dependecies that will be awesome.

Now lets dive into numbers:

Two weeks ago we had:

* 23143 spec files in Fedora

* 29600 license tags in all spec files

* 16169 tags have not been converted to SPDX yet

* 5903 tags can be trivially converted using `license-fedora2spdx`

* Progress: 45.35% ░░░░██████ 100%

ELN subset:

603 out of 2986 packages are not converted yet


Today we have:

* 23100 spec files in Fedora

* 29479 license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817 tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░░░░░█████ 100%

ELN subset:

913 out of 3957 packages are not converted yet

Graph with the burndown chart:

   https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

    https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

   https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

   https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 25 new licenses (plus bunch of public domain declarations). 18 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data).

Legal docs and especially

  https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-06.  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list

  https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Munich Agreement edition? On today's date [*] at 1938, four biggest European countries agreed that Germany can annex border parts of Czechoslovakia where ethnics German lived. It was done in hope that it will stop the low-intensity war and to keep the peace in Europe. But it was actually prelude to World War II.

https://en.wikipedia.org/wiki/Munich_Agreement

[*] the pact was signed shortly after midnight, so some resources use tomorrows date.


Do you hesitate how to proceed with the migration? Please follow

   https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav 



_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux