Re: Effective license analysis: required or not?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28-10-2023 18:33, Fabio Valentini wrote:
On Sat, Oct 28, 2023 at 6:05 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote:

On Mon, Aug 21, 2023 at 7:04 AM Florian Weimer <fweimer@xxxxxxxxxx> wrote:

Below, I'm collecting a list of observations of what I believe is the
current approach in this area, as taken by package maintainers carrying
out the SPDX conversion.  To me, it strongly suggest that the SPDX
identifiers we derive today do not accurately reflect binary RPM package
licensing, even when lots of package maintainers put in the extra effort
to determine binary package licenses.

I recently noticed something that could be added to this list. There's
a package that generates a '-docs' subpackage using Doxygen.
Apparently Doxygen injects various pieces of minified JavaScript
(mostly from the jQuery ecosystem, mostly MIT-licensed) in a way that
is not obvious from analyzing the source code of the package that uses
Doxygen. I assume this must be compliant with Fedora packaging
guidelines -- although I could not verify this from reading Fedora
guidelines on bundling and JavaScript.

Anyway, I would guess no Fedora package maintainer of a package that
has a Doxygen docs subpackage is taking this issue into account when
thinking about License: tags. Should they?

This might have been the case a few years ago, but no longer.

New packages often don't bother building documentation (be it with
doxygen, sphinx, or rubygems), because the effort to make this work
"properly" for the latest guidelines wrt/ bundling and license tags
makes it very onerous. You will find many mentions of this, especially
for sphinx, in recent Python package reviews, or on the mailing lists.

Since this came up again in a review I took part in wrt Sphinx generated docs, here is a mailinglist thread, where this has been discussed:

https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx/thread/LLUAURXZVADATHK65HBPPBHKF4EM4UC3/

I also decided to no longer bother with Sphinx generated documentation. It would be great if this could be mentioned in the packaging guidelines, since many packagers / reviewers are still unaware, it appears.

-- Sandro
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux