On Mon, Nov 13, 2023 at 3:54 PM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:
Hi all,
I'm currently working on packaging cargo-deny, and it includes (a very
old version) of a compressed form of the SPDX license data from
https://github.com/spdx/license-list-data.
The package needs the SPDX license-list-data in a format that can be
read by "askalono", and it is used to match unknown license files with
licenses known to SPDX. I was able to include a new version of that
data by rebuilding that compressed blob from the SPDX
license-list-data on GitHub.
However, I could not determine under which license terms this data is
made available. The repository for spdx/license-list-data only states
that all contents are automatically generated from
https://github.com/spdx/license-list-XML, which itself specifies no
license for the data, either.
I assume this data is redistributable *somehow*? The documentation
explains how to *use* the data for various purposes, but not which
license (if any) applies to it.
Note that the existing askalono-cli package also bundles this data,
which seems to have been missed during the original package review. I
will apply any necessary changes both to cargo-deny (which is still
being reviewed) and askalono-cli.
I *think* SPDX's position is that anything copyrightable (created by the SPDX project) that's in https://github.com/spdx/license-list-XML is under CC0 (er, CC0-1.0).
But Jilayne would have the authoritative answer :)
Richard
_______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue