Hi Richard, On Mon, 2023-11-20 at 09:41 -0500, Richard Fontana wrote: > On Mon, Nov 20, 2023 at 6:26 AM Mark Wielaard <mjw@xxxxxxxxxxxxxxxxx> wrote: > > > but this does not define what a "copyright notice" is. If we don't > > > hear from Jilayne, I'd go ahead with assuming that this is a perfect > > > match. :) > > > > OK, but can we use a more appropriate tag. bzip2-1.0.6 seems a little > > odd (it is a version of bzip2 with a CVE[*] from a couple of years > > back). Maybe just call it 'bzip2' or 'Hybrid-BSD' as Fedora used to > > call it (although it seems to still use the plain 'BSD' tag for it) > > since it seems to be a generic license used by different projects: > > https://fedoraproject.org/wiki/Licensing:BSD#Hybrid_BSD_(half_BSD,_half_zlib) > > We're trying to standardize on using SPDX License List > (https://spdx.org/licenses/) license identifiers as much as possible. > I think we'd only deviate from that where use of the SPDX identifier > would be highly misleading or confusing. There's sort of an example of > this: https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/LicenseRef-Bacula.toml?ref_type=heads > but that's where there would otherwise be a composite SPDX expression. I don't think that is really an issue. Before Fedora also used identifiers and licenses not recognized by other organizations like the FSF or OSI (this valgrind/bzip2 Hybrid BSD license isn't recognized by either as far as I know). And this is also how other distros use SPDX only when it makes sense. Debian for example uses SPDX identifiers where it makes sense, but e.g. in this particular case they drop and ignore redundant trailing license identifier version numbers (or simply use BDS-variant as license tag). > You could propose this change to the SPDX legal team by submitting an > issue at https://github.com/spdx/license-list-XML but historically > they've been very resistant to identifier deprecations (with the > notable exception of the GPL identifiers :) Hohum, github. That does seems to use a lot of proprietary javascript and doesn't allow reporting issues without a github account, which I don't have and don't really want. Too bad that seems to be the way to discuss with the SPDX legal team :{ So for now I'll just keep using the old identifiers for valgrind and use generic BSD for this subpackage till it is clear how to get this cleaned up with SPDX. Thanks, Mark -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
