Dne 18. 01. 24 v 0:01 Richard Fontana napsal(a):
On Wed, Jan 17, 2024 at 5:47 PM Mark Wielaard <mark@xxxxxxxxx> wrote:Hi Richard, Going to chop this discssion into smaller parts. On Fri, Nov 24, 2023 at 08:07:02PM +0100, Mark Wielaard wrote:On Mon, 2023-09-18 at 20:47 -0400, Richard Fontana wrote:I think anyone should be free to propose a new umbrella identifier (in SPDX expression format) that would cover multiple licenses, as we've done with `LicenseRef-Fedora-Public-Domain` and `LicenseRef-Fedora-UltraPermissive`. The important thing is that it be well defined in some way.One idea would be to just collect all licenses, copyrights and notices as found in the actual sources and put them into one file put in the srpm. Kind of like debian/copyright. The advantage is that you then don't have to find some exact (or inexact) match with specific identifiers and that it can be shared with upstream and/or other distros. For the packager they can just put LicenseRef-Fedora-SourceLicenses in the License field instead of trying to come up with some expression that mimics the actual license texts. For the users it is also easier to have the actual license notices text all together in a known place/file.I would support this idea if we were starting from scratch. The problem is that Fedora (and Red Hat) have had this tradition of *not* doing that, and this tradition of (instead?) using the License: tag for RPMs, so a move to Debian copyright sort of system would be a much more radical change than, say, the switch from Callaway notation to SPDX license expressions. I expect it would meet massive resistance from Fedora package maintainers. I could be wrong though. :) A possible idea is to have this be an optional approach the package maintainer could take, more or less as you describe. I have thought of something like that. When I suggested something similar to this idea to my fellow Fedora Legal/SPDX Migration team members, I think their general sentiment was skeptical to negative.
It seems to me that SPDX on itself supports: ~~~ DocumentRef-"(idstring)" ~~~ https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/Therefore if we support SPDX and SPDX supports this, then we support it, don't we?
Vít
Anyway, I don't think this idea should be dismissed, but it would be challenging to adopt. We should possibly admit to ourselves that the License: tag approach was always highly flawed and we've basically been putting bandaids on it. It should be noted that if we switched to this sort of approach it wouldn't mean abandoning the use of SPDX identifiers since we'd still use them for purposes of license approval and license classification, and conceivably also in the equivalent of the "copyright" file itself. If I remember correctly, someone on this list (Neal?) said they weren't overly fond of the dep5 format. Richard -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue