On Wed, Feb 14, 2024 at 6:55 PM Christian Krause <chkr@xxxxxxxxxxxxxxxxx> wrote: > > Hi, > > I would like to ask for some help determining the correct licenses and SPDX tags for "scummvm". Please see my three questions further down the mail. > > I'm currently updating the scummvm package to a new upstream version (which introduced a new license) and additionally I'm attempting to migrate the license tags to SPDX. > > - current license tag for scummvm-2.7.1 > "License: GPLv3+ and LGPLv2+ and BSD and OFL and MIT and ISC" > > - scummvm-2.8.0 lists now the following licenses in its source: > - main license file https://github.com/scummvm/scummvm/blob/v2.8.0/COPYING > - additional licenses in https://github.com/scummvm/scummvm/tree/v2.8.0/LICENSES/ > > - here is my attempt to map the old license tags to the license files and the new SPDX tags: > > GPLv3+: > - COPYING > - COPYING.FREEFONT > -> SPDX: GPL-3.0-or-later COPYING.FREEFONT is GPL-3.0-or-later WITH Font-exception-2.0 (already allowed in fedora-license-data) > LGPLv2+: > - COPYING.LGPL > -> SPDX: LGPL-2.0-or-later This should be LGPL-2.1-or-later > BSD: > - COPYING.BSD This file contains multiple licenses. Some are instances of BSD-3-Clause. The others (the University of California one and the Erik Corry one) appear to be a match to Cornell-Lossless-JPEG. You have to submit an issue to get this added to fedora-license-data (IIRC I was the one who submitted it to SPDX in anticipation of its being needed for Fedora). > - COPYING.MKV > -> SPDX: BSD-3-Clause > > MIT: > - COPYING.MIT > - COPYING.TINYGL > -> SPDX: MIT > > ISC: > - COPYING.ISC > -> SPDX: ISC > > OFL: > - COPYING.OFL > -> SPDX: OFL-1.1-RFN > COPYING.GLAD contains: > - an MIT license (although "Software" is substituted with "materials") > - an Apache 2.0 license > - another MIT license > -> SPDX: MIT AND Apache-2.0 The Khronos license uses "the Materials" instead of "the Software". There was a recent issue in github.com/spdx/license-list-XML about this, I forget where SPDX ended up on this (whether to revise `MIT` or to create a new identifier), check the SPDX issues or wait for Jilayne to chime in. :) > COPYING.LUA > - not the standard MIT license > - however, LUA homepage (https://www.lua.org/license.html) explicitly states that old lua versions can be used under MIT > -> SPDX: MIT IMO this is incorrect, you should either submit a fedora-license-data issue for the Lua license (which does not seem to have been considered by Fedora or SPDX before) or get the scummvm project to change the license notices for the Lua code from the legacy Lua license to the MIT license. > QUESTION 1: Are my findings so far correct? See above. > QUESTION 2: As far as I understand, there is no need to do any "effective license" analysis, so can I just use these tags concatenated with AND? If that accurately reflects how these licenses are actually used in the package, yes. > new in scummvm-2.8.0: CatharonLicense.txt > - seems to be previously used for the auto-hinter in FreeType > - it looks like it is considered compatible to the FreeType license: > - http://www.fifi.org/doc/libfreetype6/ft2faq.html#autohint-license > - additional information: > - https://directory.fsf.org/wiki/Freetype#tab=Details > - https://changelogs.ubuntu.com/changelogs/pool/main/f/freetype/freetype_2.6.1-0.1ubuntu2/copyright > - it is not listed in https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ > - the FreeType license is listed as allowed license > > QUESTION 3: How to proceed with that license? Please open an issue at fedora-license-data for review of the license. Richard -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
