Hi Richard, On Wed, 2024-01-17 at 23:23 -0500, Richard Fontana wrote: > I think there may be some confusion here. Red Hat originally developed > RPMs as a packaging technology and from what I understand, from an > early period there was a data field in spec files for licensing > information (IIRC it was originally "Copyright:" rather than > "License:"). Many other packaging technologies attempt to document > licensing information. Some are worse than others. So at some point RPM/Fedora adopted the %license directive. Which basically meant that we would always include the full declared license of the project. Do you happen to know why after this the License field was (also) kept? Might it be time to fully switch to just including the full %license text in each package instead of also adding the license text? If I am reading the legal guidance correctly the License field are not legally binding, just the license text in the package source code is. > It's very legitimate to ask why we have License tags at all, but few > people have asked that. We didn't invent the practice in 2022; it > existed in some form for decades (or at least as far back as the early > years of Fedora, offhand I don't know if it originates in the Red Hat > Linux era). In adopting SPDX license expressions, as I see it, the > justification was basically, "if we're going to continue this > long-established practice of having License tags, we might as well use > the least bad license representation system". That is a fair point. If you want to preserve the usage of license tags. > But in saying all this I realize I am continuing to conflate the two > main uses of SPDX license expressions (or at least SPDX license > identifier conventions) in Fedora. We don't just use SPDX identifiers > in License tags. Our original 2022 documentation was really confusing > about this, probably because *we* were initially confused about it, > and I've tried to make a lot of changes to clear this up. We more > fundamentally use SPDX identifiers as a classification system in > approving and disapproving particular licenses, some of which would > never normally be used in a License tag. When we say a given license > is allowed, or not allowed, we have to define more or less precisely > what we mean by that license, and SPDX (for all its many faults) > provides the best system I know of for doing that. And I think this shows why using license tags as a form of indirection to point to the "true" license causes so much confusion. IMHO, a license notice should always be interpreted in context. A lot of the discussions seem to not be about whether or not a legal notice is approved or not, but about whether something is strictly speaking a different license variant because it has some legally or not legally significant notices around the license text. For which then a new identifier has to be allocated. But since we are already include the full text of the (declared) license in the package, do we really also want to have that extra layer of indirection as license tags? Cheers, Mark -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue