Re: license-tag purpose/goal (Was: Re: SPDX Statistics - R.U.R. edition)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Richard,

On Wed, 2024-01-17 at 23:23 -0500, Richard Fontana wrote:
> I think there may be some confusion here. Red Hat originally developed
> RPMs as a packaging technology and from what I understand, from an
> early period there was a data field in spec files for licensing
> information (IIRC it was originally "Copyright:" rather than
> "License:"). Many other packaging technologies attempt to document
> licensing information. Some are worse than others.

So at some point RPM/Fedora adopted the %license directive.
Which basically meant that we would always include the full declared
license of the project. Do you happen to know why after this the
License field was (also) kept? Might it be time to fully switch to just
including the full %license text in each package instead of also adding
the license text? If I am reading the legal guidance correctly the
License field are not legally binding, just the license text in the
package source code is.

> It's very legitimate to ask why we have License tags at all, but few
> people have asked that. We didn't invent the practice in 2022; it
> existed in some form for decades (or at least as far back as the early
> years of Fedora, offhand I don't know if it originates in the Red Hat
> Linux era). In adopting SPDX license expressions, as I see it, the
> justification was basically, "if we're going to continue this
> long-established practice of having License tags, we might as well use
> the least bad license representation system".

That is a fair point. If you want to preserve the usage of license
tags.

> But in saying all this I realize I am continuing to conflate the two
> main uses of SPDX license expressions (or at least SPDX license
> identifier conventions) in Fedora. We don't just use SPDX identifiers
> in License tags. Our original 2022 documentation was really confusing
> about this, probably because *we* were initially confused about it,
> and I've tried to make a lot of changes to clear this up. We more
> fundamentally use SPDX identifiers as a classification system in
> approving and disapproving particular licenses, some of which would
> never normally be used in a License tag. When we say a given license
> is allowed, or not allowed, we have to define more or less precisely
> what we mean by that license, and SPDX (for all its many faults)
> provides the best system I know of for doing that.

And I think this shows why using license tags as a form of indirection
to point to the "true" license causes so much confusion.

IMHO, a license notice should always be interpreted in context. A lot
of the discussions seem to not be about whether or not a legal notice
is approved or not, but about whether something is strictly speaking a
different license variant because it has some legally or not legally
significant notices around the license text. For which then a new
identifier has to be allocated.

But since we are already include the full text of the (declared)
license in the package, do we really also want to have that extra layer
of indirection as license tags?

Cheers,

Mark
--
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux