On Thu, Aug 1, 2024 at 4:18 PM Ben Beasley <code@xxxxxxxxxxxxxxxxxx> wrote: > > Although I haven’t signed up to do the official review, I was looking at > python-meshio[1], and I found that it contains a function substantially > derived from a StackOverflow answer[2]. While I’m impressed that > upstream cared enough to give credit, this leaves me with a question. > > Normally I would suggest that, to be strictly correct, the license of > the copied-and-modified snippet should be added to the package’s License > expression. But all answers on StackOverflow are, depending on when they > are posted[3], licensed CC-BY-SA-2.5, CC-BY-SA-3.0, or CC-BY-SA-4.0. In > this case, the applicable license is CC-BY-SA-3.0[4]. > > All of these licenses are listed as allowed in Fedora for content, but > not for code. Strictly speaking, then, this appears to be code under a > not-allowed-for-code license. At the same time, it is hard to believe > that prohibiting packages containing snippets from StackOverflow would > be an intended outcome. > > Since code copied or heavily inspired by StackOverflow answers is > extremely widespread, and the only thing that is perhaps unusual here is > that proper attribution is present, I’m curious how cases like this > *ought* to be handled. This situation has come up before. I think there was at least one like it involving dotnet. While we shouldn't attempt to uncover hypothetical undisclosed derivatives of StackOverflow snippets, in the rare cases where there is an attempt to provide attribution etc., we need to review them, not only because Fedora has a longstanding policy not allowing (otherwise allowable) Creative Commons licenses for 'code', but also because in the typical (rare) case there will be some sort of potential license compliance issue. In this case, though, while I see how the meshio function has some similarities to the cited StackOverflow code, I don't think the distinctive elements of each are quite close enough that I would conclude there is a license compliance issue. Therefore the StackOverflow license issue should not be relevant. Richard > [1] https://bugzilla.redhat.com/show_bug.cgi?id=2283539 > > [2] > https://github.com/nschloe/meshio/blob/b2ee99842e119901349fdeee06b5bf61e01f450a/src/meshio/stl/_stl.py#L49-L83 > > [3] https://stackoverflow.com/help/licensing > > [4] https://stackoverflow.com/posts/8964779/timeline > > -- > _______________________________________________ > legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
