[Fedora-legal-list] Fwd: SPDX Statistics - 305 packages remaining

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


-------- Přeposlaná zpráva --------
Předmět: SPDX Statistics - 305 packages remaining
Datum: Fri, 22 Nov 2024 08:24:46 +0100
Od: Miroslav Suchý <msuchy@xxxxxxxxxx>
Společnost: Red Hat Czech, s.r.o.
Komu: Development discussions related to Fedora <devel@xxxxxxxxxxxxxxxxxxxxxxx>


Hot news:

- I walked through all packages with "Public Domain" license. For all such packages I identified the public domain dedication and added it to https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt?ref_type=heads Richard F. did the review and I opened PRs for such packages to change the license to LicenseRef-Fedora-Public-Domain. There are about 30 PRs wating to be merged. In several cases I had to open issue as the public domain dedication is not easy and has some sort of problem.

- Unfortunately in several cases, the evaluation of dedication (either public domain or "Redistributable") was found as not good enough. I.e. the license is not allowed. Several packages has been already retired in Fedora Linux because of that. You can track it here: https://bugzilla.redhat.com/show_bug.cgi?id=2310597

- I started walking through "Redistributable, no modification permitted" that is usually used in firmware package. It is much smaller set of packages compared to Public Domain set. I should have it done by next report. But the analysis is much harder.

- sometimes you used in License tag deprecated license id https://spdx.github.io/spdx-spec/v2.3/SPDX-license-list/#a3-deprecated-licenses Note that while we usually abbreviate the communication that you must use SPDX ID, but there is silent part "and approved for usage in Fedora Linux". I.e. such ID must be in fedora-license-data. And these deprecated ID are not there (and never will be).

- We have 59 open issues for fedora-license-data https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=updated_desc&state=opened&first_page_size=50
  From past experience, you should expect that it will take about 3 months to proceed all these issues.

- For most packages the license change is "just" committed to dist-git. The change in binary RPM will be visible after next mass rebuild (scheduled to 2025-01-15).

Two weeks ago we had:

* 24311 spec files in Fedora

* 30967 license tags in all spec files

* 360 tags are not SPDX complient (number from line bellow minus packages with LicenseRef-Callaway-*)

* 2658 tags have not been converted to SPDX yet

* 86 tags can be trivially converted using `license-fedora2spdx`

* Progress: 98.84% ░░░░░ 100%

ELN subset:
68 out of 2310 packages are not converted yet (progress 97.06%)

Today we have:

* 24340 spec files in Fedora

* 30993 license tags in all spec files

* 305 tags are not SPDX compliant (number from line bellow minus packages with LicenseRef-Callaway-*)

* 2587 tags have not been converted to SPDX yet

* 56 tags can be trivially converted using `license-fedora2spdx`

* Progress: 99.02% ░░░░░ 100%

ELN subset:

62 out of 2313 packages are not converted yet (progress 97.32%)

Graph of these data with the burndown chart:

   https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

    https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

   https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

Packages that are neither in SPDX nor in Callaway format (highest priority for now) - 59 packages:

https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt

Most of such packages has open issue in fedora-license-data. A lot of them are waiting for SPDX to approved the license and assign ID.


New version of fedora-license-data has been released. With:

    7 new licenses and lots of public domain dedications and several firmware licenses
    12 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked

Legal docs and especially

  https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

New projection when we will be finished is 2024-11-30 (+13 days from last report).  Pure linear approximation. This information no longer makes sense. Most of the packages are already SPDX compliant and for most of the remaining packages we have open issue that will take weeks/months to be resolved. I will remove this prediction from future reports.


If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list

  https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Miroslav



-- 
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux