On Tue, 2007-03-06 at 22:13 -0800, Peter Gordon wrote: > Hi, all. > > I have a question about the legal status of a package I'm working on. > I'm nearly done with writing a nice package of Tavis Ormandy's scanmem > utility [1]. However, it contains no full license text, and the headers > in the source files only contain author/version informations. The only > reference to a license aside from what's on the website is that the > README file (which I include as %doc) contains the following line: > > License: GPL > > Is this reference enough, or should I also include a full copy of the > GPL as %doc as well? (If so, I'll email Tavis and bug him about > including it in the tarball.) So, here's the best answer that I have (IANAL, this is just what I've picked up from observation): The best way is for all of the source code to document the full license (or if the full license is long, an abridged version) in a header comment: /* This code is under the Foo Bar License. * You may Foo with this license, or Bar if you choose. * Yadda, yadda, yadda, abridged license text here. */ The next best way is for the source code itself to refer to the license in a dedicated file: /* This code is under the Foo Bar License. * This code should have included a copy of the Foo Bar * License in LICENSE. */ If the code doesn't say what license it is under, strictly speaking, its not legally under that license. Unfortunately, lots of code doesn't license itself this way, so we have to assume the intent of the author/authors. When assuming the intent, we look for files called "COPYRIGHT" or "LICENSE", that contain the full license text(s) for the code within the software component. Barring that, we look for README files that contain the full license text(s) for the code within the software component. Worst case scenario: There is nothing but a reference to the license on a website in a README file (or COPYING/LICENSE). Actually, worst case is when there is no documentation anywhere on the license within the source tarball. Then we have to trust the website distributing it. This is really not ok for Fedora. The reference to the license is a good start, but its really not what Fedora (or in this specific case, what the FSF) wants. Ask upstream if they are willing to at least include a full copy of the license text(s) in the tarball, if not reference/include in the source code. See: http://www.gnu.org/licenses/gpl.html#SEC4 (If for whatever reason they say no, you're not required to artificially insert a copy of the GPL license text into the package. Depending on the ilegal interpretation, this may introduce legal liability on you. You need to decide whether you are comfortable with that or not. This is why it is ideal for upstream to add it, so this is a non-issue. If upstream says no, and you decide not to add it, but upstream clarifies that it is indeed under the license noted in the README, you can put it in Fedora as is.) ~spot -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
