On Sun, Oct 15, 2023 at 03:02:34PM -0400, Richard Fontana wrote: > On Sun, Oct 15, 2023 at 5:13 AM Robert-André Mauchin <zebob.m@xxxxxxxxx> wrote: > > > > Hi, > > > > I'm doing a MR on an old package that contains firmware data. > > > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no modification > > permitted" in SPDX. > > > > The license is: > > > > The files in the directory src/miniloader are provided pursuant to the > > following license agreement: > > > > License For Customer Use of NVIDIA Software > > > > > > > What can I use for SPDX? > > The license first has to be reviewed; this will ultimately result in a > license identifier that can be used in place of "Redistributable, no > modification permitted" assuming the license is allowed or otherwise > tolerated. Please open a new issue in fedora-license-data. > > I think this would be the first firmware license we would specifically > consider since instituting the new license review process last year. > The policy on allowed firmware licenses is described here: > https://docs.fedoraproject.org/en-US/legal/license-approval/#_license_requirements_for_firmware > These criteria were based on an analysis of known firmware licenses in > Fedora done sometime around ... maybe 2010 or so? To accommodate this > license we might have to make some additions to those criteria. > > We haven't yet had to address the question of how to deal with license > identifiers for firmware. There are three possibilities: > 1. Ask SPDX to assign an identifier, the usual approach for allowed > licenses. This is unlikely to be viable because these kinds of > firmware licenses are pretty far from SPDX's license inclusion > criteria (which are generally much looser than Fedora's). > 2. Create a unique LicenseRef- identifier for each firmware license. > 3. Create an umbrella LicenseRef- identifier for all allowed Fedora > firmware licenses (similar to how 'Redistributable, no modification > permitted' was used in the Callaway system). I guess I'd say what is important / valuable is that we have some review over the license text, so it isn't a total free for all of packagers just blindly using the LicenseRef umbrella without oversight. We have precedent for (3) in our Public Domain and UltraPermissive handling. In both cases, we have the text file in fedora-license-data collecting records of which package contains which license text. Thus if we chose (3) now, we have the information record to let us fairly easily switch to (2) if we change our minds. IOW unless there are substantive legal differences between the various "redistributable, no modification permitted" texts, that we need to convey to consumers of Fedora, option (3) would be a sufficient starting point. Or possibly we end up with a mixture of (2) and (3) where most firmware are under an umbrella but a few oddballs with unusual terms justify a dedicated LicenseRef. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue