Re: [SPDX] Mass license change AGPLv3 to AGPL-3.0-only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 17, 2024 at 7:14 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
>
> On 17. 07. 24 22:15, Neal Gompa wrote:
> > On Wed, Jul 17, 2024 at 3:41 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:
> >>
> >> Dne 17. 07. 24 v 6:41 odp. Miro Hrončok napsal(a):
> >>
> >>> Done.
> >>
> >> Hi Mirek,
> >> I am a bit confused.
> >>
> >> I thought there was a clear nonconsensus about the *GPL conversion [1] which resulted to the FESCo ticket [2]. It is kinda surprising to see the "Done." comment here and in the LGPL thread as well.
> >>
> >> [1] https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/Q5VAL3I26A4ACWCXWWFHTKV6OXO2GISZ/
> >> [2] https://pagure.io/fesco/issue/3230
> >>
> >> Ouch, now I am confused too.
> >>
> >> You are right that the final wording is:
> >>
> >>> !agreed FESCo is in favor of standardizing on the SPDX format and understands that not all licenses are ready for direct conversion. Those licenses that are unreviewed or otherwise not yet fully compliant should be converted to SPDX licenses of the format LicenseRef-<something indicating Fedora legacy>-* where * is the old Fedora identifier. (+8, 1, -0)
> >>
> >> which means that I should stop doing that 1:1 (aka trivial) conversion and convert *everything* to LicenseRef-Callaway-*. But I was on that meeting - and if you read the log:
> >>
> >> https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2024-07-16/fesco.2024-07-16-17.00.log.html
> >>
> >> There was:
> >>
> >> <@sgallagh:fedora.im>
> >> 17:52:01
> >> Proposal: FESCo is in favor of standardizing on the SPDX format and understands that not all licenses are ready for this. Those that are not should be converted to SPDX licenses to a format `LicenseRef-<something indicating Fedora legacy>-*` where "*" is the old format.
> >>
> >> ...
> >> <@msuchy:matrix.org>
> >> 17:52:24
> >> Can I have a clear statement what to do with GPL* ?
> >> ....
> >> <@zbyszek:fedora.im>
> >> 17:54:04
> >> The whole point is to convert everything.
> >> <@conan_kudo:matrix.org>
> >> 17:54:08
> >> nirik: it'd be GPLv2 -> GPL-2.0-only, GPLv2+ -> GPL-2.0-or-later
> >> <@conan_kudo:matrix.org>
> >> 17:54:20
> >> and so on
> >> <@zbyszek:fedora.im>
> >> 17:54:22
> >> Otherwise, it's not syntactically valid.
> >> <@salimma:fedora.im>
> >> 17:54:26
> >> sorry, I mixed up msuchy's question with Neal's original response
> >> <@nirik:matrix.scrye.com>
> >> 17:54:32
> >> but then we have 0 way to tell what was converted? I guess we could look at commits
> >> <@conan_kudo:matrix.org>
> >> 17:54:56
> >> after everything is said and done, audits still need to be done separately
> >> <@conan_kudo:matrix.org>
> >> 17:55:00
> >> don't mistake conversions for audits
> >> <@salimma:fedora.im>
> >> 17:55:05
> >> we might need a second vote to clarify what to do with ambiguous licenses
> >> ....
> >> <@salimma:fedora.im>
> >> 17:58:24
> >> so Stephen's new proposal is quite clear that every legacy license we can't convert to SPDX would be marked as LicenseRef-<legacy>-* ... I think that addresses the ambiguity
> >>
> >> So I'd say that Neal statement in 17:54:08 put me in mistake that I should continue with 1:1 but it is not in the final decision/statement.
> >>
> >
> > What you're doing is what we expected in FESCo. GNU license
> > identifiers *are* trivial conversions. The main ones that aren't are
> > the older "BSD" and "MIT" ones, which have no meaningful analogue in
> > SPDX.
>
> That is your opinion. My opinion differs:
>
> The *GPL conversions *are not* trivial because they may hide several other
> "weaker" licenses in them following the old rules, which is no longer allowed
> by the new rules that were created when we approved the entire SPDX thing.
>
> ---
>
> The disagreement on this is what spawned the discussion and the FESCo ticket in
> the first place.
>
> If FESCo wanted to autoconvert all the old "*GPL" licenses to the new SPDX GPL
> identifiers, it should have been proposed and voted upon. That did not happen.
>
> FESCo approved what to do with the ones that are not trivial, but it did not
> say which are trivial.
>

You are conflating license tag conversion with a license audit. Tag
conversion is explicitly *not* an audit exercise.

This is not an audit, and we have never offered a guarantee of
accuracy. If you want the tags to be accurate, you need to evaluate
the package every time it is updated. And I know you do it for your
stuff, but we know not everyone does. And we do not have tooling to
help people audit their packages properly. We also do not have tooling
to validate audits in place either. The change to SPDX identifiers is
*not* coupled to the "no effective licensing" thing. Those were
separate updates that happened at roughly the same time, but are
*still* not coupled to each other.



-- 
真実はいつも一つ!/ Always, there's only one truth!
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux