On Fri, Sep 06, 2024 at 10:49:07AM +0200, Miroslav Suchý wrote: > Bellow is list of packages that have licenses that are neither valid as > Callaway nor as SPDX. I.e. the license cannot be validated neither using > 'license-validate' nor using 'license-validate --old'. > > Some examples I checked (random selection): > > aldo.spec: > License: GPL-2.0-or-later AND GPL-3.0 > (typo in GPL-3.0) > > plasma-mobile.spec: > License: CC0 and GPLv2 and GPLv2+ and GPLv3 and GPLv3+ and LGPLv+2 > and LGPLv2.1 and LGPLv2.1+ and LGPLv3 and LGPLv3 and MIT > ( we do not track LGPLv2.1 and LGPLv2.1+ in Callaway system) > > qcad.spec > License: GPL-3.0-only AND GPL-2.0-or-later AND MIT AND BSD AND Public Domain AND CC-BY-3.0 AND Hershey > (old form of BSD and PD, unknown license Heshey) > > zeromq.spec: > License: MPLv2.0 AND BSD-3-Clause AND MIT > (old form of MPL) > > I wonder how to approach this? > > Either: > > 1) Directly change it in dist-git to LicenseRef-Callaway-$OLD_ID with a comment that maintainer should revise it. Or If some of the examples are neither valid Callaway nor valid SPDX, then presumably this option wouldn't apply to all broken pacakges ? I guess some were supposed to have been converted to SPDX but typos made them accidentally invalid SPDX expressions. If there's an obvious/trivial change that can be made in dist-git to make the expressions valid (either as LicenseRef-Callaway-$OLD_ID, or by fixing any SPDX typos), we might as well take that route as the least effort where possible. > 2) Open BZs for these packages. > > I will welcome your comments and opinions. > > There is 236 such cases in Fedora. Is this the time to consider making 'license-validate' be a mandatory *gating* CI check for allowing builds into the rawhide compose, or to allow updates to be pushed to stable, to prevent regressions. If we took option (2) and added the gating CI check, then those 236 packages would be forced to fix the BZ ticket before further builds can get to users. Annoying, but not unreasonably so, given that it shouldn't be that hard for maintainers to fix the SPDX expression validity. Regardless of what optin is taken now, if we don't add gating validation, then over time we're doubtless going to get regressions where people accidentally mangle the SPDX expression validity. I've done that myself a couple of times already :-) With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
