On Mon, 9 Sep 2024, Richard Fontana wrote:
On Mon, Sep 9, 2024 at 12:09 PM Dan Horák <dan@xxxxxxxx> wrote:
On Mon, 9 Sep 2024 16:24:03 +0200
Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:
Dne 09. 09. 24 v 4:15 odp. Scott Talbert napsal(a):
On Fri, 6 Sep 2024, Miroslav Suchý wrote:
Bellow is list of packages that have licenses that are neither valid as
Callaway nor as SPDX. I.e. the license cannot be validated neither using
'license-validate' nor using 'license-validate --old'.
swt2c perl-Data-Validate-IP
I recently updated this package to use SPDX expressions:
GPL-1.0-or-later OR Artistic-1.0
However, I'm just realizing that Artistic-1.0 is NOT a valid Fedora license, which is probably why the package ended
up on this list.
Since Fedora should be able to use this package under the GPL-1.0-or-later license, should I just update the License
expression to that only? Or alternatively, should I request that "GPL-1.0-or-later OR Artistic-1.0" be added as an
allowed license, as I see that "GPL-1.0-or-later OR Artistic-1.0-Perl" is in the list.
I would not try adding Artistic-1.0 into allowed ones:
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/254
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/37
You can talk to upstream. I recently witnessed that upstream used GPL-1.0-or-later OR Artistic-1.0 while they
**intended** to use GPL-1.0-or-later OR Artistic-1.0-Perl.
thanks, "GPL-1.0-or-later OR Artistic-1.0-Perl" should fix collectl too
In the case of perl-Data-Validate-IP, the LICENSE file says
===
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.
Terms of the Perl programming language system itself
a) the GNU General Public License as published by the Free
Software Foundation; either version 1, or (at your option) any
later version, or
b) the "Artistic License"
===
which is followed by what appears to be the text of GPLv1, then by
what I think is the text of OSI Artistic 1.0 (that is, matching SPDX
Artistic-1.0, not SPDX Artistic-1.0-Perl).
We know that "the same terms as Perl 5" *ought* to mean (in SPDX
terms) GPL-1.0-or-later OR Artistic-1.0-Perl, not GPL-1.0-or-later OR
Artistic-1.0 and of course we also know that this is an extremely
common licensing approach in the Perl community.
So the upstream package is ambiguous. Common sense of course suggests
they couldn't possibly care about the difference between these two
versions of Artistic 1.0 (which were overlooked for ... ~20 years or
more?). Most likely they reached for the text of Artistic-1.0 (not
Artistic-1.0-Perl) because they assumed Artistic-1.0 *was* the Perl 5
Artistic 1.0 license. However, this should really be clarified with
the upstream maintainer.
If it were clear that Artistic-1.0 *was* intended, then we'd represent
that as just `GPL-1.0-or-later` because Artistic-1.0 is *not-allowed*
and while we have a notational exception for `GPL-1.0-or-later OR
Artistic-1.0-Perl` I can't see a good justification for extending that
to `GPL-1.0-or-later OR Artistic-1.0` merely because some Perl module
maintainers are (understandably) confused about the multiple versions
of Artistic 1.0.
Ack on all of the above. I've already opened a query upstream:
https://github.com/houseabsolute/Data-Validate-IP/issues/14
Thanks,
Scott
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue