On Thu, Feb 15, 2024 at 9:24 PM Tim Flink <tflink@xxxxxxxxxxxxxxxxx> wrote: > > > > On 2/15/24 17:26, Tom Hughes wrote: > > On 15/02/2024 23:57, Omair Majid wrote: > > > >> Tim Flink <tflink@xxxxxxxxxxxxxxxxx> writes: > >> > >>> The upstream is distributed as MIT but contains a few files which have > >>> additional or different licenses. Two files include BSD-2-Clause, two > >>> files include Apache-2.0 and one is Public Domain. The upstream > >>> project includes a LICENSE.txt file which only contains the MIT > >>> license. > >> > >> I have a similar scenario with some of my packages. What I do is mark > >> all the LICENSE.txt files that upstream includes as %license and leave > >> it at that. I don't create/modify/update any existing upstream files. > >> > >> The other licenses (which aren't listed in LICENSE.txt), I list them in > >> spec file using the License tag. > >> > >> In your case, that would be using something like: > >> > >> License: MIT and BSD-2-Clause and Apache-2.0 and > >> LicenseRef-Fedora-Public-Domain > >> > >> (And please add the public domain text to > >> https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt) > >> > >> Someone please correct me if this is wrong. > > > > It's wrong for licenses like Apache which require that the full > > text is included. The guidelines explain what is needed: > > > > https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text > > This topic is touched on, yes but I also think this exact situation is a bit of a gap in what's covered there. > > As I read the guidelines, there are two situations covered: > 1. All applicable licenses are in the LICENSE file(s) from upstream > 2. No (complete) LICENSE file is provided, no complete license text is provided and getting the license text added upstream is not an option (upstream is unwilling, unresponsive etc.) > > In this specific case, the license text is included in the affected files, so it's not a case of upstream just mentioning a license in the README or something like that. > > I'm wondering whether extracting the license text from source files and either putting that text into an additional LICENSE file or appending them to upstream's LICENSE file is seen as an acceptable alternative as we would be using upstream's text, just moving it around a bit and not taking a potentially different source (copying from SPDX, osi et. al). Not sure if these comments are helpful: The Fedora policy on inclusion of license files is in tension with the policy on License tags. This was true before as well as after the adoption of SPDX identifiers in favor of Callaway license abbreviations. We (the people who worked on revising the Fedora legal documentation substantially beginning in summer 2022) deliberately did not touch the stuff on inclusion of license files, because frankly we couldn't figure out what to do. The traditional policy doesn't really make much sense, but there isn't any other approach that's clearly better. Anyway, it is very common for a project to have a LICENSE file that does not have all of the licenses that apply to all of the source code. As far as I understand the Fedora policy on license file inclusion, it's something like "if it's in something that looks like a LICENSE or COPYING file, include it; if there's *no* such global file, copy some relevant license text from a source file; if there's no relevant license text in a source file and it's clear what the license is supposed to be, try to get the upstream project to add a license file" (and/or add the license file yourself). I may have some of that wrong. Eventually we are going to want to revise this policy because the existing policy is so hard to justify but I have no idea what the revised policy ought to be. I have actually suggested not having any license files in binary RPMs, on the grounds that all the licenses ought to be in the source code, but a colleague of mine seemed to feel that was a bit radical. Richard -- _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
