On Tue, Aug 22, 2023 at 3:34 AM Petr Pisar <ppi...@redhat.com> wrote: > > V Mon, Aug 21, 2023 at 01:04:29PM +0200, Florian Weimer napsal(a): > > * Most package maintainers probably assume that License: tags on all > > built RPMs (source RPMs and binary RPMs) should reflect binary package > > contents, at least when all subpackages are considered in aggregate. > > Often, Source RPMs contain the same License: line as binary RPMs. > > > That's a shortcomming of RPM. It reuses License tag of the main subpackage for > source RPM.
Out of curiosity, is what subpackage is the "main" subpackage a well defined concept, or is it just "the builit package that is described first in the spec file" and beyond that a matter of convention? I couldn't find the answer to this in a few minutes of naive searching. > > In the light of this, I would like to suggest updating the guidelines in > > the following way: > > > > The License: line should be based on the sources only. Using a tool > > such as Fossology to discover relevant licenses and their SPDX tags is > > sufficient. No analysis how licenses from package source code or the > > build environment propagate into binary RPMs should be performed. > > Individual SPDX identifiers that a tool has listed should be separated > > by AND. Package maintainers are encouraged to re-run license analysis > > tooling on the source code as part of major package rebases, and > > update the License: tag accordingly. > > > > To me, that seems to be much more manageable. > > > Yes, that's a very realistic approach of what we can expect from the > packagers. > > I only worry whether the resulting License tag will be any helpful for our > users. E.g. most of the subpackages of perl.spec are "GPL-1.0-or-later OR > Artistic-1.0-Perl". With your approach their license tag would gain > a ridiculous license identifiers that are not really contained. This could possibly be addressed by Daniel's idea of a "use your judgment to exclude what is clearly irrelevant" standard (as I would put it). Richard _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
