On Fri, 1 Sept 2023 at 18:12, Richard Fontana <rfont...@redhat.com> wrote: > > On Fri, Sep 1, 2023 at 11:56 AM Iñaki Ucar <iu...@fedoraproject.org> wrote: > > > > Apologies if this has been discussed before, but why not something > > like the debian/copyright file? The License tag could be just a list > > of all licenses found, without AND or OR, to avoid the combinatorial > > issue, and then a copyright file could exactly list what applies to > > what. > > It has basically not been discussed before. I think if we were > starting over from scratch I would probably suggest something like the > Debian approach. That also has the advantage of solving the problem of > what standards to adopt around license file inclusion (which currently > haven't been touched in our post-July-2022 documentation and which > really don't make much sense, at least in relation to the rest of the > current Fedora legal guidelines). > > My past assumption has been that it would be culturally too hard for > Fedora to copy the Debian approach (although it occurs to me that > Fedora could just reuse a lot of the Debian package data with limited > modification). Maybe that's wrong? Maybe the current guidelines > involve the same sort of effort that Debian package maintainers engage > in.
We already have a tool that analyzes all the files and reports the licenses found. This could generate an initial template for the packager to revise. I don't think it would be much more work than making sense of the License tag as is now. It would be easier in many cases. > One reason I don't like the "without AND or OR" approach is it is > basically abandoning the idea of using per-RPM or per-package SPDX > expressions, while retaining the idea that we should be using SPDX > expressions at a more atomic level. But if we adopted the Debian > approach I don't see why we should need to continue populating the > License: field at all (not sure how Debian deals with this, offhand). In such case, I see the License tag as a good "effective license" approach that is complementary to the detailed specification. The "98% GPLv2" you were talking about. It could be "License: GPL-2.0-only + COPYRIGHTS file" (i.e. "see the details" file). -- Iñaki Úcar _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
