Although I haven’t signed up to do the official review, I was looking at
python-meshio[1], and I found that it contains a function substantially
derived from a StackOverflow answer[2]. While I’m impressed that
upstream cared enough to give credit, this leaves me with a question.
Normally I would suggest that, to be strictly correct, the license of
the copied-and-modified snippet should be added to the package’s License
expression. But all answers on StackOverflow are, depending on when they
are posted[3], licensed CC-BY-SA-2.5, CC-BY-SA-3.0, or CC-BY-SA-4.0. In
this case, the applicable license is CC-BY-SA-3.0[4].
All of these licenses are listed as allowed in Fedora for content, but
not for code. Strictly speaking, then, this appears to be code under a
not-allowed-for-code license. At the same time, it is hard to believe
that prohibiting packages containing snippets from StackOverflow would
be an intended outcome.
Since code copied or heavily inspired by StackOverflow answers is
extremely widespread, and the only thing that is perhaps unusual here is
that proper attribution is present, I’m curious how cases like this
*ought* to be handled.
– Ben Beasley (FAS: music)
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2283539
[2]
https://github.com/nschloe/meshio/blob/b2ee99842e119901349fdeee06b5bf61e01f450a/src/meshio/stl/_stl.py#L49-L83
[3] https://stackoverflow.com/help/licensing
[4] https://stackoverflow.com/posts/8964779/timeline
--
_______________________________________________
legal mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
