SPDX Statistics - 404 packages remaining
Hot news: - I changed the summary and instead of the tidbits I put there how many packages are remaining. - I started counting the packages that has valid SPDX id and no changelog entry (e.g., MIT) as converted. Therefore the bump in statistics. If the license is indeed correct, we will find out in next phase where we will have to do continues check if the license is correct. This still need a work and is not yet ready. - if your package has license LicenseRef-Callaway-foo then it is valid SPDX identifier, but it needs a work. Please se this documentation https://docs.fedoraproject.org/en-US/legal/license-audit-tools/#_scancode_toolkit And the result need to pass test of `license-validate` command. There is a lot of SPDX identifier that were not justified by fedora-legal whether they are good or bad. If `license-validate` does not recognize the identifier then please open issue at https://gitlab.com/fedora/legal/fedora-license-data Two weeks ago we had: * 24378spec files in Fedora * 31014license tags in all spec files * 5359 tags have not been converted to SPDX yet * 149 tags can be trivially converted using `license-fedora2spdx` * Progress: 82,72% ██100% ELN subset: 71 out of 2320 packages are not converted yet (progress 96.94%) Today we have: * 24291spec files in Fedora * 30947license tags in all spec files * 404 tags are not SPDX complient (number from line bellow minus packages with LicenseRef-Callaway-*) * 2726 tags have not been converted to SPDX yet (drop by 2k+ because I do not caunt "valid as old and new") * 111 tags can be trivially converted using `license-fedora2spdx` * Progress: 98,69% ░█100% ELN subset: 68 out of 1945 packages are not converted yet (progress 96.50%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt Packages that are neither in SPDX nor in Callaway format (highest priority for now) - 101 packages: https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt New version of fedora-license-data has been released. With: 2 new licenses and lots of public domain dedications 9 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-11-05 (that is next month!). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Peek Edition
Hot news: - Many times I had to open PR and convert the license tag for package despite the fact that I already converted it previously. That is because a maintainer keeps the spec file somewehere else (in upstream) and on release just copy it to dist-git. If this is your workflow please sync upstream with Fedora's dist-git first. https://docs.fedoraproject.org/en-US/packaging-guidelines/#_spec_maintenance_and_canonicity - The remaining packages usually contains either Public Domain or some variant of Redistributable. The conversion is slow. If you want to help with these, here are guidelines: https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_public_domain Two weeks ago we had: * 24426spec files in Fedora * 31052license tags in all spec files * 5918 tags have not been converted to SPDX yet * 181 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,11% ██100% ELN subset: 140 out of 2325 packages are not converted yet (progress 93.98%) Today we have: * 24378spec files in Fedora * 31014license tags in all spec files * 5359 tags have not been converted to SPDX yet * 149 tags can be trivially converted using `license-fedora2spdx` * Progress: 82,72% ██100% ELN subset: 71 out of 2320 packages are not converted yet (progress 96.94%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt Packages that are neither in SPDX nor in Callaway format (highest priority for now) - 101 packages: https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt New version of fedora-license-data has been released. With: 4 new licenses and several public domain or ultrapermissive dedications 7 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-03-29 (+2 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Peek Edition? Becase on today's date in 1951, Kim Peek was born. He was inspiration for the movie Rain Man. And his true story and live is as good too. Here is start of the today's rabbit hole: https://en.wikipedia.org/wiki/Kim_Peek Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: f41 dnf builddeps fails to parse systemd.spec
Dne 08. 10. 24 v 7:09 odp. Barry Scott napsal(a): Now I have systemd .src.rpm installed next I needed the build deps so that I can do a rpmbuild. Are you sure you want to install it on your workstation. The good habit is to NOT install builddeps and NOT running rpmbuild directly, but running mock -r fedora-41-x86_64 systemd.src.rpm Mock will create minimal buildroot, install all buildeps and run the rpmbuild. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Dvořák Edition
Dne 27. 09. 24 v 4:27 odp. Karolina Surma napsal(a): I second Ben's findings, all of my packages have been migrated with a commit message saying "Review the License tag according to the SPDX standard" and with an added "# SPDX" comment if there was no change of the string. The automation should not report any of those. I run the script over night. It removed lots of reported package with lines warning: valid as old and new and no changelong entry, please check I git-pushed it. You can check it again. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Dvořák Edition
Dne 27. 09. 24 v 4:01 odp. Ben Beasley napsal(a): The list of packages without SPDX, packages-without-spdx-final-maintainers.txt, seems suspicious. It has quite a few packages I maintain that seem perfectly fine to me. NiaAML-GUI has: # SPDX License: MIT and a commit/changelog in its history entitled “Clarify that License is SPDX MIT”. The reasons are in the first file: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt for NiaAML-GUI it states: |> NiaAML-GUI warning: valid as old and new and no changelong entry, please check hmm... you are right, I had a error in my script in detection of dist-git changelog. Next time it will not be reported. | -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Dvořák Edition
Hot news: - I am going through "neither Callaway nor SPDX" license formulas. I submitted dozens PR for your packages. And beside obvious typos or partial conversion I see cases where maintainers use SPDX id of license. This is not enough the license id must have SPDX id **and** must be on fedora-license-data list. If you do not see the license on https://docs.fedoraproject.org/en-US/legal/all-allowed/ (or it does not pass `license-validate` test) then please open issue against fedora-license-data at https://gitlab.com/fedora/legal/fedora-license-data - when your package has in license string LicenseRef-Callaway-* then rpmlint and rpminspect will complain about it. While reverting the string silence these linter (for now) the correct way is to correctly identify SPDX id. Best way is to $ sudo dnf install scancode-toolkit $ fedpkg clone $PACKAGE $ cd $PACKAGE $ fedpkg prep $ cd $ARCHIVEDIR $ scancode --license --license-references --html /tmp/scan.html -n8 . && firefox /tmp/scan.html - We had a meeting with Garry O'Neal from SPDX who introduced to variety of tools he is using for license scanning. We would love to deploy fossology in Fedora infrastructure to ease your license scanning. Two weeks ago we had: * 24376spec files in Fedora * 31002license tags in all spec files * 5970 tags have not been converted to SPDX yet * 188 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,24% ██100% ELN subset: 142 out of 2322 packages are not converted yet (progress 93.88%) Today we have: * 24426spec files in Fedora * 31052license tags in all spec files * 5918 tags have not been converted to SPDX yet * 181 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,11% ██100% ELN subset: 140 out of 2325 packages are not converted yet (progress 93.98%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt Packages that are neither in SPDX nor in Callaway format (highest priority for now): https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt New version of fedora-license-data has been released. With: 5 new licenses 7 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-03-27 (+17 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Dvořák edition? Because on today's date at 1892 Czech composer Antonín Dvořák arrived on steam boat to New York per request of Jeanett Thurberg. Dvořák stayed in US for 3 years as director of National Conservatory of Music. Directly influenced by stay in US he composed "From the New World". Neil Armstrong took this recording for his Apollo 11 mission and it was first musing that was played on the Moon. https://en.wikipedia.org/wiki/Symphony_No._9_(Dvo%C5%99%C3%A1k) https://open.spotify.com/album/6FMu88LoghMcmme2aDkK3S?si=OKGoOpwJSRCOPIhcxID17g [40 minutes] https://en.wikipedia.org/wiki/Anton%C3%ADn_Dvo%C5%99%C3%A1k#United_States Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
PyPI and pypi_source changes
If you maintain a package from PyPI, I wanted to give you a heads-up. It took me two hours to resolve this issue today
as it started with "why Packit did not created new PR when upstream has new version".
And quick check shows that about one thousand packages may be affected.
It seems that PyPI recently started to enforce
https://setuptools.pypa.io/en/latest/history.html#id118
And if project name of your package is affected you will likely hit
https://bugzilla.redhat.com/show_bug.cgi?id=2278073
In my case:
%{pypi_source ibm-cloud-sdk-core}
stopped working and I had to replace it by
%{pypi_source ibm_cloud_sdk_core}
But the new variant works only for recently uploaded tarballs. Not sure where
is the cut date.
You will be likely affected if the project name contains dashes, uppercase
letters or dots.
It will affect you if you do not pass argument to pypi_source macro too. I.e.
./python-azure-cosmos.spec
Source0: %pypi_source
Have to be replaced by %{pypi_source azure_cosmos} when there will be a new
release.
When your package is one-word only, it will likely not affect you. E.g.,
./python-winacl.spec:Source0: %{pypi_source}
will continue to work without a problem.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Mock change - not installing documentation files in buildroot
In Mock upstream we are right not discussing https://github.com/rpm-software-management/mock/pull/1462 Here is the summary: > Config files that uses DNF now contains `tsflags=nodocs` that tells RPM to not > install documentation files. > This results to smaller buildroot. For fedora-rawhide, with only minimal set of > packages, this is reduction from 260MB to 246MB. We are not sure if this would/may affect some packages. If this can affect you, or you have any comment about it, I will welcome a feedback. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Orphaning/retiring truth
Dne 20. 09. 24 v 2:53 dop. Orion Poplawski napsal(a): I'm planning on retiring truth soon unless someone wants to take it over. I'm not aware of anything that needs it. We should not name packages like that. Reading this made me sad. And it took me a while that you mean an RPM package. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Almost There Edition
I will start with the tidbit first today. Why "Almost There Edition"? You can find that in https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?gid=0#gid=0 we are done from 81%. But I will offer different view: 5970 packages are not converted yet. But out of this number: 2387 packages are migrated to LicenseRef-Callaway-* and are technically in SPDX form, 3025 packages are valid SPDX formulas and validate using license-validate, but there is no entry if it was checked (MIT cases). That leaves us with only 558 packages that does not have valid SPDX license string. Last 2% percents! We are almost there! We have 168 packages that have licenses does not license neither valid as Callaway nor SPDX. https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining.txt https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt I am going through of them. And for about half of them I already opened PR that correct the license or filed BZ describing the problem. I created tracking BZ for these cases https://bugzilla.redhat.com/show_bug.cgi?id=2310597 When I finish with these I want to follow on the last 188 trivial migration. Most of them are Public Domain "licenses" that needs to add the dedication to https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt?ref_type=heads Two weeks ago we had: * 24320spec files in Fedora * 30938license tags in all spec files * 6416 tags have not been converted to SPDX yet * 228 tags can be trivially converted using `license-fedora2spdx` * Progress: 79,26% ░░░███100% ELN subset: 154 out of 1955 packages are not converted yet (progress 92.12%) Today we have: * 24376spec files in Fedora * 31002license tags in all spec files * 5970 tags have not been converted to SPDX yet * 188 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,24% ██100% ELN subset: 142 out of 2322 packages are not converted yet (progress 93.88%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 4 new licenses 7 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-03-10 (+26 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 09. 09. 24 v 7:34 odp. Peter Robinson napsal(a): Was there ever a resolution to this thread [1] around LicenseRef-Callaway-Redistributable-no-modification-permitted in particular for the linux-firmware package? [1]https://www.spinics.net/lists/fedora-devel/msg316158.html I understand that the email you linked is the conlusion at least for now. It is documented here: https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_redistributable_no_modification_permitted tl;dr for each such case open issue at fedora-license-data and it either match some license or we add it to https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/firmware.txt?ref_type=heads and use |LicenseRef-Fedora-Firmware.| -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 09. 09. 24 v 4:21 odp. Vít Ondruch napsal(a): But that is upstream stuff, isn't it? It is "a format". Nothing stops us to use it aside of spec file. Or in comments in spec file. Just to find consensus how to use it and put it guidelines. :) -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 09. 09. 24 v 4:15 odp. Scott Talbert napsal(a): On Fri, 6 Sep 2024, Miroslav Suchý wrote: Bellow is list of packages that have licenses that are neither valid as Callaway nor as SPDX. I.e. the license cannot be validated neither using 'license-validate' nor using 'license-validate --old'. swt2c perl-Data-Validate-IP I recently updated this package to use SPDX expressions: GPL-1.0-or-later OR Artistic-1.0 However, I'm just realizing that Artistic-1.0 is NOT a valid Fedora license, which is probably why the package ended up on this list. Since Fedora should be able to use this package under the GPL-1.0-or-later license, should I just update the License expression to that only? Or alternatively, should I request that "GPL-1.0-or-later OR Artistic-1.0" be added as an allowed license, as I see that "GPL-1.0-or-later OR Artistic-1.0-Perl" is in the list. I would not try adding Artistic-1.0 into allowed ones: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/254 https://gitlab.com/fedora/legal/fedora-license-data/-/issues/37 You can talk to upstream. I recently witnessed that upstream used GPL-1.0-or-later OR Artistic-1.0 while they **intended** to use GPL-1.0-or-later OR Artistic-1.0-Perl. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 8:43 odp. Kevin Fenzi napsal(a): Can you do a updated run so we can see how many are left after that change? Here is updated list. And I already started opening PR for packages at src.fedoraproject.org because each case is special and PR is likely the best way. This list is based on yesterday's data .If you merged my PR or done your change yesterday or today then it is not reflected in this report. abi-dumper accel-config alsa-sof-firmware angelfish api-sanity-checker audacious-plugins avogadro2-libs bacula bmake btop calf ceph clementine Coin3 collectl cross-binutils dcfldd fcitx5-mozc fedora-remix-logos filebench fldigi flmsg flrig fltk frescobaldi gdb-exploitable ghc-http-client ghc-hxt-unicode ghc-monad-loops ghc-polyparse ghc-tf-random ghc-uglymemo ghostwriter gl-manpages gmsh gnote gnu-free-fonts golang-gopkg-retry-1 golang-gopkg-yaml-1 google-roboto-mono-fonts gstreamer1-doc guayadeque hackrf hibernate-jpa-2.0-api hydra icecat iprutils iucode-tool jam jbosscache-support jsmath-fonts julia julius kcbench kclock kernel kf5-bluez-qt kf5-kcalendarcore kf5-kdeclarative kf5-kholidays kf5-kirigami2-addons kf5-kirigami2 kf5-krunner kf5-libkleo kf5-threadweaver khealthcertificate kpublictransport kscreen lazarus libclc libnumbertext libtimidity libva-intel-hybrid-driver libwebp lmms lumina-desktop lyx maatkit man-pages-ja man-pages-l10n man2html mariadb10.11 Mayavi mingw-binutils mingw-libunistring mingw-wxWidgets mingw-wxWidgets3 mxml net-snmp newsx nikto ocaml-camomile ocaml-omake ogre opencascade opendkim opendmarc openexr openjfx openjfx8 OpenSceneGraph open-vm-tools perl-Crypt-Blowfish perl-Data-Validate-IP perl-Devel-Caller-IgnoreNamespaces perl-HTML-TableExtract perl-Lingua-Preferred perl-LockFile-Simple perl-qooxdoo-compat perl-Unicode-CheckUTF8 perl-XML-Tiny phpMyAdmin php-pear-PHP-CodeSniffer pinball pkcs11-helper plasma-mobile pokerth ProDy publican pypy pypy3.10 pypy3.9 python-basemap python-cclib python-pyface python-stone python-traitsui python-utmp qcad qmmp qownnotes qt5-qtfeedback rgbds R-IRanges rpminspect rubygem-rdoc rubygem-xmlparser ruby rust-askalono-cli rust-dutree rust-gmp-mpfr-sys rust-nettle-sys rust-nettle rust-rpick rust-ybaas rust-yubibomb rust-zbase32 scalasca scantailor scummvm simple-scan sipp skf stun supertuxkart tcmu-runner teeworlds texlive thc-ipv6 tkimg torque tuxpaint-stamps uboot-tools upx vakzination virtualbox-guest-additions webkitgtk wwl wxsqlite3 w3m xmedcon yakuake yascreen Packages by maintainer: aarem fltk acaringi kernel aekoroglu libtimidity airlied kernel ajax gl-manpages kernel amigadave simple-scan ankursinha xmedcon atim qownnotes ausil uboot-tools avsej ocaml-camomile bbonev1 yascreen blowry rgbds bowlofeggs rust-rpick branto ceph bskeggs kernel catanzaro webkitgtk cbm tuxpaint-stamps cdamian php-pear-PHP-CodeSniffer chedi Mayavi python-pyface python-traitsui chkr scummvm churchyard pypy pypy3.10 pypy3.9 cicku perl-XML-Tiny corsepiu Coin3 cottsay hackrf danfruehauf audacious-plugins dcantrell rpminspect dcavalca rust-gmp-mpfr-sys deamn openjfx openjfx8 decathorpe rust-askalono-cli rust-nettle rust-nettle-sys rust-ybaas rust-yubibomb rust-zbase32 dhowells cross-binutils dodji simple-scan dtimms ogre duck iucode-tool dwmw2 iprutils pkcs11-helper eclipseo clementine golang-gopkg-retry-1 elmarco mingw-binutils eseyman perl-Devel-Caller-IgnoreNamespaces perl-Lingua-Preferred perl-XML-Tiny etrunko mingw-binutils mingw-libunistring farchord plasma-mobile vakzination fjanus mariadb10.11 hguemar torque hhorak mariadb10.11 hobbes1069 Coin3 abi-dumper api-sanity-checker fldigi flmsg flrig fltk gmsh opencascade openexr hushan filebench huzaifas nikto stun ignatenkobrain gmsh libclc ogre python-pyface python-traitsui simple-scan supertuxkart teeworlds ixs perl-Crypt-Blowfish perl-LockFile-Simple jamatos lyx jcajka iprutils jchaloup fltk jcline kernel jfearn publican jforbes kernel jgrulich kf5-bluez-qt kf5-kdeclarative kf5-krunner kf5-threadweaver qt5-qtfeedback jjelen hibernate-jpa-2.0-api jkastner Coin3 gmsh jkucera kf5-libkleo jnovy texlive jonathanspw btop jpopelka python-utmp jridky net-snmp openexr jsafrane net-snmp jskarvad hackrf wwl jwboyer kernel jwolfe open-vm-tools jwrdegoede kernel libtimidity virtualbox-guest-additions kalev gnote mingw-binutils pkcs11-helper rust-dutree kengert icecat kernel-maint kernel kevin mxml opendmarc kkeithle ceph kkofler angelfish ktdreyer ceph kvolny qmmp kwizart libva-intel-hybrid-driver kzak collectl limb calf frescobaldi gnu-free-fonts libnumbertext perl-HTML-TableExtract pinball python-basemap python-stone supertuxkart teeworlds tuxpaint-stamps upx linkdupont google-roboto-mono-fonts linville kernel ljavorsk man-pages-l10n mariadb10.11 lkundrak cr
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 09. 09. 24 v 3:33 odp. Vít Ondruch napsal(a):
Neat. This would allow to slap in some comments, right? E.g:
~~~
License: %{shrink:
%dnl src/*.*
MIT AND
BSL-1.0 AND %dnl doc/*.*
BSD-2-Clause AND
(Apache-2.0 OR MIT OR BSL-1.0)
}
Technically yes, but please do not.
There is already
https://reuse.software/
that has structure, documentation, linters, libraries...
Somehow incorporating this would be great.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 08. 09. 24 v 3:54 odp. Barry napsal(a):
$ LC_ALL=C rpmspec -q --qf '%{license}\n' ruby.spec
error: ruby.spec: line 241: failed to load macro file
/home/msuchy/rpmbuild/SOURCES/macros.ruby
I have hit rslated issues like this in the past, rpmspec needs the rpm macro
dependencies to be installed.
I assume if you install all the fedora rpm macro packages this will your script
to run over all spec files.
Nope. If it would be required as build dependency, then it was no problem (but then the macros would not be available
during building of src.rpm)
This issue is because (to speak about this specific case) ruby uses:
Source4: macros.ruby
%{load:%{SOURCE4}}
So rpmbuild looks for macros.ruby in %_sourcedir and that is normally
~/rpmbuild/SOURCES/
When I redifine
%_sourcedir .
and then run the `rpmspec` tool in dist-git checkout then it does the right
thing.
$ rpmspec -q --qf '%{license}\n' --define='_sourcedir .' ruby.spec
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 12:16 odp. Petr Pisar napsal(a):
$ rpmspec -q --qf '%{license}\n' perl-License-Syntax.spec
GPL-1.0-or-later OR Artistic-1.0-Perl
This is not as easy as I thought. While this works for simply packages using
%shrink:
$ rpmspec -q --qf '%{license}\n' rpm-specs/python-graph-tool.spec
LGPL-3.0-or-later AND BSL-1.0 AND BSD-3-Clause AND GPL-3.0-or-later AND MIT AND
(MIT OR Apache-2.0)
LGPL-3.0-or-later AND BSL-1.0 AND BSD-3-Clause AND GPL-3.0-or-later AND MIT AND
(MIT OR Apache-2.0)
LGPL-3.0-or-later AND BSL-1.0
It fails for others packages:
$ LC_ALL=C rpmspec -q --qf '%{license}\n' ruby.spec
error: ruby.spec: line 241: failed to load macro file
/home/msuchy/rpmbuild/SOURCES/macros.ruby
error: query of specfile ruby.spec failed, can't parse
It fails even when I do this query in dist-git checkout.
So I tried to write simple script utilizing python-specfile:
https://pagure.io/copr/license-validate/blob/main/f/print-spec-license.py
But it fails too:
$ ./print-spec-license.py rpm-specs/python-graph-tool.spec
%{shrink:
LGPL-3.0-or-later AND BSL-1.0
I reported it as https://github.com/packit/specfile/issues/410
But for now I am running out of ideas.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 8:43 odp. Kevin Fenzi napsal(a): Can you do a updated run so we can see how many are left after that change? Yes. The analysis is already running. But it takes almost a day to finish. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 1:57 odp. Daniel P. Berrangé napsal(a): I need a class again on how to do this... I remember years ago being told we should try to come up with what the effective license is, so if the We (owners of the change) are indeed considering doing workshops on how to identify license. But we need the tooling that we will be using first. package has sources that are both GPL--or-later and they have both GPL 2 and GPL 3 sources that the combination should be considered GPL-3-or-later. No effective license analysis should be performed any more, as that is removed from the guidelines, just list everything that is found. *nod* -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 1:33 odp. Ben Beasley napsal(a):
Both python-graph-tool and python-llvmlite also use the %{shrink: …} macro in their spec files. You’ve demonstrated
how they can be validated correctly by first allowing RPM to form the License expression in a single line, rather than
grepping the spec file directly.
Yes. The same issue as Ben and Petr. Fixed now and will not be reported again.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 1:08 odp. Ben Beasley napsal(a): There are still packages in this list that appear to have valid license expressions, but aren’t amenable to spec-file grepping because they use the %shrink macro to split long license expressions across multiple lines. Looking at this list: music c4core fcitx5-mozc gi-docgen libpri luminance-hdr python-pdfminer sequeler usd I see that this is the case for all but fcitx5-mozc (which I co-maintain only in order to patch and rebuild it for abseil-cpp, and for which I don’t normally work on updates or other issues). For example, c4core has: True. It is the same issue Petr Pisar reported in this thread. The fix fixed this case too. Sorry for the noise. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 12:16 odp. Petr Pisar napsal(a): This package looks good for me. Last change in a License tag was on 2022-12-20 and current value "GPL-1.0-or-later OR Artistic-1.0-Perl" is valid. Indeed. Did you simply grep spec files instead of letting RPM to parse them? I was about to say that "no, I'm not such primitive and that I use python-specfile", but I checked the code and yes, I'm such primitive. I indeed use on this place simple grep. I fixed the code. Thank you for point this out. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Dne 06. 09. 24 v 12:55 odp. Artur Frenszek-Iwicki napsal(a): Bah, silly mistake on my part. This was "LGPLv2+", so should be "LGPL-2.0-or-later". Yes. You are not alone. There is lot of such typos. But there is another problem. LGPL-2.0-or-later is allowed license, but LGPL-2.0-or-later WITH Classpath-exception-2.0 is not allowed. Simply because it is not on Fedora list (while it is valid SPDX formula). Can you please file an issue for this combination at https://gitlab.com/fedora/legal/fedora-license-data ? -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #3 of all remaining packages
Dne 06. 09. 24 v 10:29 dop. Petr Pisar napsal(a): I'm not sure it was a systemic mistake or just the two packages were special. Very likely a bug in my quick'n'dirty script. :) -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] packages that are "not valid neither as Callaway nor as SPDX"
Bellow is list of packages that have licenses that are neither valid as Callaway nor as SPDX. I.e. the license cannot be validated neither using 'license-validate' nor using 'license-validate --old'. Some examples I checked (random selection): aldo.spec: License: GPL-2.0-or-later AND GPL-3.0 (typo in GPL-3.0) plasma-mobile.spec: License: CC0 and GPLv2 and GPLv2+ and GPLv3 and GPLv3+ and LGPLv2+ and LGPLv2.1 and LGPLv2.1+ and LGPLv3 and LGPLv3 and MIT ( we do not track LGPLv2.1 and LGPLv2.1+ in Callaway system) qcad.spec License: GPL-3.0-only AND GPL-2.0-or-later AND MIT AND BSD AND Public Domain AND CC-BY-3.0 AND Hershey (old form of BSD and PD, unknown license Heshey) zeromq.spec: License: MPLv2.0 AND BSD-3-Clause AND MIT (old form of MPL) I wonder how to approach this? Either: 1) Directly change it in dist-git to LicenseRef-Callaway-$OLD_ID with a comment that maintainer should revise it. Or 2) Open BZs for these packages. I will welcome your comments and opinions. There is 236 such cases in Fedora. Maintainers by package: Coin3 corsepiu hobbes1069 jkastner Mayavi chedi orion OpenSceneGraph smani ProDy sagitter R-IRanges spot R-lubridate qulogic abi-dumper hobbes1069 orion accel-config miaojun0823 yunyings ags rathann aldo hobbes1069 alsa-sof-firmware perex angelfish kkofler thunderbirdtr api-sanity-checker hobbes1069 aprsdigi hobbes1069 aqbanking limb rdieter audacious-plugins danfruehauf mschwendt robert avogadro2-libs sagitter bacula slaanesh bijiben mcrha pwalter bmake pemensik bsh didiksupriadi41 mizdebsk btop jonathanspw build2 mkrupcale c4core music calf limb ceph branto kkeithle ktdreyer clamav gnat mstevens nb orion pwouters robert sergiomb steve clementine eclipseo cmake besser82 orion pwalter rdieter collectl kzak sharkcz cross-binutils dhowells lkundrak sharkcz dcfldd rebus dumpasn1 fkooman fcitx5-mozc music yanqiyu fedora-remix-logos spot fedora-workstation-backgrounds duffy luya ryanlerch filebench hushan fldigi hobbes1069 flmsg hobbes1069 fltk aarem hobbes1069 jchaloup phracek rdieter frescobaldi limb gdb-exploitable sgrubb generic-release bruno mohanboddu spot ghc-control-monad-free mathstuf petersen ghc-http-client qulogic ghc-hxt-unicode petersen ghc-monad-loops petersen ghc-polyparse petersen ghc-tf-random petersen ghc-uglymemo mathstuf ghostwriter marcdeop gi-docgen music gl-manpages ajax yaneti gmsh hobbes1069 ignatenkobrain jkastner smani gnote kalev gnu-free-fonts limb golang-gopkg-retry-1 eclipseo golang-gopkg-yaml-1 mikelo2 gstreamer1-doc wtaymans guayadeque martinkg hackrf cottsay jskarvad stevenfalco hibernate-jpa-2.0-api jjelen hydra rcallicotte rebus icecat kengert sagitter iprutils dwmw2 jcajka sinnykumari iucode-tool duck puiterwijk jam spot jbosscache-support orphan jsmath-fonts rdieter julia nalimilan julius spot kcbench thl kclock thunderbirdtr kernel acaringi airlied ajax bskeggs jcline jforbes jwboyer jwrdegoede kernel-maint linville myoung patrickt quintela sandeen steved kf5-bluez-qt jgrulich rdieter kf5-kcalendarcore rdieter kf5-kdeclarative jgrulich rdieter than kf5-kholidays rdieter kf5-kirigami2 rdieter kf5-kirigami2-addons thunderbirdtr kf5-krunner jgrulich rdieter than kf5-libkleo jkucera rdieter kf5-threadweaver jgrulich rdieter than khealthcertificate ngompa thunderbirdtr kpublictransport ngompa thunderbirdtr kscreen rdieter lazarus suve libclc ignatenkobrain nikic sergesanspaille tstellar tuliom libnumbertext limb libpri music libtimidity aekoroglu jwrdegoede sagitter libva-intel-hybrid-driver kwizart libwebp smani lmms thm lumina-desktop tieugene luminance-hdr music lyx jamatos rdieter maatkit slankes man-pages-ja tagoh man-pages-l10n ljavorsk mfabian nforro man2html orion patches sergiomb mariadb10.11 fjanus hhorak ljavorsk mschorm zmiklank mingw-binutils elmarco etrunko kalev rjones smani mingw-libunistring etrunko mingw-wxWidgets sailer mingw-wxWidgets3 sailer moby-engine buckaroogeek copperi gotmax23 sergiomb mxml
[SPDX] Rest of "trivial" migration
Below is last 198 packages that has 1:1 mapping to SPDX id. But most of them has some caveat. My intention is to NOT run this through script to avoid some mistake, but convert it manually in dist-git. I plan to convert * Public Domain to LicenseRef-Callaway-Public-Domain * "Redistributable, no modification permitted" to LicenseRef-Callaway-Redistributable-no-modification-permitted * "Freely redistributable without restriction" to LicenseRef-Callaway-Freely-redistributable-without-restriction And add a comment about automatic conversion and link to relevant section of https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_updating_existing_packages_callaway_short_name_categories Anything with "with exception" will be converted LicenseRef-Callaway-* Anything else will be converted to its SPDX counterpart - I still see there bunch of GPL-2.0-or-later, GPL-2.0-only etc. that are straightforward. Because I will be doing this manually, I cannot provide the diff in advance this time. :( I will start working on this at the end of next week. If you want to exclude your package or you have any other comment, let me know. Here is the list: alienarena - can be trivially converted to LicenseRef-Fedora-UltraPermissive allegro - can be trivially converted to Zlib OR GPL-1.0-or-later allegro - can be trivially converted to Zlib OR GPL-1.0-or-later allegro - can be trivially converted to LicenseRef-Fedora-Public-Domain allegro - can be trivially converted to LicenseRef-Fedora-Public-Domain ants - can be trivially converted to LicenseRef-Fedora-Public-Domain astronomy-menus - can be trivially converted to LicenseRef-Fedora-Public-Domain atmel-firmware - can be trivially converted to LicenseRef-Fedora-Firmware BackupPC-XS - can be trivially converted to GPL-3.0-or-later AND ( GPL-1.0-or-later OR Artistic-1.0-Perl ) AND Zlib BareBonesBrowserLaunch - can be trivially converted to LicenseRef-Fedora-Public-Domain bcm283x-firmware - can be trivially converted to LicenseRef-Fedora-Firmware beneath-a-steel-sky-cd - can be trivially converted to LicenseRef-Fedora-UltraPermissive beneath-a-steel-sky - can be trivially converted to LicenseRef-Fedora-UltraPermissive biblesync - can be trivially converted to LicenseRef-Fedora-Public-Domain clc - can be trivially converted to LicenseRef-Fedora-Public-Domain clpeak - can be trivially converted to LicenseRef-Fedora-Public-Domain cockatrice - can be trivially converted to GPL-2.0-only AND LicenseRef-Fedora-Public-Domain coin-or-Sample - can be trivially converted to LicenseRef-Fedora-Public-Domain cproto - can be trivially converted to LicenseRef-Fedora-Public-Domain ddate - can be trivially converted to LicenseRef-Fedora-Public-Domain diffmark - can be trivially converted to diffmark AND ( GPL-1.0-or-later OR Artistic-1.0-Perl ) docbook-simple - can be trivially converted to LicenseRef-Fedora-UltraPermissive docbook5-schemas - can be trivially converted to LicenseRef-Fedora-UltraPermissive domtt - can be trivially converted to Apache-2.0 drascula-international - can be trivially converted to LicenseRef-Fedora-UltraPermissive drascula-music - can be trivially converted to LicenseRef-Fedora-UltraPermissive drascula - can be trivially converted to LicenseRef-Fedora-UltraPermissive dreamweb - can be trivially converted to LicenseRef-Fedora-Firmware dtv-scan-tables - can be trivially converted to LicenseRef-Fedora-Public-Domain emacs-slime - can be trivially converted to LicenseRef-Fedora-Public-Domain AND GPL-3.0-or-later AND GPL-2.0-or-later AND LLGPL filedrop - can be trivially converted to LicenseRef-Fedora-Public-Domain filesystem - can be trivially converted to LicenseRef-Fedora-Public-Domain flight-of-the-amazon-queen-cd - can be trivially converted to LicenseRef-Fedora-UltraPermissive flight-of-the-amazon-queen - can be trivially converted to LicenseRef-Fedora-UltraPermissive foremost - can be trivially converted to LicenseRef-Fedora-Public-Domain fpc - can be trivially converted to GPL-2.0-or-later AND LGPL-2.1-or-later WITH Qwt-exception-1.0 gerrymander - can be trivially converted to GPL-2.0-or-later gimpfx-foundry - can be trivially converted to GPL-2.0-or-later AND GPL-3.0-or-later AND LicenseRef-Fedora-Public-Domain glibd - can be trivially converted to LGPL-3.0-or-later WITH openvpn-openssl-exception gnome-valgrind-session - can be trivially converted to LicenseRef-Fedora-Public-Domain gnulib - can be trivially converted to GPL-3.0-or-later gnulib - can be trivially converted to GPL-2.0-or-later gnustep-make - can be trivially converted to LicenseRef-Fedora-Public-Domain golang-github-burntsushi-xdg - can be trivially converted to LicenseRef-Fedora-Public-Domain golang-github-xi2-xz - can be trivially converted to LicenseRef-Fedora-Public-Domain gtkd - can be trivially converted to LGPL-3.0-or-later WITH openvpn-openssl-exception icon - can be trivially converted to LicenseRef-Fedora-Public-Domain iscan-firmware - can be triv
Re: [SPDX] Mass license change - batch #3 of all remaining packages
Dne 28. 08. 24 v 11:53 dop. Miroslav Suchý napsal(a): Here is the third and last batch of changes for 972 packages (perl-JSON-Create to 0ad-data) Done. I am now running new check of all spec files to see what can be done next. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Donate 1 minute of your time to test upgrades from F40 to F41
Dne 02. 09. 24 v 12:20 odp. Miroslav Suchý napsal(a): Do you want to make Fedora 41 better? Please spend 1 minute of your time and try to run: dnf --releasever=41 --enablerepo=updates-testing --assumeno distro-sync I hit Problem 1: installed package compat-golang-github-shirou-gopsutil-3-devel-3.24.5-1.fc40.noarch requires golang-ipath(github.com/shirou/gopsutil) = 3.24.5-1.fc40, but none of the providers can be installed - golang-github-shirou-gopsutil-devel-3.24.5-1.fc40.noarch does not belong to a distupgrade repository - problem with installed package Problem 2: installed package compat-golang-github-xhit-str2duration-2-devel-2.1.0-5.fc40.noarch requires golang-ipath(github.com/xhit/go-str2duration) = 2.1.0-5.fc40, but none of the providers can be installed - golang-github-xhit-str2duration-devel-2.1.0-5.fc40.noarch does not belong to a distupgrade repository - problem with installed package Problem 3: installed package compat-golang-gotest-3-devel-3.3.0-7.fc40.noarch requires golang-ipath(gotest.tools) = 3.3.0-7.fc40, but none of the providers can be installed - golang-gotest-devel-3.3.0-7.fc40.noarch does not belong to a distupgrade repository - problem with installed package And I am not able to decipher the golang dependency and what package is in fault. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Questions regarding CPUs on aarch64 builders
Dne 03. 09. 24 v 11:20 dop. Artur Frenszek-Iwicki napsal(a): Looking at the build history in koji, my builds ran on: - buildhw-a64-03.iad2.fedoraproject.org Are you able to reproduce the build failure in Copr? If yes, then you can ssh there: https://frostyx.cz/posts/ssh-access-to-copr-builders -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Donate 1 minute of your time to test upgrades from F40 to F41
Dne 02. 09. 24 v 7:52 odp. Michael Schwendt napsal(a): Error: Problem 1: package wxGTK3-3.0.5.1-10.fc38.x86_64 from @System requires libtiff.so.5()(64bit), but none of the providers can be installed The wxGTK3 package does not exist anymore in Fedora 39 and later. File dead.package tells it's been replaced by wxGTK, but I see no Obsoletes tags. Possibly just the wording is ambiguous, and it doesn't really replace wxGTK3. https://src.fedoraproject.org/rpms/wxGTK3/blob/rawhide/f/dead.package Reported https://src.fedoraproject.org/rpms/wxGTK/pull-request/4 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #2 of all remaining packages
Dne 25. 08. 24 v 9:17 dop. Miroslav Suchý napsal(a): Here is the second batch of changes for 1000 packages (golang-github-danwakefield-fnmatch to perl-Image-Xbm) Git committed and pushed. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Donate 1 minute of your time to test upgrades from F40 to F41
Do you want to make Fedora 41 better? Please spend 1 minute of your time and try to run: dnf --releasever=41 --enablerepo=updates-testing --assumeno distro-sync This command does not replace `dnf system-upgrade`, but it will reveal potential problems. You may also run `dnf upgrade` before running this command. The `--assumeno` will just test the transaction, but does not make the actual upgrade. In case you hit dependency issues, please report it against the appropriate package. Or against fedora-obsolete-packages if that package should be removed in Fedora 40. Please check existing reports against fedora-obsolete-packages first: https://red.ht/2kuBDPu and also there is already lots of "Fails to install" (F40FailsToInstall) reports: http://bit.ly/3TcO0Ng One note: * you may want to run the same command with dnf5 to help test new dnf. Do not forget to add --best otherwise DNF5 hides all problems. For convenience here is the relevant part of Fedora Guidelines on renaming and replacing packages: https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-replacing-existing-packages Thank you Miroslav-- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Montessori Edition
Dne 31. 08. 24 v 1:09 odp. Michael Schwendt napsal(a): On Sat, 31 Aug 2024 12:42:48 +0200, Miroslav Suchý wrote: List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt Well, both "audacious" and "audacious-plugins" are almost done, except for the BSD variant they use for the core code. It is based on even further simplified two clause BSD terms, and I don't know whether that classifies as BSD-2-Clause: I will provide general answer first and then answer specific for you. You can discuss the legal topic in legal mailing list: https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/ Questions "not sure if this is license A or B" is good topic. If you think the license can be a new one - or if you simply prefer a issue tracker for your question - you can open issue at fedora-license-repo https://gitlab.com/fedora/legal/fedora-license-data/-/issues Richard does great job processing this issues. Sometimes Jilayne helps him, but otherwise she focuses on SPDX upstream work. If you are reading this and have a law degree (or at least background) then we appreciate joining this project as some issues are several months old. // -- Copyright © 2001-2024 Audacious developers When you want to determine what is the license, you can use one of these tools. https://docs.fedoraproject.org/en-US/legal/license-review-process/#_how_to_determine_if_a_license_or_exception_is_on_the_spdx_license_list I personally prefer License-diff plugin for Firefox. The plugin told me that the closest match is libutil-David-Nugent https://spdx.org/licenses/libutil-David-Nugent.html or Brian-Gladman-2-Clause https://spdx.org/licenses/Brian-Gladman-2-Clause.html but the differences are still big. My recommendation is to open issue https://gitlab.com/fedora/legal/fedora-license-data/-/issues and after initial review we will submit it to SPDX as a new license and assign it new ID. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Montessori Edition
Hot news: * Migration of all remaining licenses to LicenseRef-Callaway-* is in progress. Note that while such IDs are valid SPDX identifiers, it is not accepted license for Fedora. And it is reported as not valid. I will continue to report such licenses as "not converted". * Due the conversion to LicenseRef-Callaway-*, the commits and changelogs now mention SPDX while the License tag still need an attention. I previously skipped analysis of licenses if git-log or %changelog contained SPDX string. I removed this shortcut. That revealed cases where maintainer migrated one license tag and forgot about license tag in subpackage. Therefore the number of converted packages dropped this time. * rpmlint-fedora-license-data previously contained data for both SPDX and Callaway syntax. Now it contains only SPDX data. Callaway syntax is now in rpmlint-fedora-license-data-legacy package. Two weeks ago we had: * 24312spec files in Fedora * 30925license tags in all spec files * 5740 tags have not been converted to SPDX yet * 208 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,31% ██ 100% ELN subset: 57 out of 2337 packages are not converted yet (progress 97.56%) Today we have: * 24320spec files in Fedora * 30938license tags in all spec files * 6416 tags have not been converted to SPDX yet * 228 tags can be trivially converted using `license-fedora2spdx` * Progress: 79,26% ░░░███100% ELN subset: 154 out of 1955 packages are not converted yet (progress 92.12%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 6 new licenses 4 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-02-212 (+19 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Montessori Edition? Because on today's date in 1870 Maria Montessori was born. She worked with child with cognitive disablities and created Montessori education that stresses child's own initiatitive and natural abilitities through practical play. It is one of the method used in today's schools. https://en.wikipedia.org/wiki/Maria_Montessori https://en.wikipedia.org/wiki/Montessori_education Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Hulk edition
Dne 29. 08. 24 v 1:10 odp. Pavel Cahyna napsal(a): Hello, On Fri, May 10, 2024 at 10:55:13AM +0200, Miroslav Suchý wrote: Hot news: SPDX v3 has been published. The biggest change for us is that license expression allows lowercase operators (and, or, with). This got into the specification because of your (Fedora maintainers) feedback! Fedora guidelines reference SPDX v2.3, so I don't think it is valid to use lowercase operators yet. https://docs.fedoraproject.org/en-US/legal/spdx/ Good point, but I think it is minor thing. I created PR to update the documentation https://gitlab.com/fedora/legal/fedora-legal-docs/-/merge_requests/309 Though the /latest/ still redirects to v2.3. But this should change soon. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #3 of all remaining packages
Dne 28. 08. 24 v 1:09 odp. Ian McInerney via devel napsal(a): Please exclude zulucrypt. I am in the process of doing the conversion during my update to the newest upstream version, but it is waiting on two things:https://gitlab.com/fedora/legal/fedora-license-data/-/issues/561,https://gitlab.com/fedora/legal/fedora-license-data/-/issues/512#note_2075509038. Ack. Excluded. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #3 of all remaining packages
Dne 28. 08. 24 v 12:38 odp. Miro Hrončok napsal(a): Please exclude pythran: https://src.fedoraproject.org/rpms/pythran/pull-request/31 Ack. Excluded. (But still included in the files below) Also, could you please send a plain list of packages you plan to change, so I can run it trough find-package-maintainers and see the list of packages that I co-maintain? (Or just share the output of find-package-maintainers yourself.) List of maintainers https://miroslav.suchy.cz/fedora/rest-of-callaway-batch3-maintainers.txt Just packages: https://miroslav.suchy.cz/fedora/rest-of-callaway-batch3.txt And the same for the batch #2 List of maintainers: https://miroslav.suchy.cz/fedora/rest-of-callaway-batch2-maintainers.txt Just packages https://miroslav.suchy.cz/fedora/rest-of-callaway-batch2.txt -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change - batch #3 of all remaining packages
Here is the third and last batch of changes for 972 packages (perl-JSON-Create to 0ad-data) https://miroslav.suchy.cz/fedora/rest-of-callaway-batch3.diff Shorten version without the context is here: https://miroslav.suchy.cz/fedora/rest-of-callaway-batch3-short-diff.txt I will appreciate a review. If there will be no issue I will commit and push this to dist-git in a week. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - first 500 packages of all remaining packages
Dne 21. 08. 24 v 10:58 dop. Miroslav Suchý napsal(a): I incorporated the feedback I got on my email about converting all remaining packages and here is full diff of first 500 packages (a-golang-github-cyberdelia-metrics-graphite): This is done. Note for maintainers - while LicenseRef-Callaway-* is a valid SPDX id, it is not recognized as Fedora valid license. I.e. it is not in fedora-license-data set and it will never be there. You still need to convert it to one of accepted identifiers. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #2 of all remaining packages
Dne 26. 08. 24 v 4:21 odp. Richard Fontana napsal(a): It seems you are incorrectly converting from "Redistributable, no modification permitted" to "LicenseRef-Callaway-Freely-redistributable-no-modification-permitted" instead of "LicenseRef-Callaway-Redistributable-no-modification-permitted". I think under the Callaway system a distinction was drawn between those two. Aha, I thought that this is intentional. Neverming. I updated my script. It now uses this mapping: LICENSES["Public Domain"] = "LicenseRef-Callaway-Public-Domain" LICENSES["Redistributable, no modification permitted"] = "LicenseRef-Callaway-Redistributable-no-modification-permitted" LICENSES["Freely redistributable without restrictions"] = "LicenseRef-Callaway-Freely-redistributable-without-restrictions" LICENSES["Freely redistributable, no modification permitted"] = "LicenseRef-Callaway-Freely-redistributable-no-modification-permitted" LICENSES["Copyright only"] = "LicenseRef-Callaway-Copyright-only" -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: rpminspect-data-fedora outdated?
Dne 26. 08. 24 v 8:50 odp. David Cantrell napsal(a): Probably. A lot of the data files are mapped from the dist tag. Any time a new dist tag is created, that is not automatically created in rpminspect-data-fedora. The owner of the data has to do that. That's been entirely manual on my part so far. You can likely utilize https://github.com/rpm-software-management/fedora-distro-aliases -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #2 of all remaining packages
Dne 25. 08. 24 v 5:26 odp. Fabio Valentini napsal(a): The parsec-tool conversion looks a bit strange. It's a Rust package, its License string should be trivially constructible from SPDX identifiers. It looks like it hasn't been updated in a while though, so it might predate the switch of defaults from old to new identifiers rust2rpm ... and manually altered. https://src.fedoraproject.org/rpms/parsec-tool/c/78b25c1858bbf00d4b8cf70e5c43c8cd6b46c336 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - batch #2 of all remaining packages
Dne 25. 08. 24 v 1:20 odp. Alexander Ploumistos napsal(a): Hello Miroslav, I have opened issue #430 about inchi's license https://gitlab.com/fedora/legal/fedora-license-data/-/issues/430 for the record , wasn't the tag going to be "LicenseRef-IUPAC-InChI-Trust"? Yes and no. Yes, the package "inchi" will end up with with LicenseRef-IUPAC-InChI-Trust license. But right now it is not on fedora-license-data because the wording of the exception is missing. So right now the license will be recognized as invalid. So my recomendation is to leave it to be mass converted to LicenseRef-Callaway-* and when the issue #430 is resolved convert it to LicenseRef-IUPAC-InChI-Trust. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change - batch #2 of all remaining packages
Here is the second batch of changes for 1000 packages (golang-github-danwakefield-fnmatch to perl-Image-Xbm) https://miroslav.suchy.cz/fedora/rest-of-callaway-batch2-normal-diff.txt Shorten version without the context is here: https://miroslav.suchy.cz/fedora/rest-of-callaway-batch2-small-diff.txt I will appreciate a review. If there will be no issue I will commit and push this to dist-git in a week. And then I will post another (larger) batch for a review. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change - first 500 packages of all remaining packages
I incorporated the feedback I got on my email about converting all remaining packages and here is full diff of first 500 packages (a-golang-github-cyberdelia-metrics-graphite): https://k00.fr/ywn3nz8h Shorten version without the context is here: https://k00.fr/x1aii7ub I will appreciate another round of review. If there will be no issue I will commit and push this to dist-git in a week. And then I will post another (larger) batch for a review. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Gold Rush Edition
Dne 18. 08. 24 v 6:50 dop. Richard Fontana napsal(a): As noted by Ben, in this case you can optionally simplify it to: Slightly side note for anyone wanting to play with expressions: There is a library `license-expression` that allows you to operate with boolean logic of SPDX expressions. And we have this packaged for Fedora https://src.fedoraproject.org/rpms/python-license-expression -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Gold Rush Edition
Dne 17. 08. 24 v 8:02 odp. Dridi Boukelmoune napsal(a): I ended up with the following license tag that I moved to SPDX as part of the incoming update: License: GPL-2.0-only AND MIT AND (GPL-2.0-only OR MIT) I feel like I could technically factor it to just "GPL-2.0-only AND MIT" because picking either license in the dual-licensed js script will effectively result in just that, but I kept the expanded license tag to reflect the presence of a dual-licensed piece of software (and because I saw nothing resembling this case in the guidelines). What is the preferred expression here? Are they both correct? https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis "you should not attempt to simplify or reduce the License tag" So full license expression is correct. I.e. GPL-2.0-only AND MIT AND (GPL-2.0-only OR MIT) in your case. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Gold Rush Edition
Hot news: * Almost all trivial conversion has been done. Only 208 "trivial" cases remains. I will not continue converting them to SPDX counterpart as there are various caveats hidden there. I will go over the remaining cases one by one. But it is likely that most of them will be converted to some form of LicenseRef-* * I sent email about my intention to convert all remaining 5k licenses to LicenseRef-Callaway-*. In upcoming days I will send a proper diff in smaller batches that can be easier for review. Two weeks ago we had: * 24248spec files in Fedora * 30924license tags in all spec files * 7016 tags have not been converted to SPDX yet * 1383 tags can be trivially converted using `license-fedora2spdx` * Progress: 77,31% ░░░███ 100% ELN subset: 60 out of 2345 packages are not converted yet (progress 97.44%) Today we have: * 24312spec files in Fedora * 30925license tags in all spec files * 5740 tags have not been converted to SPDX yet * 208 tags can be trivially converted using `license-fedora2spdx` * Progress: 81,31% ██ 100% ELN subset: 57 out of 2337 packages are not converted yet (progress 97.56%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 1 new licenses, 1 correction and several public domain dedications 8 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-02-02 (-31 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Gold Rush Edition? Because on today's date in 1896 prospectors discovered gold in Klondike river. This discovery started Gold Rush. It is estimated that around 100 000 people tried to reach Klondike. We can learn from the rush and stampede even nowadays. https://en.wikipedia.org/wiki/Klondike_Gold_Rush#Discovery_(1896) Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change of all remaining licenses
Dne 08. 08. 24 v 6:05 dop. Richard Fontana napsal(a): Looks like you are using `License-Callaway-` when it should be `LicenseRef-Callaway-`. Good catch. Fixing. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change of all remaining licenses
Dne 08. 08. 24 v 1:17 dop. Leigh Scott napsal(a): cjs should be treated the same as gjs, it's the same code with renamed files, the licences haven't been changed. Feel free to change it. You are the maintainer of the package you know it better. This is still the preferred way. We have 5k of packages that needs to be converted. If I alone go over them one by one, I will be doing that for next 10 years. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change of all remaining licenses
Dne 07. 08. 24 v 11:21 odp. Leigh Scott napsal(a):
gjs
-License:MIT and (MPLv1.1 or GPLv2+ or LGPLv2+)
+# modules/esm/_encoding/util.js and few
other things are MIT
+# modules/script/tweener/equations.js
is BSD-3-Clause
+License:MIT AND BSD-3-Clause
AND (MIT OR LGPL-2.0-or-later) AND (MPL-1.1 OR GPL-2.0-or-later OR
LGPL-2.1-or-later)
The conversion of gjs was manual. I submitted the PR in person in December 2023 and I did the license analysis of the
tarball.
I.e. in this case I did both license analysis and id conversion.
cjs
cjs
- MIT and (MPLv1.1 or GPLv2+ or LGPLv2+)
+ License-Callaway-MIT AND (License-Callaway-MPLv1.1 OR
GPL-2.0-or-later OR License-Callaway-LGPLv2+)
This is part of this batch to do mass conversion. In this batch, I do not check content of tarballs. I am proposing only
id conversion. Therefore that "License-Callaway" prefix.
With such conversion I add comment above the License tag:
# Automatically converted from old format: {old_license} - review is highly
recommended.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change of all remaining licenses
Dne 07. 08. 24 v 9:30 odp. Miroslav Suchý napsal(a): 3) I first thought that this: atril - GPLv2+ and LGPLv2+ and MIT + GPL-2.0-or-later AND License-Callaway-LGPLv2+ AND License-Callaway-MIT needs different handling, but then I realized it is likely what we want. It converts GPLv2+ to only possible form: GPL-2.0-or-later. LGPLv2+ has more options: ['LGPL-2.0-or-later', 'LGPL-2.1-or-later'], therefore the only way is to convert it to License-Callaway-LGPLv2+. Argh, wrong keys and I sent this email prematurely. I wanted to follow: It converts GPLv2+ to only possible form: GPL-2.0-or-later. LGPLv2+ has more options: ['LGPL-2.0-or-later', 'LGPL-2.1-or-later'], therefore the only way is to convert it to License-Callaway-LGPLv2+. But what to do with MIT. MIT is already in SPDX. But in Callaway form too. And because the whole formula contains old Callaway ids, we can assume the MIT is old Callaway "MIT". And that can be converted to: ['Adobe-Glyph', 'BSL-1.0', 'Boehm-GC', 'HP-1986', 'HPND-sell-variant' , 'HPND', 'ICU', 'MIT-CMU', 'MIT-Festival', 'MIT-Modern-Variant', 'MIT-enna', 'MIT-feh', 'MIT-open-group', 'MIT', 'NTP', 'SGI-B-2.0', 'SMLNJ', 'UnixCrypt', 'Xfig', 'libtiff', 'mpich2'] And we do not know what to use. So only safe option is to convert it to License-Callaway-MIT. If you spot any other issue in the diff, let me know. I am leaving for holiday tomorrow, I will try to address your feedback after a week. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change of all remaining licenses
All packages with licenses that has 1:1 counterpart in SPDX were converted. What is remaining are licenses that cannot be converted to SPDX automatically. E.g. BSD in Callaway can be converted to BSD-2-Clause or BSD-3-Clause (and several others). We have the agreement (and FESCO decision [1]) that all remaining packags will be converted to License-Callaway-$OLDID [2]. There is several "licenses" that are in between. For that Richard proposed to use this mapping: Public domain -> LicenseRef-Callaway-Public-Domain Freely redistributable without restrictions -> LicenseRef-Callaway-Freely-redistributable-without-restrictions Freely redistributable, no modification permitted -> LicenseRef-Callaway-Freely-redistributable-no-modification-permitted Copyright only -> LicenseRef-Callaway-Copyright-only I tried to put all these rules to python script and I got the following diff: https://k00.fr/wdzph06y It is big: 204kB and 8861 lines. The diff is not the tradional diff - because it would be much bigger. The file is in fomat: package - old license + new license I expect issues there, therefore I welcome review. So far I am aware of this: 1) the special mapping of the four "licenses" above is not correctly applied. 2) There are cases like: lumina-desktop - BSD + License-Callaway-BSD - Apache 2.0 + Not a valid license string in legacy syntax. Pass '--verbose' to get full parser error. This happen when package has first license in Callaway format (BSD) but other license is not in Callaway format (Apache 2.0). I will amend the script to not touch such cases. 3) I first thought that this: atril - GPLv2+ and LGPLv2+ and MIT + GPL-2.0-or-later AND License-Callaway-LGPLv2+ AND License-Callaway-MIT needs different handling, but then I realized it is likely what we want. It converts GPLv2+ to only possible form: GPL-2.0-or-later. LGPLv2+ has more options: ['LGPL-2.0-or-later', 'LGPL-2.1-or-later'], therefore the only way is to convert it to License-Callaway-LGPLv2+. [1] https://pagure.io/fesco/issue/3230 [2] Fesco used "LicenseRef--*" but we (owners of the Change) agreed on LicenseRef-Callaway-* -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - variety of licenses and compound formulas
Dne 31. 07. 24 v 8:51 odp. Miroslav Suchý napsal(a): Oh never mind, that is not what you're doing. Still, I am concerned about any mass replacement of Callaway "with exceptions", since that could refer to anything, or did you handle this on a package-by-package basis? Good point. I will remove all "with exceptions" from this conversion. Done. I skipped licenses including "with". And I identified one more problem where the tooling proposed: +License: Not a valid license string in legacy syntax. Pass '--verbose' to get full parser error. I skipped these cases too. This was last batch of "trivial" conversions. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change from "GPL+ or Artistic" to "GPL-1.0-or-later OR Artistic-1.0-Perl"
Dne 30. 07. 24 v 6:40 odp. Miroslav Suchý napsal(a): I am going to do the mass change of the licenses from "GPL+ or Artistic" to "GPL-1.0-or-later OR Artistic-1.0-Perl" The proposed diff is here https://k00.fr/1o80qex2 Done -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Review swap / python
Dne 31. 07. 24 v 11:50 odp. Michal Ambroz napsal(a): *# Bug 2246704 - Review Request: python-xlrd2 - Library to extract data from Microsoft Excel legacy spreadsheet files *(xls) https://bugzilla.redhat.com/show_bug.cgi?id=2246704 I take this. If you can do review of https://bugzilla.redhat.com/show_bug.cgi?id=2264719 I will be glad. It is not Python, but it is great opportunity to come out of comfort zone :) -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Niki Lauda Edition
Hot news: * Big batch of GPL families was mass converted. * Sent email about packages with problems (licenses neither in SPDX nor in Callaway format). * Still on todo list: convert Perl licenses (already announced) and Public Domain, UltraPermissive, and Firmware. Two weeks ago we had: * 24223spec files in Fedora * 30899license tags in all spec files * 10114 tags have not been converted to SPDX yet * 4325 tags can be trivially converted using `license-fedora2spdx` * Progress: 67,27% ░░ 100% ELN subset: 80 out of 2354 packages are not converted yet (progress 96.59%) Today we have: * 24248spec files in Fedora * 30924license tags in all spec files * 7016 tags have not been converted to SPDX yet * 1383 tags can be trivially converted using `license-fedora2spdx` * Progress: 77,31% ░░░███ 100% ELN subset: 60 out of 2345 packages are not converted yet (progress 97.44%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 4 new licenses. 7 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-03-05 (-133 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Niki Lauda edition? Because on today's date at 1976 Niki Lauda crashed on the Nurburgring. Two other cars crashed into Niki's car after he crashed guardrail. The fuel tank of his red Ferrari ruptured and his formula was engulfed in a fiery inferno. The Nurburing is a long track, at this point the organisers were missing. So Niki was pulled out by his rivals. Arturo Merzario, a former Ferrari driver who knew how Lauda's seatbelt worked, was the biggest contributor to Niki's rescue. He threw himself into the flames with complete disregard for his own life. Niki fought for his life in hospital for a week. His face was - as Germany's Bild wrote - "My God, where is his face? The world's fastest racing driver, Niki Lauda, no longer has a face. It's nothing but burnt flesh with eyes coming out of it." The priest gave Lauda the last rites and everyone thought he was going to die. So it was unbelievable that just 39 days after the accident, he jumped back into the formula at Monza. He finished the best of the Ferraris - fifth. He arrived at the finish with a hood of blood as his wounds opened and swelled. He went into the last race of the season in Japan with three points to his credit. But it was raining in Suzuka and Niki couldn't wipe the drops from his eyes by blinking as his burnt eyelids were still missing. He fell backwards in the race, not wanting to gamble. "Some things are more important than the championship," he said at the time. https://www.youtube.com/watch?v=f-zk48lN0D0 https://en.wikipedia.org/wiki/Niki_Lauda#1976_N%C3%BCrburgring_crash Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - variety of licenses and compound formulas
Dne 31. 07. 24 v 6:57 odp. Richard Fontana napsal(a): Oh never mind, that is not what you're doing. Still, I am concerned about any mass replacement of Callaway "with exceptions", since that could refer to anything, or did you handle this on a package-by-package basis? Good point. I will remove all "with exceptions" from this conversion. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 31. 07. 24 v 11:14 dop. Vít Ondruch napsal(a): warning: not valid neither as Callaway nor as SPDX, please check How to reproduce this warning? These lines https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt#_16 My script put it there whenever both: $ license-validate --old LICENSE $ license-validate LICENSE fail. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change - variety of licenses and compound formulas
Dne 31. 07. 24 v 11:16 dop. Vít Ondruch napsal(a):
I probably don't understand right the first one:
~~~
diff -Naur rpm-specs.orig/aces_container.spec rpm-specs/aces_container.spec
--- rpm-specs.orig/aces_container.spec 2024-07-18 04:00:12.0 +0200
+++ rpm-specs/aces_container.spec 2024-07-31 10:52:00.694637327 +0200
@@ -3,10 +3,11 @@
Name: aces_container
Version: 1.0.2
-Release: 17%{?dist}
+Release: 18%{?dist}
Summary: ACES Container Reference
-License: AMPAS BSD
+# Automatically converted from old format: AMPAS BSD - review is highly
recommended.
+License: AMPAS
URL: https://github.com/ampas/aces_container
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Patch0: Switch-to-CMAKE-default-variables.patch
@@ -73,6 +74,9 @@
~~~
How we could dare to drop the `BSD`?
Callaway string "AMPAS BSD" as whole converts to SPDX "AMPAS". See
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/AMPAS.toml?ref_type=heads#L17
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change - variety of licenses and compound formulas
Hi. This is a batch of remaining licenses that allows 1:1 conversion [*]. It includes leftovers from previous migrations, compound formulas and rarely used licenses. The proposed diff is here https://k00.fr/5i348p12 Affected packages: https://k00.fr/zszrcmgr Unless somebody stop me, I will do this change directly in dist-git after a week. [*] I still have in queue Firmware, Public Domain and UltraPermissive, but they will require special handling. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 30. 07. 24 v 11:54 odp. Kevin Fenzi napsal(a): mxml is ASL-2.0 with a linking exception for "GPLv2 or LGPLv2" (https://github.com/michaelrsweet/mxml/blob/master/NOTICE ) Should that be: apache-2.0 WITH GPL-Linking-Exception ? GPL-Linking-Exception does not exists. https://spdx.org/licenses/exceptions-index.html Closest by name is|GPL-3.0-linking-exception:| https://spdx.org/licenses/GPL-3.0-linking-exception.html But the text does not match [1]. It almost matchhttps://spdx.org/licenses/LLVM-exception.html. But it miss one paragraph. So the exception will need either a markup change or it will be new exception. Please open issuehttps://gitlab.com/fedora/legal/fedora-license-data So at the end it will be either "Apache-2.0 WITH LLVM-exception" or "Apache-2.0 WITH $BrandNewException". [1] Great tool for the matching finding is this addon for FF or Chrome https://github.com/spdx/spdx-license-diff?tab=readme-ov-file#installation -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 30. 07. 24 v 7:40 odp. Ben Beasley napsal(a):
Could you please take a look at rust-oxipng to see exactly what the tooling is
complaining about? Everything in the spec
file,https://src.fedoraproject.org/rpms/rust-oxipng/blob/rawhide/f/rust-oxipng.spec,
looks like a valid SPDX expression to me. Thanks!
Ouch. My tooling things that second license in the spec is: {shrink:
https://src.fedoraproject.org/rpms/rust-oxipng/blob/rawhide/f/rust-oxipng.spec#_33
I see it is already in SPDX. I put your package on ignore list.
Sorry for this false positive.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 30. 07. 24 v 7:23 odp. Richard Shaw napsal(a): Per upstream opencascade is "GNU Lesser General Public License (LGPL) version 2.1 with additional exception" https://dev.opencascade.org/resources/licensing Does that translate to "LGPL-2.1-only with additional exception"? No. It should be: LGPL-2.1-only WITH $foo WITH is SPDX operator. And $foo is one of the exception from this list https://spdx.org/licenses/exceptions-index.html I.e. the license must be precisely formulated. And has same matching guidelines as matchin license. And importantly: the whole string must be listed as allowed for Fedora. Check this example: https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/Apache-2.0_WITH_Swift-exception.toml?ref_type=heads Apache-2.0 WITH Swift-exception is allowed SPDX formula in Fedora. But Apache-2.0 WITH Bison-exception-2.2 is not allowed because no one reviewed for Fedora. perl-RPC-XML hobbes1069 jplesnik ppisar This one I have no idea what to do with: License: (Artistic 2.0 or Artistic or LGPLv2) and (Artistic 2.0 or LGPLv2) $ license-fedora2spdx --verbose '(Artistic 2.0 or Artistic or LGPLv2) and (Artistic 2.0 or LGPLv2)' Not a valid license string in legacy syntax. Pass '--verbose' to get full parser error. No terminal matches 'A' in the current parser context, at line 1 col 18 (Artistic 2.0 or Artistic or LGPLv2) and (Artistic 2.0 or ^ This is because Artistic (legacy version of Artistic-1.0-Perl) is NOT allowed. https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/ It is only allowed in combination with other license. Only approved combination are: GPL-1.0-or-later OR Artistic-1.0-Perl GPL-2.0-or-later OR Artistic-1.0-Perl See https://docs.fedoraproject.org/en-US/legal/license-field/#perl-rules If your case is different then please open issue against https://gitlab.com/fedora/legal/fedora-license-data -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change from "GPL+ or Artistic" to "GPL-1.0-or-later OR Artistic-1.0-Perl"
Hi. I am going to do the mass change of the licenses from "GPL+ or Artistic" to "GPL-1.0-or-later OR Artistic-1.0-Perl" The proposed diff is here https://k00.fr/1o80qex2 Affected packages: https://k00.fr/fsag6bev Unless somebody stop me, I will do this change directly in dist-git after a week. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 30. 07. 24 v 5:05 odp. Tulio Magno Quites Machado Filho napsal(a): Miroslav Suchý writes: libcxx nikic sergesanspaille spot tstellar tuliom I believe this project got listed by mistake. Its current license is: Apache-2.0 WITH LLVM-exception OR MIT OR NCSA Isn't this a valid SPDX expression? This one is correct, but https://src.fedoraproject.org/rpms/libcxx/blob/rawhide/f/libcxx.spec#_116 is not. The "BSD" is the problematic part. You should find which BSD it is. Usually BSD-2-Clause or BSD-3-Clause. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Packages with problematic license tag (for SPDX conversion)
Dne 30. 07. 24 v 4:40 odp. Miro Hrončok napsal(a): churchyard pypy pypy3.10 pypy3.9 IMHO this uses a valid Callaway expression. It has UCD in it, which is not part of fedora-license-data, but it was listed in the old wiki: There is https://fedoraproject.org/wiki/Licensing:UCD And it is listed in https://fedoraproject.org/w/index.php?title=Licensing:Main&oldid=651191#Good_Licenses --- https://gitlab.com/fedora/legal/fedora-license-data/-/issues/30 With last Richard comment from that issue I guess converting to Unicode-3.0 is the right step. Correct? I attempted to convert PyPy to SPDX license in https://src.fedoraproject.org/fork/churchyard/rpms/pypy3.9/commits/7.3.12-spdx But there was some negative feedback to my conversion: https://src.fedoraproject.org/rpms/pypy3.9/pull-request/38#comment-152929 Help is appreciated. PyPy has a lot of code taken here and there in it. The best start is to open issue against https://gitlab.com/fedora/legal/fedora-license-data/ and ask if it is significant change. (Usually) Richard check the license and recommends whether it should be submitted to SPDX as a new license or if we should ask to amend the markup of the definition of the license to allow the variance. You can see such example in https://gitlab.com/fedora/legal/fedora-license-data/-/issues/485 and https://github.com/spdx/license-list-XML/issues/2406 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Packages with problematic license tag (for SPDX conversion)
As the SPDX Change slowly finishes I focused on the license that I regularly report as: warning: not valid neither as Callaway nor as SPDX, please check These are license tags that are hard to automatically parse. It include texts like "GPLv1 AND/OR GPLv2", free form description of exceptions, licenses that were not listed in old Licensing wiki etc. And sometimes just a typo. If your package is listed below, I will be very glad if you check your License tag and convert it to SPDX formula. The general guidance for conversion is https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ But if you still need a guidance, then please let me know. Either here publicly or off-list. Maintainers by package: Mayavi chedi orion OpenSceneGraph smani R-IRanges spot R-lubridate qulogic ags rathann angelfish kkofler thunderbirdtr avogadro2-libs sagitter bacula slaanesh bsh didiksupriadi41 mizdebsk clamav gnat mstevens nb orion pwouters robert sergiomb steve clementine eclipseo collectl kzak sharkcz dcfldd rebus dumpasn1 fkooman fcitx5-mozc music yanqiyu fedora-remix-logos spot fedora-workstation-backgrounds duffy luya ryanlerch filebench hushan generic-release bruno mohanboddu spot ghc-control-monad-free mathstuf petersen ghc-http-client qulogic golang-github-apache-arrow mikelo2 golang-gopkg-yaml-1 mikelo2 gstreamer1-doc wtaymans guayadeque martinkg hibernate-jpa-2.0-api jjelen hydra rcallicotte rebus icecat kengert sagitter innotop echevemaster fale lbazan jam spot jbosscache-support orphan julia nalimilan julius spot kclock thunderbirdtr khealthcertificate ngompa thunderbirdtr kmag aleasto rdieter than konsole rdieter than kpublictransport ngompa thunderbirdtr kscreen rdieter libcxx nikic sergesanspaille spot tstellar tuliom libkomparediff2 jgrulich kkofler rdieter than libtimidity aekoroglu jwrdegoede sagitter libva-intel-hybrid-driver kwizart lmms thm lumina-desktop tieugene maatkit slankes man-pages-l10n ljavorsk mfabian nforro man2html orion patches sergiomb mingw-wxWidgets sailer mingw-wxWidgets3 sailer mxml kevin nikto huzaifas rebus ogre dtimms ignatenkobrain sergiomb opencascade hobbes1069 openjfx deamn openjfx8 deamn perl-CDDB_get jplesnik ppisar perl-Crypt-Blowfish ixs perl-Date-HolidayParser ppisar perl-Devel-Caller-IgnoreNamespaces eseyman perl-Lingua-Preferred eseyman xavierb perl-LockFile-Simple ixs perl-RPC-XML hobbes1069 jplesnik ppisar perl-Statistics-CaseResampling jplesnik ppisar perl-Test-Run jplesnik ppisar perl-Tie-Hash-MultiValue ppisar perl-Unicode-CheckUTF8 pghmcfc perl-XML-Tiny cicku eseyman perl-forks ppisar perl-qooxdoo-compat terjeros php-pear-PHP-CodeSniffer cdamian remi phpMyAdmin remi robert plasma-mobile farchord pokerth pwalter publican jfearn rlandmann pypy churchyard thrnciar pypy3.10 churchyard pypy3.9 churchyard thrnciar python-cclib sagitter python-pyface chedi ignatenkobrain orion python-traitsui chedi ignatenkobrain orion python-utmp jpopelka tuju python-wxpython4 swt2c qcad sagitter qmmp kvolny qt5-qtfeedback jgrulich rdieter rgbds blowry rubygem-rdoc vondruch rubygem-xmlparser schwicke rust-btrd dcavalca rust-dutree kalev rust-gmp-mpfr-sys dcavalca rust-ifcfg-devname jamacku rust-nettle decathorpe rust-nettle-sys decathorpe rust-oxipng music rust-rav1e decathorpe rust-rpick bowlofeggs rust-ybaas decathorpe rust-yubibomb decathorpe rust-zbase32 decathorpe scantailor xhorak scummvm chkr lucilanga simple-scan amigadave dodji ignatenkobrain slaanesh skf mtasaka stun huzaifas texlive jnovy spot than texlive-base spot than thc-ipv6 neil robert tkimg spot tlog jstephen nkondras uboot-tools ausil pbrobinson sharkcz vakzination farchord thunderbirdtr virtualbox-guest-additions jwrdegoede sergiomb w3m robert webkitgtk catanzaro wsdlpull denisarnaud wwl jskarvad wxGTK mystro256 swt2c wxsqlite3 martinkg xmedcon ankursinha yakuake rdieter Packages by maintainer: aekoroglu li
Re: RPM buildroot & "Recommends:"
Dne 30. 07. 24 v 12:46 odp. Petr Pisar napsal(a): Yes, weak dependencies are disabled in Koji. See install_weak_deps DNF option: I will add that Koji inherits this from Mock where it is disabled too. The reason is that we want to have reproducible builds (as possible). With this enable we can (theoreticaly) have some builds with or without this weak dependency and the resulting rpm can be different. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change GPLv3 to GPL-3.0-only
Dne 18. 06. 24 v 11:00 dop. Miroslav Suchý napsal(a): I am going to do the mass change of the license from GPLv3 to GPL-3.0-only Done. Diff is https://k00.fr/d8fma5zp -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 18. 06. 24 v 6:46 odp. Miroslav Suchý napsal(a): I am going to do the mass change of the license from GPLv2 to GPL-2.0-only Done. The diff is here https://k00.fr/c1vnf850 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change LGPLv3 to LGPL-3.0-only
Dne 18. 06. 24 v 10:41 dop. Miroslav Suchý napsal(a): Hi. I am going to do the mass change of the license from LGPLv3 to LGPL-3.0-only Done. The diff is here https://k00.fr/o7ej5fye -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change GPLv2+ to GPL-2.0-or-later
Dne 18. 06. 24 v 8:04 dop. Miroslav Suchý napsal(a): I am going to do the mass change of the license from GPLv2+ to GPL-2.0-or-later Done. The diff is here: https://k00.fr/bsjujpgb -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change GPLv3+ to GPL-3.0-or-later
Done. The diff is here https://k00.fr/64nesi4q I skipped aws per Bjorn request. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Schedule for Tuesday's FESCo Meeting (2024-07-23)
Dne 24. 07. 24 v 12:30 odp. Joe Orton napsal(a): Having a "majority rule" vote of e.g. packagers or provenpackagers on major technical decisions would be far superior, in my view. Apache communities have worked this way forever. You can always propose this as a change to our process. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change from Boost to BSL-1.0
Dne 19. 06. 24 v 8:01 dop. Miroslav Suchý napsal(a): Hi. I am going to do the mass change of the license from Boost to BSL-1.0 Done. The diff is here https://k00.fr/u4sq8h12 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change ASL 2.0 to Apache-2.0
Dne 18. 06. 24 v 6:42 dop. Miroslav Suchý napsal(a): I am going to do the mass change of the license from ASL 2.0 to Apache-2.0 Done. Following the Tuesday's FESCO decision I amended my script and added there comments. Here is the diff https://k00.fr/tkbg4k81 -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Incorrect code or Python regression?
Dne 21. 07. 24 v 11:21 dop. Paul Howarth napsal(a): python-paramiko failed to build in the mass rebuild and I'm wondering if there's incorrect code in paramiko (or its dependency cryptography), or whether it's a regression in the current Python beta. The failures are in the test suite and the failing tests all involve this error: cryptography.exceptions.UnsupportedAlgorithm: sha1 is not supported by this backend for RSA signing. Does it use OpenSSL? Because then it would be https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - House Sign Edition
Hot news: * FESCO agreed on decision about conversions. But there was a confusion about the wording, so the ticket is reopened https://pagure.io/fesco/issue/3230 * The confusion is just about "trivial" conversions. All others will be converted to LicenseRef-Callaway-$OLDID before Change Completation deadline (mid of August). * Richard reviewed all Nmap licenses. All of them were declined. Blocking new releases on Nmap in Fedora. Old version is allowed in Fedora under exception. https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=updated_desc&state=closed&search=nmap&first_page_size=100 * We (stakeholders of this Change) resumed our investigation on what tooling we should use to detect changes in new upstream releases. Two weeks ago we had: * 24117spec files in Fedora * 30788license tags in all spec files * 10271 tags have not been converted to SPDX yet * 4460 tags can be trivially converted using `license-fedora2spdx` * Progress: 66,64% ░░ 100% ELN subset: 84 out of 2354 packages are not converted yet (progress 96.43%) Today we have: * 24223spec files in Fedora * 30899license tags in all spec files * 10114 tags have not been converted to SPDX yet * 4325 tags can be trivially converted using `license-fedora2spdx` * Progress: 67,27% ░░ 100% ELN subset: 80 out of 2354 packages are not converted yet (progress 96.59%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 5 new licenses. 5 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-07-16 (+12 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Hause sign edition? Because on today's date at 1770 my hometown (Brno) introduced house numbering. BTW House numbering has various implementation over the word and it is big rabbit hole. [1]. I was wondering what was used before the house numbers? Outside of the cities plain names of families were used to identifies houses. But in big cities hause signs were used. So we have House of Two Suns, House of White Swan etc. Here are some pictures of house signs from Prague where they are still present in old city. http://www.notasthecrowsflies.com/2014/09/prague-house-signs-of-nerudova-street.html [1] https://en.wikipedia.org/wiki/House_numbering Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change AGPLv3 to AGPL-3.0-only
Dne 18. 07. 24 v 10:06 odp. Kevin Fenzi napsal(a): In any case, please don't do any more changes and we should revisit this Standing by. :) -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change AGPLv3 to AGPL-3.0-only
Dne 17. 07. 24 v 6:41 odp. Miro Hrončok napsal(a): > Done. Hi Mirek, I am a bit confused. I thought there was a clear nonconsensus about the *GPL conversion [1] which resulted to the FESCo ticket [2]. It is kinda surprising to see the "Done." comment here and in the LGPL thread as well. [1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Q5VAL3I26A4ACWCXWWFHTKV6OXO2GISZ/ [2] https://pagure.io/fesco/issue/3230 Ouch, now I am confused too. You are right that the final wording is: > !agreed FESCo is in favor of standardizing on the SPDX format and understands that not all licenses are ready for direct conversion. Those licenses that are unreviewed or otherwise not yet fully compliant should be converted to SPDX licenses of the format LicenseRef--* where * is the old Fedora identifier. (+8, 1, -0) which means that I should stop doing that 1:1 (aka trivial) conversion and convert *everything* to LicenseRef-Callaway-*. But I was on that meeting - and if you read the log: https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2024-07-16/fesco.2024-07-16-17.00.log.html There was: <@sgallagh:fedora.im> 17:52:01 Proposal: FESCo is in favor of standardizing on the SPDX format and understands that not all licenses are ready for this. Those that are not should be converted to SPDX licenses to a format `LicenseRef-legacy>-*` where "*" is the old format. ... <@msuchy:matrix.org> 17:52:24 Can I have a clear statement what to do with GPL* ? <@zbyszek:fedora.im> 17:54:04 The whole point is to convert everything. <@conan_kudo:matrix.org> 17:54:08 nirik: it'd be GPLv2 -> GPL-2.0-only, GPLv2+ -> GPL-2.0-or-later <@conan_kudo:matrix.org> 17:54:20 and so on <@zbyszek:fedora.im> 17:54:22 Otherwise, it's not syntactically valid. <@salimma:fedora.im> 17:54:26 sorry, I mixed up msuchy's question with Neal's original response <@nirik:matrix.scrye.com> 17:54:32 but then we have 0 way to tell what was converted? I guess we could look at commits <@conan_kudo:matrix.org> 17:54:56 after everything is said and done, audits still need to be done separately <@conan_kudo:matrix.org> 17:55:00 don't mistake conversions for audits <@salimma:fedora.im> 17:55:05 we might need a second vote to clarify what to do with ambiguous licenses <@salimma:fedora.im> 17:58:24 so Stephen's new proposal is quite clear that every legacy license we can't convert to SPDX would be marked as LicenseRef--* ... I think that addresses the ambiguity So I'd say that Neal statement in 17:54:08 put me in mistake that I should continue with 1:1 but it is not in the final decision/statement. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change AGPLv3 to AGPL-3.0-only
Dne 18. 06. 24 v 8:19 dop. Miroslav Suchý napsal(a): I am going to do the mass change of the license from AGPLv3 to AGPL-3.0-only Done. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change LGPLv3+ to LGPL-3.0-or-later
Dne 16. 06. 24 v 10:18 odp. Miroslav Suchý napsal(a): I am going to do the mass change of the license from LGPLv3+ to LGPL-3.0-or-later Done. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: The future Fedora Copr "rolling" chroot cleanup policy
Dne 16. 07. 24 v 3:34 dop. Kevin Kofler via devel napsal(a): The real issue still appears to be that "Disk storage is the commodity that incurs the highest cloud costs.", which means that cloud might not be the right technology to use here. Or at least the particular cloud implementation you are using (which last I checked was from Amazon). I understand that (also last I checked) the cloud infrastructure was donated to you for free. But that donation is not of much use if it does not include a workable amount of storage for something like Copr nor an offer to extend the storage at a reasonable price (which Amazon's list price is apparently not). Amazon provides the infrastructure for free. Including the storage. But. 1) complexity of maintanance is not for free. 2) If your friend is like honey, you don't have to eat him all at once. (/Arabic proverb/) -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: The future Fedora Copr "rolling" chroot cleanup policy
Dne 15. 07. 24 v 2:57 odp. Stephen Gallagher napsal(a):
Instead of always keeping "Rawhide" around as a separate buildroot,
why not just rename it at Branching and then create a NEW Rawhide
chroot?
1) Different workflow compared to the one we have in Fedora.
2) Create it with what? Empty content ("why you are forcing be to rebuild everything")? Copy everything (you end up in
the same situation)? Rebuild packages from previous rawhide (what if it fails to build? what if it succeed but no one
uses it anyway?).
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 41 Mass Rebuild Notification - Scheduled for 2024-07-17
Dne 15. 07. 24 v 3:38 odp. samyak.j...@gmail.com napsal(a): The content of this message was lost. It was probably cross-posted to multiple lists and previously handled on another list. This is not first time I see this. First I thought it is my setup. But it is in ML archives too. https://lists.fedoraproject.org/archives/list/devel-annou...@lists.fedoraproject.org/thread/X3SCXM6BNDJ2AZHVSQNVU2NWQNFZMND4/ https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/X3SCXM6BNDJ2AZHVSQNVU2NWQNFZMND4/ Is something somewhere broken? -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Alice Edition
Hot news: * Discussion about trivial conversion did not have consensus. I opened FESCO ticket https://pagure.io/fesco/issue/3230 * Scancode-toolkit is present in Fedora 40 too. If you want to play with it - here is the command line that gives *me* the best result: scancode --license --license-references -n6 --html /tmp/scan.html $DIR_WITH_UNPACKED_TARGZ * Package fedora-license-data now contains License Policy for scancode. The file is /usr/share/fedora-license-data/scancode-license-policy.yaml Or you can download it from https://gitlab.com/fedora/legal/fedora-license-data#artifact I still did not found out how to use it, so if you find it helpful I am eager to hear your success stories. * license-validate now accepts lowercase "and","or" according to SPDX v3. Two weeks ago we had: * 24113spec files in Fedora * 30804license tags in all spec files * 10348 tags have not been converted to SPDX yet * 4503 tags can be trivially converted using `license-fedora2spdx` * Progress: 66,41% ░░ 100% ELN subset: 101 out of 2397 packages are not converted yet (progress 95.79%) Today we have: * 24117spec files in Fedora * 30788license tags in all spec files * 10271 tags have not been converted to SPDX yet * 4460 tags can be trivially converted using `license-fedora2spdx` * Progress: 66,64% ░░ 100% ELN subset: 84 out of 2354 packages are not converted yet (progress 96.43%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt New version of fedora-license-data has been released. With: 5 new licenses. 6 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. New projection when we will be finished is 2025-07-04 (+17 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Alice edition? Because today's date has *two* relation to Alice in Wonderland: Lorina Charlotte Liddell, Alice Pleasance Liddell, Edith Mary Liddell. Three teenage girls, sisters. On 4th July 1862, Lewis Carroll travelled with them by boat on the River Thames from Oxford to Godstow. During the voyage, Alice asked Carroll to tell them a story - a fairy tale. And so Carroll put down roots for a phenomenal story, with a gesture of assent - beginning by telling the story of Alice, whose fall down the rabbit hole introduced bizarrely fantastic elements into her fairy tale life. Alice begged several times for Carroll to write the story for her to read whenever she wanted, until finally Carroll gave in to the child's wishes and actually produced the writing and gave it to Alice (he titled it: Alice's Adventures Under Ground). Then, at Christmas 1864, Alice received a gift from Carroll - a revised and expanded narrative, complete with illustrations. The following year - on 4th July 1865 - the file was then published with professional illustrations by John Tenniel. https://en.wikipedia.org/wiki/Alice%27s_Adventures_in_Wonderland#Background Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Automatic detection of unused BuildRequires
Dne 03. 07. 24 v 6:02 odp. Marián Konček napsal(a): As many of you know, as packages change, so do their BuildRequires. In the current state, maintaining them requires some manual work from the maintainer. 1. So I got around the idea of a simple tool that checks file accesses during the build and using RPM queries, detects whether some package's files are not accessed at all therefore the package is not needed for the build. To my knowledge there is no such project. The project is here: https://github.com/mkoncek/unbreq Great idea. I am not aware of anything similar. It may not be completely reliable, but it also may be good enough to catch simple mistakes. *nod* but it can be improved later :) It would be good if you do not enforce changes in spec file. This is big block for any testing/prototyping. I highly recommend to implement it as Mock plugins. Here are some pointers https://rpm-software-management.github.io/mock/#plugins https://github.com/rpm-software-management/mock/tree/main/mock/py/mockbuild/plugins You run the `resolve` at the end of %install but some BuildRequires are needed because of %check which is run after %install 3. In the case of maven, we have a manual tool: xmvn-builddep, which reads the build.log and constructs the actual BuildRequires from it, using knowledge about the build procedure. This could be used as an additional step of this tool, having similar tools for other languages. See https://rpm-software-management.github.io/rpm/manual/spec.html#generate_buildrequires-since-rpm--415 You can check https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ how Python uses this. Ultimately, I am interested in the possibility of having automated unused BuildRequires detection as part of rpmbuild / mockbuild. rpmbuild does not have any isolation and uses any other package installed on system beside these specified in BuildRequires. Mock on the other hand install only minimal systems + BuildRequires. So it is more suitable for this task and check. If you need some assistance or guidance with integration to Mock please contact me off-list and I will be happy to assist you. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Orphaned packages looking for new maintainers
Dne 02. 07. 24 v 9:45 odp. maxw...@gtmx.me napsal(a): python-orderedset orphan 2 weeks ago Note that we have python-ordered-set that is well maintained. Same interface. Different implementation. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 01. 07. 24 v 4:58 odp. Vít Ondruch napsal(a): If the decision was made to proceed with the `LicenseRef-` prefix, I assume you would keep sending us some statistics, how many old identifiers remains, right? My original plan was to close this with deadline for F41 Changes and focus on something else. E.g., to create tool that will give you a hint/warning when file with new license (dis)appear in the new tarball. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Unfortunatelly I do not see a clear consensus here. I think that exactly for such cases we have good instution: FESCO. I filed https://pagure.io/fesco/issue/3230 and I will follow FESCO decision. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a): Clearly, I must miss something. What do we gain by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate? We will get valid SPDX formula. And all tools generating SBOMs from RPMs can use it and it will produce valid SBOM document. If we keep the old value, it will not be valid SPDX formula and all tools build on top of that have to put if/else into their workflow. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a): Could you make the comment something like this? # Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only We (the Change owners) discussed this on a meeting today. And we agreed on output: # Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2 This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license. What do you think? -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: 2FA policy for provenpackagers is now active
Dne 24. 06. 24 v 9:48 dop. Mattia Verga via devel napsal(a): IMO, having the token stored in your password manager means going from 2FA to 1FA effectively ;-) if someone gets access to your password manager vault, all accounts will be compromised. Only if you use the same password manager for both: password and OTP. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: 2FA policy for provenpackagers is now active
Dne 23. 06. 24 v 11:50 dop. Leigh Scott napsal(a): it has made kerberos login much harder Can you elaborate? I use Kerberos login without a problem. I'm considering ditching provenpackager rights if that is a condition. Or you can help us to improve the user experience. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 21. 06. 24 v 11:55 dop. Zbigniew Jędrzejewski-Szmek napsal(a): +1 for continuing the (imperfect) convertion to SPDX. Note that current phase is the last one. Before "Change Checkpoint: 100% Code Complete Deadline" (that is 2024-08-20) I plan to file Bugzillas for all remaining non-converted packages and no longer track the progress on bi-weekly base. This is what was approved in the Change: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4#Detailed_Description -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX Statistics - Manchester Baby Edition
Hot news: I sent lots of announces about automatic migrations. Miro Hrončok raised a question. Feel free to join the discussion. Either here on legal ML. Scancode-toolkit (very powerfull license scanner) and all its dependencies passed all Package Reviews and is heading to rawhide. Thank you eclipseo for your work! I created very naive scanner - utilizing scancode-toolkit - that compares current Fedora tarball with new tarball and shows you new or removed licenses. You can run it as 'scan.sh PACKAGE NEW_TARBALL'. https://github.com/xsuchy/fedora-license-scan Two weeks ago we had: * 24102spec files in Fedora * 30778license tags in all spec files * 10461 tags have not been converted to SPDX yet * 4600 tags can be trivially converted using `license-fedora2spdx` * Progress: 66,01% ░░ 100% ELN subset: 88 out of 2347 packages are not converted yet (progress 96.25%) Today we have: * 24113spec files in Fedora * 30804license tags in all spec files * 10348 tags have not been converted to SPDX yet * 4503 tags can be trivially converted using `license-fedora2spdx` * Progress: 66,41% ░░ 100% ELN subset: 101 out of 2397 packages are not converted yet (progress 95.79%) Graph of these data with the burndown chart: https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing The list of packages needed to be converted is here: https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt List by package maintainers is here https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt List of packages from ELN subset that needs to be converted: https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt New version of fedora-license-data has been released. With: 1 new license . 3 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked Legal docs and especially https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ was updated too. License analysis of remaining packages: http://miroslav.suchy.cz/fedora/spdx-reports/ New projection when we will be finished is 2025-06-17 (+12 days from last report). Pure linear approximation. If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license tag matches SPDX formula, you can put your package on ignore list https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt Either pull-request or direct email to me is fine. Why Manchester Baby edition? Manchester Baby was design of Manchester Mark computer (do not confuse it with Harvard Mark with first bug [1])). Manchester Baby was designed as general computer with program run from random access memory. The first program run from memory was exeucted on 21. June 2024 https://en.wikipedia.org/wiki/Manchester_Baby [1] https://en.wikipedia.org/wiki/Harvard_Mark_II#Overview Miroslav -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [SPDX] Mass license change GPLv2 to GPL-2.0-only
Dne 19. 06. 24 v 5:58 odp. Miro Hrončok napsal(a): How do you know the License tag is not supposed to be e.g. "GPL-2.0-only AND MIT" or similar? Converting "GPLv2" (which could mean any number of "weaker" licenses are hidden under the "stronger" GPL in the old notation) to "GPL-2.0-only" (which means all the code is exactly GPL 2.0 only) cannot be done automatically. I don't know. But it seems like the best option. What are the options: 1) Wait for all the maintainers to do the conversion themselves. Based on the data I send every two weeks, we can do it in a year. But that target date is 20 days away every two weeks. 2) Do nothing at all. 3) Automatically convert where there's a good chance it's correct. In our group we made a list of what can be automatically converted. For RH folks this link https://docs.google.com/spreadsheets/d/1thDTCawJTewqMCgC1dDuKu4Hq9DCA57q0VDstFXTHvg/edit?usp=sharing for others this copy https://k00.fr/tnbu0zrs What I posted is what made sense to us. But there are licenses where it doesn't make sense to us. For example. wxWindows which will probably be rewritten to LGPL-2.0-or-later WITH WxWindows-exception-3.1 but the exception may be slightly different and needs to be checked. I would be very happy if the migration was done manually. Every time I did a manual analysis, I discovered some files under other licenses. But manually checking everything under the current state of the tools is not realistic. But there are a lot of people working in the background to have better tools. For example, I would like to publicly thank Robert-André Mauchin, who has spent a lot of time wrapping scancode=toolkit and its dependencies. This is an excellent tool for file analysis. We are just a small step away from completing all the reviews. When this is done, I'd like to create a tool to alert maintainers to new licenses that are used in a file but not in tarball. For me, migrating these particular licenses is not a perfectly executed step. But it is a step forward. And any imperfections can be fixed in the future. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change from Boost to BSL-1.0
Hi. I am going to do the mass change of the license from Boost to BSL-1.0 The proposed diff is here https://k00.fr/u4sq8h12 Affected packages: attract-mode avgtime boost-http-server cryptopp gtengine ldc libfixposix lunchbox mingw-boost mingw-polyclipping msgpack prusa-slicer R-AsioHeaders R-BH R-polyclip R-Rcpp siril SoapySDR soci Unless somebody stop me, I will do this change directly in dist-git after a week. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[SPDX] Mass license change GPLv2 to GPL-2.0-only
Hi. I am going to do the mass change of the license from GPLv2 to GPL-2.0-only The proposed diff is here https://k00.fr/c1vnf850 Affected packages: acpica-tools adanaxisgpl alevt aoetools apcupsd appliance-tools arachne-pnr artwiz-aleczapka-fonts aspell-fi aspell-la asterisk asunder authbind backupninja barrier bashmount bcache-tools bdsync beakerlib beteckna-fonts bibletime bibutils binclock bonnie++ bontmia bti budgie-screensaver bygfoot cbootimage cdrkit collectd colossus colrdx conmux cqrlog crrcsim crudini cuetools cutecw darkgarden-fonts darkstat denemo device-mapper-multipath devtodo dhtest dnf-plugin-flunk_dependent_remove dnsdist dogtail drbd dualscreen-mouse-utils duo_unix duply dvd+rw-tools eg ElectricFence elementary-xfce-icon-theme emerald-themes enca eureka eurephia examiner exim-doc e2fsprogs e3 fastnetmon fillets-ng-data flawfinder foxtrotgps fprobe-ulog frozen-bubble fruit fsarchiver fswebcam fwknop gbrainy gdcalc genders gentoo gigolo git-cinnabar gitweb-caching git-xcleaner gkrellm-sun glglobe gnome-shell-extension-caffeine gnome-video-effects gobi_loader golang-github-cryptix-wav golang-github-heistp-irtt grc greyhounds grive2 grsync guilt hd-idle hping3 hsetroot httptunnel check-create-certificate chntpw ibp icon-naming-utils incron ipv6calc ipv6gen irsim iverilog jd jmeters john js-jquery-prettyphoto kaccounts-providers kamera kanotf-fonts kdebase3 kdeedu-data kdepim kdepim3 kdevelop kdewebdev kdissert keychain kjots krename kshutdown ksshaskpass kstars ktechlab lagan lammps latencytop lcdproc libbtbb libhid libmawk libnetfilter_log libobjc2 libofa liboping libowfat libtnc libvirt-test-API LinLog linsmith linux-thermaltake-rgb livecd-tools llmnrd lockfile-progs logcheck lsdvd lterm lv2-vocoder-plugins Macaulay2 mailnag manedit mawk maxima md5deep mediawiki-wikicalendar medusa mellowplayer memtester mod_qos mtx mysql-mmm MySQL-zrm mytop nagios nagios-plugins-snmp-disk-proc neard nedit netplug netsniff-ng netsurf nettee nmbscan nrpe nxtrc ocfs2-tools odt2txt oflb-notcouriersans-fonts ohmybackup opencity openmsx openocd OpenStego openttd-opengfx openvpn osm-gps-map pacrunner pam_url pax-utils pdfsign pdns perl-Authen-Captcha perl-Fsdb perl-Net-ARP perl-Text-TabularDisplay pesign-test-app pidgin-otr plasma-mediacenter plotdrop poster pybugz python-dcrpm python-dicttoxml python-djvulibre python-doxypypy python-ethtool python-grabserial python-kismet-rest python-mysqlclient python-ptrace python-pygiftiio python-py2pack python-schedutils python-steps python-xmltramp qcomicbook qgit qiv qmc2 qterminal qtwaifu2x qt4-theme-quarticurve quota quotatool qxkb rakarrack rasdaemon rats raysession R-Cairo R-combinat rcssserver3d R-date R-dichromat R-doMC R-doParallel reaver recap redhat-lsb RemoteBox revelation R-fastmatch R-gdata R-gee R-gplots R-gtable R-gtools R-hexbin R-chron riemann-c-client R-itertools R-lmodel2 R-lmtest R-microbats R-mlbench R-packrat R-parsedate R-pbapply R-polynom R-rjson R-rsconnect R-RUnit R-scatterplot3d R-sessioninfo rss-glx R-sysfonts rtl-433 R-tmvnsim R-udunits2 R-vcd rvm R-websocket sakura scratch scsi-target-utils security-menus setconf shellinabox schismtracker sigul simspark spectacle spill spi-tools sqm-scripts srcpd sshpass sslh steghide synergy tagtool tcpreen teamgit teg termy-server tetrinetx timidity++ tipcutils tiptop tofrodos toga2 topgit transifex-client tuned-profiles-nfv-host-bin twirssi txt2tags ubertooth uhubctl ultimarc uncrustify uptimed usbauth usbauth-notifier usbmon vagrant-adbinfo vagrant-registration vagrant-sshfs valkyrie vile visualboyadvance-m vnstat wf wfuzz whsniff wireguard-tools xautolock xfce4-mailwatch-plugin xfce4-notifyd xfconf xournal xtrkcad xwax xwrits x11trace zabbix zd1211-firmware zsh-lovers Unless somebody stop me, I will do this change directly in dist-git after a week. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
