[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Richard Fontana]

On Fri, Jan 13, 2023 at 9:29 PM Jilayne Lovejoy  wrote:

> On 1/3/23 12:39 PM, Richard Fontana wrote:

> > Separately, but related to Florian's question, I think we should make
> > clear in documentation (if we don't already) that fedora-license-data
> > is not intended to deal with questions about license compliance,
> > except to the extent that impossibility or impracticality of
> > compliance with a license may be a reason for concluding that it is
> > not allowed.
>
> not sure where to put that or what exactly to say... did you have an idea?
> as a threshold question, should that note go in the license-data repo
> itself or the Fedora-legal documentation?

I think it should go in the legal documentation. The issue is really
the nonsuitability of the fedora-license-data issue tracker for
handling compliance questions.
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Jilayne Lovejoy]

On 1/3/23 12:39 PM, Richard Fontana wrote:

On Tue, Jan 3, 2023 at 3:04 PM Jilayne Lovejoy  wrote:



On 1/2/23 10:57 AM, Richard Fontana wrote:

On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer  wrote:

* Jilayne Lovejoy:


On 12/19/22 3:10 PM, Miroslav Suchý wrote:

Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):

* Fedora and its distributors comply with the licensing terms, but the
 license is not obviously on Fedora's allowed list.  An example would
 be an obscure field-of-use restriction (as in the JSON license).

Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/

And the license may be added to not-allowed list. See
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20

And in that issue you can discuss what to do with the package if it
already in Fedora Linux.

the process for license review is outlined at this particular link:
https://docs.fedoraproject.org/en-US/legal/license-review-process/

:)

Thanks.  I'll keep filing fedora-license-data issues until told
otherwise.

I think we can make that documentation a little clearer that the
license review process can be initiated by any interested Fedora
contributor (not just actual/intended package maintainers), for
existing as well as proposed new Fedora packages. What we don't want
is for it to be used for substantially non-Fedora-related purposes
(e.g. a license for which review is sought should demonstrably exist
in an existing Fedora package or a project that (but for any license
issues) seems likely to be included in Fedora).

Richard


I just had a re-read and it doesn't say anything specific to "package
maintainers" but I think uses "Fedora contributors" initially, which
should cover your point.  I think it's clear it should be for a package
included in Fedora, but we don't have an explicit statement to NOT use
it for non-Fedora related purposes - do you think we should add that?

I did fix a bit of formatting just now, though :)

Also re-reading - I guess the only thing that's unclear is the initial text:

"This page describes how to request the review of *a new license for
inclusion in Fedora Linux* and other related processes.

[...]

"Request review of a new license" [...]

While the following text makes things clear, I think there is
something confusing about the phrase "new license" -- someone might
assume that doesn't cover "licenses Fedora has arguably been
distributing code/content under for 20 years", for example.


I've simply removed the word "new" :)
https://gitlab.com/fedora/legal/fedora-legal-docs/-/merge_requests/152


Separately, but related to Florian's question, I think we should make
clear in documentation (if we don't already) that fedora-license-data
is not intended to deal with questions about license compliance,
except to the extent that impossibility or impracticality of
compliance with a license may be a reason for concluding that it is
not allowed.


not sure where to put that or what exactly to say... did you have an idea?
as a threshold question, should that note go in the license-data repo 
itself or the Fedora-legal documentation?


Jilayne

Richard


___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Richard Fontana]

On Tue, Jan 3, 2023 at 3:04 PM Jilayne Lovejoy  wrote:
>
>
>
> On 1/2/23 10:57 AM, Richard Fontana wrote:
> > On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer  wrote:
> >> * Jilayne Lovejoy:
> >>
> >>> On 12/19/22 3:10 PM, Miroslav Suchý wrote:
>  Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
> > * Fedora and its distributors comply with the licensing terms, but the
> > license is not obviously on Fedora's allowed list.  An example would
> > be an obscure field-of-use restriction (as in the JSON license).
>  Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
> 
>  And the license may be added to not-allowed list. See
>  https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20
> 
>  And in that issue you can discuss what to do with the package if it
>  already in Fedora Linux.
> >>> the process for license review is outlined at this particular link:
> >>> https://docs.fedoraproject.org/en-US/legal/license-review-process/
> >>>
> >>> :)
> >> Thanks.  I'll keep filing fedora-license-data issues until told
> >> otherwise.
> > I think we can make that documentation a little clearer that the
> > license review process can be initiated by any interested Fedora
> > contributor (not just actual/intended package maintainers), for
> > existing as well as proposed new Fedora packages. What we don't want
> > is for it to be used for substantially non-Fedora-related purposes
> > (e.g. a license for which review is sought should demonstrably exist
> > in an existing Fedora package or a project that (but for any license
> > issues) seems likely to be included in Fedora).
> >
> > Richard
> >
> I just had a re-read and it doesn't say anything specific to "package
> maintainers" but I think uses "Fedora contributors" initially, which
> should cover your point.  I think it's clear it should be for a package
> included in Fedora, but we don't have an explicit statement to NOT use
> it for non-Fedora related purposes - do you think we should add that?
>
> I did fix a bit of formatting just now, though :)

Also re-reading - I guess the only thing that's unclear is the initial text:

"This page describes how to request the review of *a new license for
inclusion in Fedora Linux* and other related processes.

[...]

"Request review of a new license" [...]

While the following text makes things clear, I think there is
something confusing about the phrase "new license" -- someone might
assume that doesn't cover "licenses Fedora has arguably been
distributing code/content under for 20 years", for example.

Separately, but related to Florian's question, I think we should make
clear in documentation (if we don't already) that fedora-license-data
is not intended to deal with questions about license compliance,
except to the extent that impossibility or impracticality of
compliance with a license may be a reason for concluding that it is
not allowed.

Richard
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Jilayne Lovejoy]

On 1/2/23 10:57 AM, Richard Fontana wrote:

On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer  wrote:

* Jilayne Lovejoy:


On 12/19/22 3:10 PM, Miroslav Suchý wrote:

Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):

* Fedora and its distributors comply with the licensing terms, but the
license is not obviously on Fedora's allowed list.  An example would
be an obscure field-of-use restriction (as in the JSON license).

Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/

And the license may be added to not-allowed list. See
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20

And in that issue you can discuss what to do with the package if it
already in Fedora Linux.

the process for license review is outlined at this particular link:
https://docs.fedoraproject.org/en-US/legal/license-review-process/

:)

Thanks.  I'll keep filing fedora-license-data issues until told
otherwise.

I think we can make that documentation a little clearer that the
license review process can be initiated by any interested Fedora
contributor (not just actual/intended package maintainers), for
existing as well as proposed new Fedora packages. What we don't want
is for it to be used for substantially non-Fedora-related purposes
(e.g. a license for which review is sought should demonstrably exist
in an existing Fedora package or a project that (but for any license
issues) seems likely to be included in Fedora).

Richard

I just had a re-read and it doesn't say anything specific to "package 
maintainers" but I think uses "Fedora contributors" initially, which 
should cover your point.  I think it's clear it should be for a package 
included in Fedora, but we don't have an explicit statement to NOT use 
it for non-Fedora related purposes - do you think we should add that?


I did fix a bit of formatting just now, though :)

J.
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Richard Fontana]

On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer  wrote:
>
> * Jilayne Lovejoy:
>
> > On 12/19/22 3:10 PM, Miroslav Suchý wrote:
> >> Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
> >>> * Fedora and its distributors comply with the licensing terms, but the
> >>>license is not obviously on Fedora's allowed list.  An example would
> >>>be an obscure field-of-use restriction (as in the JSON license).
> >>
> >> Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
> >>
> >> And the license may be added to not-allowed list. See
> >> https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20
> >>
> >> And in that issue you can discuss what to do with the package if it
> >> already in Fedora Linux.
> > the process for license review is outlined at this particular link:
> > https://docs.fedoraproject.org/en-US/legal/license-review-process/
> >
> > :)
>
> Thanks.  I'll keep filing fedora-license-data issues until told
> otherwise.

I think we can make that documentation a little clearer that the
license review process can be initiated by any interested Fedora
contributor (not just actual/intended package maintainers), for
existing as well as proposed new Fedora packages. What we don't want
is for it to be used for substantially non-Fedora-related purposes
(e.g. a license for which review is sought should demonstrably exist
in an existing Fedora package or a project that (but for any license
issues) seems likely to be included in Fedora).

Richard
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Florian Weimer]

* Jilayne Lovejoy:

> On 12/19/22 3:10 PM, Miroslav Suchý wrote:
>> Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
>>> * Fedora and its distributors comply with the licensing terms, but the
>>>    license is not obviously on Fedora's allowed list.  An example would
>>>    be an obscure field-of-use restriction (as in the JSON license).
>>
>> Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
>>
>> And the license may be added to not-allowed list. See
>> https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20
>>
>> And in that issue you can discuss what to do with the package if it
>> already in Fedora Linux.
> the process for license review is outlined at this particular link:
> https://docs.fedoraproject.org/en-US/legal/license-review-process/
>
> :)

Thanks.  I'll keep filing fedora-license-data issues until told
otherwise.

Florian
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Jilayne Lovejoy]

On 12/19/22 3:10 PM, Miroslav Suchý wrote:

Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):

* Fedora and its distributors comply with the licensing terms, but the
   license is not obviously on Fedora's allowed list.  An example would
   be an obscure field-of-use restriction (as in the JSON license).


Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/

And the license may be added to not-allowed list. See 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20


And in that issue you can discuss what to do with the package if it 
already in Fedora Linux.
the process for license review is outlined at this particular link: 
https://docs.fedoraproject.org/en-US/legal/license-review-process/


:)


Miroslav
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Neal Gompa]

On Mon, Dec 19, 2022 at 6:18 AM Florian Weimer  wrote:
>
> What's the best way to raise licensing issues in already-added packages?
> I think there are largely two cases:
>
> * Fedora and its distributors comply with the licensing terms, but the
>   license is not obviously on Fedora's allowed list.  An example would
>   be an obscure field-of-use restriction (as in the JSON license).
>

This requires a BZ set to block FE-Legal *and* an issue filed at
https://gitlab.com/fedora/legal/fedora-license-data/.

When doing so, please link the BZ and the GitLab issue together.

> * Fedora and its distributors appear violating the license.  An example
>   would be a package that ships a pre-built Linux kernel binary without
>   the required GPL notices, and without corresponding soruce code.
>

The correct way to handle this is file a bug on RHBZ and block FE-Legal.

> Do these two cases need to be treated differently?  In the past, I may
> have filed bugs in Bugzilla, but this might be construed as a bit rude.
>

The two cases are handled differently, as I outlined above.

> I looked at  and couldn't
> find any discussion of this topic.  Sorry if I missed it.
>

No worries!


-- 
真実はいつも一つ！/ Always, there's only one truth!
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Miroslav Suchý]

Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):

* Fedora and its distributors comply with the licensing terms, but the
   license is not obviously on Fedora's allowed list.  An example would
   be an obscure field-of-use restriction (as in the JSON license).


Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/

And the license may be added to not-allowed list. See 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_date=all_name%5B%5D=license%3A%3Anot%20allowed_page_size=20


And in that issue you can discuss what to do with the package if it already in 
Fedora Linux.

Miroslav
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Fedora-legal-list] Re: Guidelines for dealing with licensing issues in distributed packages

[Maxwell G]

On Mon Dec 19, 2022 at 12:18 +0100, Florian Weimer wrote:
> * Fedora and its distributors appear violating the license.  An example
>   would be a package that ships a pre-built Linux kernel binary without
>   the required GPL notices, and without corresponding soruce code.

This is also a violation of the Packaging Guidelines which makes who to
report it to even murkier.

--
Maxwell G (@gotmax23)
Pronouns: He/Him/His
___
legal mailing list -- legal@lists.fedoraproject.org
To unsubscribe send an email to legal-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue