Nice. This certainly makes it easy to map from Fedora to SPDX IDs! SPDX license identifiers have emerged as a standard
Woo hoo! From: Spdx-legal@lists.spdx.org <Spdx-legal@lists.spdx.org> on behalf of Steve Winslow <swins...@gmail.com> Date: Saturday, July 30, 2022 at 12:06 PM To: J Lovejoy <opensou...@jilayne.com> Cc: SPDX-legal <Spdx-legal@lists.spdx.org>, s...@lists.spdx.org <s...@lists.spdx.org>, spdx-t...@lists.spdx.org <spdx-t...@lists.spdx.org>, spdx-outre...@lists.spdx.org <spdx-outre...@lists.spdx.org> Subject: Re: [spdx-tech] Important changes to software license information in Fedora packages (SPDX and more!) Jilayne, this is awesome news -- thanks for passing it along! Looking forward to us working with the Fedora community to support them adding SPDX license IDs across the distro. Steve On Fri, Jul 29, 2022 at 12:21 PM J Lovejoy <opensou...@jilayne.com<mailto:opensou...@jilayne.com>> wrote: Hot off the press! Link to blog post of this here: https://communityblog.fedoraproject.org/important-changes-to-software-license-information-in-fedora-packages-spdx-and-more/<https://urldefense.com/v3/__https:/communityblog.fedoraproject.org/important-changes-to-software-license-information-in-fedora-packages-spdx-and-more/__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5x2QUL23F$> Thanks for the support on this from SPDX-legal. There is more work to come, for sure, but being able to use SPDX license identifiers in a full distro is a great challenge for our project to meet! :) Jilayne -------- Forwarded Message -------- Subject: [Fedora-legal-list] Important changes to software license information in Fedora packages (SPDX and more!) Date: Fri, 29 Jul 2022 11:19:48 -0400 From: Matthew Miller <mat...@fedoraproject.org><mailto:mat...@fedoraproject.org> Reply-To: le...@lists.fedoraproject.org<mailto:le...@lists.fedoraproject.org> To: devel-annou...@lists.fedoraproject.org<mailto:devel-annou...@lists.fedoraproject.org> CC: packag...@lists.fedoraproject.org<mailto:packag...@lists.fedoraproject.org>, le...@lists.fedoraproject.org<mailto:le...@lists.fedoraproject.org>, de...@lists.fedoraproject.org<mailto:de...@lists.fedoraproject.org> On behalf of all of the folks working on Fedora licensing improvements, I have a few things to announce! New docs site for licensing and other legal topics -------------------------------------------------- All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at: https://docs.fedoraproject.org/en-US/legal/<https://urldefense.com/v3/__https:/docs.fedoraproject.org/en-US/legal/__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5xwUtvM0t$> Other legal documentation will follow. This follows the overall Fedora goal of moving active user and contributor documentation away from the wiki. Fedora license information in a structured format ------------------------------------------------- The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at: https://gitlab.com/fedora/legal/fedora-license-data<https://urldefense.com/v3/__https:/gitlab.com/fedora/legal/fedora-license-data__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5xx2kBDcp$> This data is then presented in easy tabular format in the documentation, at: https://docs.fedoraproject.org/en-US/legal/allowed-licenses/<https://urldefense.com/v3/__https:/docs.fedoraproject.org/en-US/legal/allowed-licenses/__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5x1BDSiBi$> New policy for the License field in packages — SPDX identifiers! ---------------------------------------------------------------- We’re changing the policy for the "License" field in package spec files to use SPDX license identifiers. Historically, Fedora has represented licenses using short abbreviations specific to Fedora. In the meantime, SPDX license identifiers have emerged as a standard, and other projects, vendors, and developers have started using them. Adopting SPDX license identifiers provides greater accuracy as to what license applies, and will make it easier for us to collaborate with other projects. Updated licensing policies and processes ---------------------------------------- Fedora licensing policies and processes have been updated to reflect the above changes. In some cases, this forced deeper thought as to how these things are decided and why, which led to various discussion on Fedora mailing lists. In other cases, it prompted better articulation of guidance that was implicitly understood but not necessarily explicitly stated. New guidance on “effective license” analysis -------------------------------------------- Many software packages consist of code with different free and open source licenses. Previous practice often involved “simplification” of the package license field when the packager believed that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way. When do these changes take effect? ---------------------------------- The resulting changes in practice will be applied to new packages and licenses going forward. It is not necessary to revise existing packages at this time, although we have provided some guidance for package maintainers who want to get started. We’re in the process of planning a path for updating existing packages at a larger scale — stay tuned for more on that! Thank you everyone! ------------------- A huge thanks to some key people who have worked tirelessly to make this happen: David Cantrell, Richard Fontana, Jilayne Lovejoy, Miroslav Suchý. Behind the scenes support was also provided by David Levine, Bryan Sutula, and Beatriz Couto. Thank you as well for the valuable feedback from Fedora community members in various Fedora forums. Please have a look at the updated information. If you have questions, please post them to the Fedora Legal mailing list: https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/<https://urldefense.com/v3/__https:/lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5xxQxjA5B$> -- Matthew Miller <mat...@fedoraproject.org><mailto:mat...@fedoraproject.org> Fedora Project Leader _______________________________________________ legal mailing list -- le...@lists.fedoraproject.org<mailto:le...@lists.fedoraproject.org> To unsubscribe send an email to legal-le...@lists.fedoraproject.org<mailto:legal-le...@lists.fedoraproject.org> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/<https://urldefense.com/v3/__https:/docs.fedoraproject.org/en-US/project/code-of-conduct/__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5xxuVAe3m$> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines<https://urldefense.com/v3/__https:/fedoraproject.org/wiki/Mailing_list_guidelines__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5x9EtHegS$> List Archives: https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org<https://urldefense.com/v3/__https:/lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5xxmoP6F_$> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure<https://urldefense.com/v3/__https:/pagure.io/fedora-infrastructure__;!!A4F2R9G_pg!a-7tSwIboRmFECxhEHcC7sozPTx8KUEAUAFlK1-hAPT3xp-KTtkIaZ1ZGzQ2ON2OM17zaekVHT3l5am5x42uWw4W$> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3197): https://lists.spdx.org/g/Spdx-legal/message/3197 Mute This Topic: https://lists.spdx.org/mt/92712540/21656 Group Owner: spdx-legal+ow...@lists.spdx.org Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
