On 21. 06. 24 8:30, Miroslav Suchý wrote:
What I can do is to put a comment above the license:
# Automatically converted from old format: GPLv2
License: GPL-2.0-only
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
I would support such automatic conversion.
Thanks.
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
26. kesäkuuta 2024 2.20.19 GMT+03:00 "Miro Hrončok" mhroncok@redhat.com kirjoitti:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
At this point, I would just take GPL variants off the list of trivially convertible identifiers. If it takes a longish mailing list thread and a meeting, and the end result *still* contains a TODO comment asking for manual action, the conversion is not "trivial". Just file the Bugzillas and let maintainers eventually sort them out like the other tricky cases.
If we go the LicenseRef route there is no need to restrict to GPL only. You can just convert every identifier in every package that does not have "SPDX conversion done" tag yet. I think that approach was discussed and rejected when SPDX migration was initially discussed?
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
Richard
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
We are already making it clear that the expressions are legacy by... being legacy.
Clearly, I must miss something. What do we *gain* by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
I am not trying to fight this decision, I am genuinely confused: What it is that makes us hurry this. Why cannot we keep the gradual conversion?
On Wed, Jun 26, 2024, 11:48 Miro Hrončok mhroncok@redhat.com wrote:
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com
wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we
agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See
https://docs.fedoraproject.org/en-US/legal/update-existing-packages/
License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
We are already making it clear that the expressions are legacy by... being legacy.
Clearly, I must miss something. What do we *gain* by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
I am not trying to fight this decision, I am genuinely confused: What it is that makes us hurry this. Why cannot we keep the gradual conversion?
To make managers or scrum masters happy? I don't know either ...
Fabio
-- Miro Hrončok -- Phone: +420777974800 Fedora Matrix: mhroncok -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Wed, Jun 26, 2024 at 11:47:55AM +0200, Miro Hrončok wrote:
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
If you have tools which process SPDX expressions, with a full conversion of outstanding RPMs to LicenseRef, you would now be able to use these tools on Fedora specfiles (more) reliably.
Fedora could (should) also apply CI tests that enforce a valid SPDX expression, as there are almost certainly some accidental errors that have crept in (I know I've made some).
These are small, but still tangible benefits, over having the ill-defined mixture of SPDX and Callaway expressions live on for more years.
Fully replacing the LicenseRef-Callaway terms within the expressions would still remain highly desirable, ongoing work.
With regards, Daniel
On Wed, Jun 26, 2024 at 11:22:15AM +0100, Daniel P. Berrangé wrote:
On Wed, Jun 26, 2024 at 11:47:55AM +0200, Miro Hrončok wrote:
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
If you have tools which process SPDX expressions, with a full conversion of outstanding RPMs to LicenseRef, you would now be able to use these tools on Fedora specfiles (more) reliably.
Another advantage is that it makes it (painfully) obvious when the legacy license tag is used. Instead of a free-style comment in the spec file or having to dig through %changelog to see if it mentions SPDX, the information that the license needs reviewing/updating is available in machine-readable form from the License tag. You can even use repoquery to list all such cases.
Fedora could (should) also apply CI tests that enforce a valid SPDX expression, as there are almost certainly some accidental errors that have crept in (I know I've made some).
Yeah, I think we'll want to add a linter for this once the conversion is mostly complete. We can't really do that now.
These are small, but still tangible benefits, over having the ill-defined mixture of SPDX and Callaway expressions live on for more years.
Fully replacing the LicenseRef-Callaway terms within the expressions would still remain highly desirable, ongoing work.
Zbyszek
Unfortunatelly I do not see a clear consensus here. I think that exactly for such cases we have good instution: FESCO.
I filed https://pagure.io/fesco/issue/3230 and I will follow FESCO decision.
On Wed, 26 Jun 2024 at 05:48, Miro Hrončok mhroncok@redhat.com wrote:
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
We are already making it clear that the expressions are legacy by... being legacy.
Clearly, I must miss something. What do we *gain* by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
I am not trying to fight this decision, I am genuinely confused: What it is that makes us hurry this. Why cannot we keep the gradual conversion?
The following is just my take on this and probably not what Richard or Miroslav (and others) are not thinking
The biggest reason to get as many licenses into the same format is to help the growing number of Fedora Containers and Fedora Cloud users. Various organizations ranging from Universities to small businesses will be needing to add various 'auditing' tools for Software Bills of Materials in the coming years for various regulatory reasons. Most of this tooling is less than 'robust' and not easily fixed by the users of the software. Running into non-standard fields just means whatever software is rejected as not usable. Using something like `LicenseRef-Callaway-GPLv2` can cut out the user problems while making it clear to the project where work can be done in the future.
Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a):
Clearly, I must miss something. What do we gain by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
We will get valid SPDX formula. And all tools generating SBOMs from RPMs can use it and it will produce valid SBOM document.
If we keep the old value, it will not be valid SPDX formula and all tools build on top of that have to put if/else into their workflow.
On 26. 06. 24 14:17, Miroslav Suchý wrote:
Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a):
Clearly, I must miss something. What do we gain by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
We will get valid SPDX formula. And all tools generating SBOMs from RPMs can use it and it will produce valid SBOM document.
If we keep the old value, it will not be valid SPDX formula and all tools build on top of that have to put if/else into their workflow.
And what good is a valid SPDX formula if it contains custom identifiers?
If we converted all the Licenses of all our packages to LicenseRef-Fedora-Unknown, it would still be a valid formula, but clearly, we would not want that. Or would we?
On Wed, Jun 26, 2024 at 02:32:34PM +0200, Miro Hrončok wrote:
On 26. 06. 24 14:17, Miroslav Suchý wrote:
Dne 26. 06. 24 v 11:47 dop. Miro Hrončok napsal(a):
Clearly, I must miss something. What do we gain by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
We will get valid SPDX formula. And all tools generating SBOMs from RPMs can use it and it will produce valid SBOM document.
If we keep the old value, it will not be valid SPDX formula and all tools build on top of that have to put if/else into their workflow.
And what good is a valid SPDX formula if it contains custom identifiers?
This has already been answered multiple times now. Tools that process SPDX expressions can now handle Fedora RPMs without needing custom parsing code. This allows querying & reporting on licenses in Fedora packages.
The LicenseRef-Callaway-XXXX terms that are extracted are still providing useful information about the package license. Not as useful as it would be eventually, due to the historical license minimization, but still none the less useful. It is up to the users of the tools to decide how they interpret the data that is extracted.
If we converted all the Licenses of all our packages to LicenseRef-Fedora-Unknown, it would still be a valid formula, but clearly, we would not want that. Or would we?
That would be throwing away data that we've got today, so would be a step backwards.
With regards, Daniel
On Wed, Jun 26, 2024 at 6:17 AM Miroslav Suchý msuchy@redhat.com wrote:
We will get valid SPDX formula.
Some legacy license names contain spaces. Simply slapping "LicenseRef-Fedora-" on the front will only affect the first word of such multiword license names, resulting in an invalid SPDX formula. We would also have to convert those spaces to hyphens, right?
On Wed, Jun 26, 2024 at 10:24 AM Jerry James loganjerry@gmail.com wrote:
On Wed, Jun 26, 2024 at 6:17 AM Miroslav Suchý msuchy@redhat.com wrote:
We will get valid SPDX formula.
Some legacy license names contain spaces. Simply slapping "LicenseRef-Fedora-" on the front will only affect the first word of such multiword license names, resulting in an invalid SPDX formula. We would also have to convert those spaces to hyphens, right?
Correct, if I'm reading the SPDX license expression grammar correctly (https://spdx.github.io/spdx-spec/v3.0//annexes/SPDX-license-expressions/), spaces would have to be converted and the hyphen is probably the only sensible separator. So e.g. "BSD with advertising" becomes "LicenseRef-Callaway-BSD-with-advertising".
Richard
On 6/26/24 8:41 AM, Richard Fontana wrote:
On Wed, Jun 26, 2024 at 10:24 AM Jerry Jamesloganjerry@gmail.com wrote:
On Wed, Jun 26, 2024 at 6:17 AM Miroslav Suchýmsuchy@redhat.com wrote:
We will get valid SPDX formula.
Some legacy license names contain spaces. Simply slapping "LicenseRef-Fedora-" on the front will only affect the first word of such multiword license names, resulting in an invalid SPDX formula. We would also have to convert those spaces to hyphens, right?
Correct, if I'm reading the SPDX license expression grammar correctly (https://spdx.github.io/spdx-spec/v3.0//annexes/SPDX-license-expressions/), spaces would have to be converted and the hyphen is probably the only sensible separator. So e.g. "BSD with advertising" becomes "LicenseRef-Callaway-BSD-with-advertising".
correct re: spacing and your example
Dne 26. 06. 24 v 11:47 Miro Hrončok napsal(a):
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
My original proposal was to basically replace all remaining Callaway licenses by something what has become `LicenseRef-Callaway-` prefix. The main motivation is to make sure we properly distinguish between Callaway MIT and SPDX MIT definitions and similar cases. This IMHO should have been done from the start, prior we converted even single license.
Also, my intention was to avoid comments such:
~~~
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed
~~~
This kind of comments are always wrong IMHO.
But if Mirek was talking about modifying all remaining Callaway identifiers across the whole Fedora (which was not very clear), then I am fine with the proposal as it is (including comment ;) ).
Vít
We are already making it clear that the expressions are legacy by... being legacy.
Clearly, I must miss something. What do we *gain* by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
I am not trying to fight this decision, I am genuinely confused: What it is that makes us hurry this. Why cannot we keep the gradual conversion?
Dne 26. 06. 24 v 16:28 Vít Ondruch napsal(a):
Dne 26. 06. 24 v 11:47 Miro Hrončok napsal(a):
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
My original proposal was to basically replace all remaining Callaway licenses by something what has become `LicenseRef-Callaway-` prefix. The main motivation is to make sure we properly distinguish between Callaway MIT and SPDX MIT definitions and similar cases. This IMHO should have been done from the start, prior we converted even single license.
Also, my intention was to avoid comments such:
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed
This kind of comments are always wrong IMHO.
But if Mirek was talking about modifying all remaining Callaway identifiers across the whole Fedora (which was not very clear), then I am fine with the proposal as it is (including comment ;) ).
BTW I also don't see the immediate need to convert everything into SPDX. But I'll rather have `LicenseRef-Callaway-` prefixed license identifiers than having around comments such as the above or `SPDX` in changelog entries.
Vít
Vít
We are already making it clear that the expressions are legacy by... being legacy.
Clearly, I must miss something. What do we *gain* by causing all license tags to conform to the SPDX license expression standard despite actually just using the old tag with extra boilerplate?
I am not trying to fight this decision, I am genuinely confused: What it is that makes us hurry this. Why cannot we keep the gradual conversion?
* Miroslav Suchý:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
Could you add an HTML anchor with GPLv2 specific information? Otherwise it looks a bit silly to anyone who isn't familiar with the GPLv2 ambiguity, and will likely result in unchecked replacement with GPL-2.0-only in many cases.
Thanks, Florian
On 6/26/24 5:24 AM, Florian Weimer wrote:
- Miroslav Suchý:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # Seehttps://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
to clarify how a package maintainer might view this - my thinking is that seeing "LicenseRef-Callaway-GPLv2" would be a reminder that they need to generally check the actual license, and likely check whether this was intended to be GPL-2.0-only or GPL-2.0-or-later (assuming that GPLv2 was correct to begin with) Is that what you are thinking too, Miro?
Could you add an HTML anchor with GPLv2 specific information? Otherwise it looks a bit silly to anyone who isn't familiar with the GPLv2 ambiguity, and will likely result in unchecked replacement with GPL-2.0-only in many cases.
Thanks, Florian -- _______________________________________________ legal mailing list --legal@lists.fedoraproject.org To unsubscribe send an email tolegal-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it:https://pagure.io/fedora-infrastructure/new_issue