Henry Spencer's license
by Petr Šabata
Dear legal,
While checking the contents of our `perl' package, I noticed the following:
(...)
/* NOTE: this is derived from Henry Spencer's regexp code, and should not
* confused with the original package (see point 3 below). Thanks, Henry!
*/
/* Additional note: this code is very heavily munged from Henry's version
* in places. In some spots I've traded clarity for efficiency, so don't
* blame Henry for some of the lack of readability.
*/
/* The names of the functions have been changed from regcomp and
* regexec to pregcomp and pregexec in order to avoid conflicts
* with the POSIX routines of the same names.
*/
(...)
* pregcomp and pregexec -- regsub and regerror are not used in perl
*
* Copyright (c) 1986 by University of Toronto.
* Written by Henry Spencer. Not derived from licensed software.
*
* Permission is granted to anyone to use this software for any
* purpose on any computer system, and to redistribute it freely,
* subject to the following restrictions:
*
* 1. The author is not responsible for the consequences of use of
* this software, no matter how awful, even if they arise
* from defects in it.
*
* 2. The origin of this software must not be misrepresented, either
* by explicit claim or by omission.
*
* 3. Altered versions must be plainly marked as such, and must not
* be misrepresented as being the original software.
*
**** Alterations to Henry's code are...
****
**** Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
**** 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
**** by Larry Wall and others
****
**** You may distribute under the terms of either the GNU General Public
**** License or the Artistic License, as specified in the README file.
(...)
You can see the whole file here:
https://metacpan.org/source/SHAY/perl-5.20.1/regexec.c
I looked but couldn't find any common name for this license
of Henry's. Is it on our list? Is it free? What name should
I use in the License tag?
Thank you,
Petr
2 weeks, 2 days
Guidelines for dealing with licensing issues in distributed packages
by Florian Weimer
What's the best way to raise licensing issues in already-added packages?
I think there are largely two cases:
* Fedora and its distributors comply with the licensing terms, but the
license is not obviously on Fedora's allowed list. An example would
be an obscure field-of-use restriction (as in the JSON license).
* Fedora and its distributors appear violating the license. An example
would be a package that ships a pre-built Linux kernel binary without
the required GPL notices, and without corresponding soruce code.
Do these two cases need to be treated differently? In the past, I may
have filed bugs in Bugzilla, but this might be construed as a bit rude.
I looked at <https://docs.fedoraproject.org/en-US/legal/> and couldn't
find any discussion of this topic. Sorry if I missed it.
Thanks,
Florian
2 months, 1 week
rust-regex-syntax package license change: added Unicode-DFS-2016 license
by Fabio Valentini
Hi all,
With the update to the regex-syntax crate package that I'm building
right now, the license will change from "MIT OR Apache-2.0" to "(MIT
OR Apache-2.0) AND Unicode-DFS-2016".
The project includes code that is derived from Unicode data files, and
it already shipped a license text for the Unicode-DFS-2016 license for
this reason - but the SPDX license string in upstream crate metadata
doesn't reflect this fact. It also appears that the inclusion of the
additional license file was made after the package was initially
reviewed for Fedora, and as a result, previous versions of this
package didn't include the Unicode license in its License tag.
I have also opened an upstream discussion about this, since I believe
that the upstream license specifier is wrong (i.e. missing " ... AND
Unicode-DFS-2016"), but upstream developers don't appear convinced
(even though similar changes were already made in equivalent cases for
other Rust projects):
https://github.com/rust-lang/regex/discussions/933
This change will probably have at least some "ripple effect" across
Rust packages in Fedora once they are rebuilt against this new
version, since basically everything depends on the "regex" crate
(which depends on regex-syntax), either directly, or indirectly.
I'm pretty sure that this package now has the the correct license tag
(i.e. project has two parts: first part is dual-licensed "MIT OR
Apache-2.0", second part is derived from Unicode data and is licensed
"Unicode-DFS-2016", so the license tag should reflect *both* parts),
but if I am wrong about this, please get my attention, so I can revert
this change in a timely manner.
Fabio
2 months, 2 weeks
What is this simple license called?
by Björn Persson
The manual for XMLada comes with this statement:
| Copyright (C) 2000-2002, Emmanuel Briot
|
| Copyright (C) 2003-2011, AdaCore
|
| This document may be copied, in whole or in part, in any form or by
| any means, as is or with alterations, provided that (1) alterations
| are clearly marked as alterations and (2) this copyright notice is
| included unmodified in any copy.
That's all of it. The upstream source is here:
https://github.com/AdaCore/xmlada/blob/master/docs/index.rst
What shall we call this license in SPDX notation?
Björn Persson
3 months, 1 week
Re: What license should be used for package that contains "Redistributable, no modification permitted" binaries?
by Miro Hrončok
On 02. 12. 22 8:23, Sun, Yunying wrote:
> Hi,
>
> I'm packaging linux-sgx SDK for Fedora, with review request ticket:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2085444
> <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2085444>
>
> linux-sgx has some Intel signed binaries included such as
> libsgx_{qve,tdqe,id_enclave,pce,qe3,le,qe,pve}.signed.so, as stated in License.txt:
>
> https://github.com/intel/linux-sgx/blob/master/License.txt
> <https://github.com/intel/linux-sgx/blob/master/License.txt>
>
> According to
> https://fedoraproject.org/wiki/Licensing:SoftwareTypes#Binary_Firmware
> <https://fedoraproject.org/wiki/Licensing:SoftwareTypes#Binary_Firmware>, it has:
>
> /The License tag for any firmware that disallows modification must be set to:
> "Redistributable, no modification permitted"/
>
> So I added "Redistributable, no modification permitted" to the “License:” in
> spec file:
>
> https://yunyings.fedorapeople.org/sgxsdk.spec
> <https://yunyings.fedorapeople.org/sgxsdk.spec>
>
> In recent review comment, Miro suggested that this "Redistributable, no
> modification permitted" is not appropriate for license name.
>
> But going through all licenses on
> https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
> <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>, I can’t find
> the right license for these Intel signed binaries.
>
> Could you point me to the right license, or if none exists for this case, guide
> me how to proceed? Thank you.
I think that each such license now needs to be reviewed separately. See
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1#I_maintain_a...
Legal folks, note that this is not a firmware per se, but FESCo approved to
treat it as such, pending legal review, in https://pagure.io/fesco/issue/2153
"""
FESCo permits the use of pre-signed Intel SGX components under the firmware
clause of the Licensing Guidelines, provided that Fedora Legal concurs.
"""
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
3 months, 2 weeks