Hi Richard,
On Wed, 2024-01-17 at 23:23 -0500, Richard Fontana wrote:
I think there may be some confusion here. Red Hat originally
developed
RPMs as a packaging technology and from what I understand, from an
early period there was a data field in spec files for licensing
information (IIRC it was originally "Copyright:" rather than
"License:"). Many other packaging technologies attempt to document
licensing information. Some are worse than others.
So at some point RPM/Fedora adopted the %license directive.
Which basically meant that we would always include the full declared
license of the project. Do you happen to know why after this the
License field was (also) kept? Might it be time to fully switch to just
including the full %license text in each package instead of also adding
the license text? If I am reading the legal guidance correctly the
License field are not legally binding, just the license text in the
package source code is.
It's very legitimate to ask why we have License tags at all, but
few
people have asked that. We didn't invent the practice in 2022; it
existed in some form for decades (or at least as far back as the early
years of Fedora, offhand I don't know if it originates in the Red Hat
Linux era). In adopting SPDX license expressions, as I see it, the
justification was basically, "if we're going to continue this
long-established practice of having License tags, we might as well use
the least bad license representation system".
That is a fair point. If you want to preserve the usage of license
tags.
But in saying all this I realize I am continuing to conflate the two
main uses of SPDX license expressions (or at least SPDX license
identifier conventions) in Fedora. We don't just use SPDX identifiers
in License tags. Our original 2022 documentation was really confusing
about this, probably because *we* were initially confused about it,
and I've tried to make a lot of changes to clear this up. We more
fundamentally use SPDX identifiers as a classification system in
approving and disapproving particular licenses, some of which would
never normally be used in a License tag. When we say a given license
is allowed, or not allowed, we have to define more or less precisely
what we mean by that license, and SPDX (for all its many faults)
provides the best system I know of for doing that.
And I think this shows why using license tags as a form of indirection
to point to the "true" license causes so much confusion.
IMHO, a license notice should always be interpreted in context. A lot
of the discussions seem to not be about whether or not a legal notice
is approved or not, but about whether something is strictly speaking a
different license variant because it has some legally or not legally
significant notices around the license text. For which then a new
identifier has to be allocated.
But since we are already include the full text of the (declared)
license in the package, do we really also want to have that extra layer
of indirection as license tags?
Cheers,
Mark