On Wed, Jan 18, 2023 at 3:12 AM T.C. Hollingsworth
<tchollingsworth(a)gmail.com> wrote:
On Tue, Jan 3, 2023 at 11:02 AM Richard Fontana <rfontana(a)redhat.com> wrote:
> Any Fedora community member who has a concern about a license
> compatibility issue involving a specific Fedora package or proposed
> Fedora package is encouraged to raise it (probably most appropriately
> in a Bugzilla bug) and it will be looked at in a context-specific way.
> This context-specific analysis will consider not only architectural
> issues (of the sort referred to by Miroslav) but also the licensing,
> development and political history of the code at issue and general
> relevant FOSS community practices. If it will prove useful we will try
> to document some generalized conclusions in the Fedora license
> documentation.
Speaking of "political history", there is a lot of talk about the
unintentional incompatibility of (Apache-2.0 AND GPL-2.0) but nothing
about the allegedly intentional incompatibility of (CDDL-1.0 AND
GPL-*).
Would you really want to reconsider previously thoroughly litigated
matters such as cdrtools or OpenZFS each individually? These are 2
real-world cases that were probably considered on their own merits but
nevertheless ultimately banned by the documented incompatibility in
the license wiki. While I don't think anyone is seriously proposing
going back to the first one in the year 2022 AD, I can't help but
wonder if the author of the former might have been one motivation for
capturing this information in the first place LOL. And OpenZFS might
reasonably be proposed for inclusion in Fedora now that it is relaxing
its restrictions around third party modules such as Nvidia's driver
and at least one prominent distribution ships it.
These are the two cases I was thinking of (does anyone know any
others?). Not specific to Fedora, but my impression is that some fans
of or contributors to (Open)ZFS will stop at nothing to promote its
wider adoption so it wouldn't surprise me to see that one
"relitigated". Despite the general doubt I am casting on license
compatibility doctrine I actually think the copyleft/copyleft cases
have a clearer basis. Anyway, I am not concerned about past decided
issues being brought up again if the volume is sufficiently small. On
the license approval side I think we say in the documentation that
anyone can file an issue arguing that a license approval decision was
wrong, so it would be consistent with that policy.
I don't think we need a big old "will it blend?" list,
it's not
necessary to consider and document the GPL compatibility of each and
every license on the Fedora allowed list. But I do think there is
merit in a Not Allowed SPDX "AND" Expressions List that is scoped
similarly to the Not Allowed Fedora Licenses List, that is only to
combinations which exist in actual software that has been proposed for
or previously included in Fedora. If you feel that (Apache-2.0 AND
GPL-2.0) doesn't belong on it due to the different history of that
incompatibility that's fantastic, but I would love to hear your
counterexample for how anything with (CDDL-1.0 AND GPL-2.0) could ever
possibly be allowed. :-D
Both you and Benson have mentioned SPDX expressions in the context of
this topic but I don't think the replacement of Callaway license names
with SPDX identifiers changes anything here. I guess the thought may
be that the adoption of SPDX expressions would make it easier to check
for a license incompatibility programmatically because SPDX
expressions are more easily parseable than Callaway license tags. I
actually think that increases my concern about Fedora maintaining the
"does it blend" guidance.
The problem again is the context-dependent nature of the issue. SPDX
expressions are not designed to capture the kinds of different
contexts we're talking about here. "CDDL-1.0 AND GPL-2.0-only" could
refer to a source file, a Fedora package, an executable file, a whole
distribution ... any number of things.
I suppose you might be suggesting that the CDDL/GPL case is different
from the Apache/GPL case because most cases you're likely to encounter
are more likely to be problematic. But that seems equivalent to saying
that the most likely situation where CDDL/GPL comes up is with
OpenZFS.
Richard