On Mon, Aug 28, 2023 at 10:31 AM Vít Ondruch <vondruch(a)redhat.com> wrote:
Dne 24. 08. 23 v 20:52 Richard Fontana napsal(a):
> Some of the complaints that have surfaced since the migration from the
> Callaway system to SPDX seem to be, at root, an aesthetic distaste for
> complex license expressions in RPM license metadata. This may explain
> why some favor application of "effective license" analysis. I suspect
> there is also a sort of psychological desire to hide the underlying
> licensing complexity that characterizes many packages.
>
> I do think that the current approach can be criticized as being overly
> pedantic, and perhaps also internally contradictory (some of Florian's
> recent comments get at the various ways in which we are being
> contradictory). We have a still-undocumented rule that what I call
> "true public domain" should not be reflected in the License: field
The problem is that leaving out this "true public domain" tag makes
license review harder in a sense.
Let me explain. If I am reviewing license and find some file being "true
public domain", leaving it out might mean that it won't be recorded
anywhere that it was already identified as a "true public domain". Doing
the review next time, I (or somebody else) will need to find it the hard
way again.
I think that the current license field is unfortunately very limited in
expressing the source license. I wish if we were able to record the
license per file or even per file lines. But admittedly, this won't be
easier.
I guess we have been stretching the "License: " field beyond whatever
purpose it was originally supposed to have (probably never well
defined or thought out). It is not useful by itself for keeping track
of source-file-specific license review.
The REUSE specification (
https://reuse.software), which enforces a
per-source-file license identification discipline, might be a way to
facilitate that, but that is something that is generally adopted by
upstream projects, not by downstream packagers.
fedora-license-data and fedora-legal-docs themselves conform to REUSE,
largely relying on the use of a dep5 file (even though I think REUSE
disapproves of that approach) and using some custom-defined license
identifiers that I think REUSE might frown upon (but which do serve to
keep track of "true public domain" stuff). See:
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/.reuse/de...
https://gitlab.com/fedora/legal/fedora-legal-docs/-/blob/main/.reuse/dep5...
Richard