On Wed, Jun 26, 2024 at 11:22:15AM +0100, Daniel P. Berrangé wrote:
On Wed, Jun 26, 2024 at 11:47:55AM +0200, Miro Hrončok wrote:
On 26. 06. 24 5:59, Richard Fontana wrote:
On Tue, Jun 25, 2024 at 7:20 PM Miro Hrončok mhroncok@redhat.com wrote:
On 25. 06. 24 22:50, Miroslav Suchý wrote:
Dne 25. 06. 24 v 1:09 odp. Miro Hrončok napsal(a):
Could you make the comment something like this?
# Automatically converted from old format: GPLv2 # TODO check if there are other licenses to be listed License: GPL-2.0-only
We (the Change owners) discussed this on a meeting today. And we agreed on output:
# Automatically converted from old format: GPLv2 # TODO convert to correct SPDX identifier # See https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ License: LicenseRef-Callaway-GPLv2
This is valid SPDX identifier. But not on the list of Fedora's allowed licenses, so any QA tool will remind you to check the license.
What do you think?
I don't understand what is the benefit of doing this at all. Sorry.
The benefit I see is that it immediately causes all license tags to conform to the SPDX license expression standard, while also making it very clear what parts of those license expressions are actually legacy elements that have to be examined and replaced. (This assumes we wouldn't use `LicenseRef-Callaway-` for any other purpose.)
What is the benefit of that outcome?
I understand the benefit of SPDX in general.
I don't understand the benefit of converting everything to custom LicenseRef identifiers.
If you have tools which process SPDX expressions, with a full conversion of outstanding RPMs to LicenseRef, you would now be able to use these tools on Fedora specfiles (more) reliably.
Another advantage is that it makes it (painfully) obvious when the legacy license tag is used. Instead of a free-style comment in the spec file or having to dig through %changelog to see if it mentions SPDX, the information that the license needs reviewing/updating is available in machine-readable form from the License tag. You can even use repoquery to list all such cases.
Fedora could (should) also apply CI tests that enforce a valid SPDX expression, as there are almost certainly some accidental errors that have crept in (I know I've made some).
Yeah, I think we'll want to add a linter for this once the conversion is mostly complete. We can't really do that now.
These are small, but still tangible benefits, over having the ill-defined mixture of SPDX and Callaway expressions live on for more years.
Fully replacing the LicenseRef-Callaway terms within the expressions would still remain highly desirable, ongoing work.
Zbyszek