On behalf of all of the folks working on Fedora licensing improvements, I have a few things to announce!
New docs site for licensing and other legal topics --------------------------------------------------
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
https://docs.fedoraproject.org/en-US/legal/
Other legal documentation will follow. This follows the overall Fedora goal of moving active user and contributor documentation away from the wiki.
Fedora license information in a structured format -------------------------------------------------
The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at:
https://gitlab.com/fedora/legal/fedora-license-data
This data is then presented in easy tabular format in the documentation, at:
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
New policy for the License field in packages — SPDX identifiers! ----------------------------------------------------------------
We’re changing the policy for the "License" field in package spec files to use SPDX license identifiers. Historically, Fedora has represented licenses using short abbreviations specific to Fedora. In the meantime, SPDX license identifiers have emerged as a standard, and other projects, vendors, and developers have started using them. Adopting SPDX license identifiers provides greater accuracy as to what license applies, and will make it easier for us to collaborate with other projects.
Updated licensing policies and processes ----------------------------------------
Fedora licensing policies and processes have been updated to reflect the above changes. In some cases, this forced deeper thought as to how these things are decided and why, which led to various discussion on Fedora mailing lists. In other cases, it prompted better articulation of guidance that was implicitly understood but not necessarily explicitly stated.
New guidance on “effective license” analysis --------------------------------------------
Many software packages consist of code with different free and open source licenses. Previous practice often involved “simplification” of the package license field when the packager believed that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way.
When do these changes take effect? ----------------------------------
The resulting changes in practice will be applied to new packages and licenses going forward. It is not necessary to revise existing packages at this time, although we have provided some guidance for package maintainers who want to get started. We’re in the process of planning a path for updating existing packages at a larger scale — stay tuned for more on that!
Thank you everyone! -------------------
A huge thanks to some key people who have worked tirelessly to make this happen: David Cantrell, Richard Fontana, Jilayne Lovejoy, Miroslav Suchý. Behind the scenes support was also provided by David Levine, Bryan Sutula, and Beatriz Couto. Thank you as well for the valuable feedback from Fedora community members in various Fedora forums.
Please have a look at the updated information. If you have questions, please post them to the Fedora Legal mailing list:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/
Thanks Matthew!
I feel like Richard, Tom Callaway, and I started the conversation about Fedora using SPDX license identifiers many years ago (a decade?) when SPDX was a mere babe and the Fedora short names were already well-known. It was always obvious for those of us in the periphery of the Fedora community (and outside of Red Hat) that the work that Fedora-legal did, led by Tom, was very important and influential. Doing all the work for these updates has only re-emphasized this. And isn't that what open source collaboration is about - standing on the shoulders of giants and building upon what others have done.
So, a HUGE thanks to Tom "spot" Callaway for the foundation you created over the many years prior to this - an incredible contribution to Fedora and beyond.
Cheers, Jilayne
On 7/29/22 9:19 AM, Matthew Miller wrote:
On behalf of all of the folks working on Fedora licensing improvements, I have a few things to announce!
New docs site for licensing and other legal topics
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
https://docs.fedoraproject.org/en-US/legal/
Other legal documentation will follow. This follows the overall Fedora goal of moving active user and contributor documentation away from the wiki.
Fedora license information in a structured format
The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at:
https://gitlab.com/fedora/legal/fedora-license-data
This data is then presented in easy tabular format in the documentation, at:
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
New policy for the License field in packages — SPDX identifiers!
We’re changing the policy for the "License" field in package spec files to use SPDX license identifiers. Historically, Fedora has represented licenses using short abbreviations specific to Fedora. In the meantime, SPDX license identifiers have emerged as a standard, and other projects, vendors, and developers have started using them. Adopting SPDX license identifiers provides greater accuracy as to what license applies, and will make it easier for us to collaborate with other projects.
Updated licensing policies and processes
Fedora licensing policies and processes have been updated to reflect the above changes. In some cases, this forced deeper thought as to how these things are decided and why, which led to various discussion on Fedora mailing lists. In other cases, it prompted better articulation of guidance that was implicitly understood but not necessarily explicitly stated.
New guidance on “effective license” analysis
Many software packages consist of code with different free and open source licenses. Previous practice often involved “simplification” of the package license field when the packager believed that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way.
When do these changes take effect?
The resulting changes in practice will be applied to new packages and licenses going forward. It is not necessary to revise existing packages at this time, although we have provided some guidance for package maintainers who want to get started. We’re in the process of planning a path for updating existing packages at a larger scale — stay tuned for more on that!
Thank you everyone!
A huge thanks to some key people who have worked tirelessly to make this happen: David Cantrell, Richard Fontana, Jilayne Lovejoy, Miroslav Suchý. Behind the scenes support was also provided by David Levine, Bryan Sutula, and Beatriz Couto. Thank you as well for the valuable feedback from Fedora community members in various Fedora forums.
Please have a look at the updated information. If you have questions, please post them to the Fedora Legal mailing list:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/
Matthew Miller wrote:
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
Several links to other sections are broken. All five links under "Licensing in Fedora" should point to other pages instead of non-existent sections of the same page. Several links on https://docs.fedoraproject.org/en-US/legal/license-field/ contain two fragment identifiers. There can only be one. I haven't searched the other pages for similar errors.
Many software packages consist of code with different free and open source licenses. Previous practice often involved “simplification” of the package license field when the packager believed that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way.
Does that also apply to licenses that explicitly say how they may be combined? Are we supposed to write "GPL-3.0-or-later AND GPL-2.0-or-later AND LGPL-3.0-or-later AND GPL-3.0-only" or do those still combine into GPL-3.0-only?
Björn Persson
On 22/07/29 11:19AM, Matthew Miller wrote:
New docs site for licensing and other legal topics
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
<snip>
Fedora license information in a structured format
The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at:
https://gitlab.com/fedora/legal/fedora-license-data
This data is then presented in easy tabular format in the documentation, at:
As part of this change, the data on which licenses are GPL-compatible seems to have been removed. Other projects were relying on this (e.g. [1]). Are there any plans to add it back?
[1]: https://github.com/ansible-collections/overview/blob/main/collection_require...
On Sun, Jul 31, 2022 at 11:22 AM Maxwell G gotmax@e.email wrote:
As part of this change, the data on which licenses are GPL-compatible seems to have been removed. Other projects were relying on this (e.g. [1]). Are there any plans to add it back?
No, we decided not to maintain this information going forward. I can go into why I don't think it's worthwhile, if there's interest. We probably will add some documentation addressing the issue.
There are so few non-legacy, today-commonly-used, generally-accepted-as-FOSS licenses that are not viewed as GPLv3-compatible that I think it might be better for Ansible to just list those (the only one I can think of is EPL-2.0), or to list a small set of recommended/acceptable commonly-used FOSS licenses.
Richard
On 22/07/31 12:57PM, Richard Fontana wrote:
I can go into why I don't think it's worthwhile, if there's interest.
Feel free to go into more details if you'd like :).
On 7/31/22 6:06 AM, Björn Persson wrote:
Matthew Miller wrote:
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
Several links to other sections are broken. All five links under "Licensing in Fedora" should point to other pages instead of non-existent sections of the same page.
do you mean the links in the left nav drop-down? They all go to the appropriate pages for me?
Several links on https://docs.fedoraproject.org/en-US/legal/license-field/ contain two fragment identifiers. There can only be one. I haven't searched the other pages for similar errors.
thanks, I had trouble getting the links right... I just checked all on that page and found 4 broken. Will update/fix shortly.
If you notice any others, please let us know, or better yet, file a MR :)
Jilayne
On Sun, Jul 31, 2022 at 1:39 PM Maxwell G gotmax@e.email wrote:
On 22/07/31 12:57PM, Richard Fontana wrote:
I can go into why I don't think it's worthwhile, if there's interest.
Feel free to go into more details if you'd like :).
Sure, well: Fedora had an informal but publicly stated policy, which in retrospect seems quite progressive, of ordinarily not looking into cross-package license compatibility issues. There were some notable exceptions involving prominent issues that did not arise uniquely within Fedora (the one that comes to mind is Fedora treating OpenSSL as covered by the GPL's system library exception). But also even license compatibility issues isolated to a particular package have mostly been ignored or treated as unimportant for a variety of practical, policy, interpretive and doctrinal reasons that are really not specific to Fedora but found in other LInux distributions and in upstream projects generally. I think we would look carefully at a license compatibility issue if someone raised it on a *package-specific basis* (possibly concluding it was a non-issue, possibly not ) but I don't think we have an interest in encouraging this particularly. So anyway given that state of affairs I don't think it's useful to track GPLv2 and GPLv3 compatibility issues for new allowed licenses going forward, on a non-package-specific basis.
Richard
Jilayne Lovejoy wrote:
On 7/31/22 6:06 AM, Björn Persson wrote:
Matthew Miller wrote:
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
Several links to other sections are broken. All five links under "Licensing in Fedora" should point to other pages instead of non-existent sections of the same page.
do you mean the links in the left nav drop-down? They all go to the appropriate pages for me?
No, in the text, under the heading https://docs.fedoraproject.org/en-US/legal/#_licensing_in_fedora – in the paragraph that begins "See the links here for understanding".
Björn Persson
On Sun, Jul 31, 2022 at 3:24 PM Björn Persson <Bjorn@rombobjörn.se> wrote:
Jilayne Lovejoy wrote:
On 7/31/22 6:06 AM, Björn Persson wrote:
Matthew Miller wrote:
All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at:
Several links to other sections are broken. All five links under "Licensing in Fedora" should point to other pages instead of non-existent sections of the same page.
do you mean the links in the left nav drop-down? They all go to the appropriate pages for me?
No, in the text, under the heading https://docs.fedoraproject.org/en-US/legal/#_licensing_in_fedora – in the paragraph that begins "See the links here for understanding".
I've just merged fixes for this.
Richar