[This is a repost of a message which I incorrectly sent to fedora-packaging list, so my apologies if you've seen it before.]
I'm trying to package a Unicode library which contains lots of different "<some random NLS> to Unicode" mappings files.
https://bugzilla.redhat.com/show_bug.cgi?id=253564
I've got some questions:
(1) Codepage 932 is an MS extension to Shift JIS. The file that is shipped in the source package is derived from this one:
http://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP932.TXT
Note that we also ship essentially the same set of mappings in other Fedora packages, eg:
/usr/share/xemacs-21.5-b28/etc/unicode/unicode-consortium/CP932.TXT /usr/share/cups/charmaps/windows-932.txt
There's no license information but it was my understanding (IANAL) that simple lists of facts like this couldn't be monopolized in the US.
(2) The package ships Unicode data with the license below. Is it OK?
http://www.unicode.org/Public/3.2-Update/UnicodeData-3.2.0.html#UCD_Terms
(3) The package contains locales from the IBM ICU project. The license for this looks like BSD to me, so is this OK?
http://source.icu-project.org/repos/icu/icu/trunk/license.html
(4) Finally there is one file whose license is described like this:
The file allkey.txt [sic] is obtained from Unicode Consortium Web site. Its copyright is owned by Unicode Consortium. Its use, reproduction, distribution are permitted under the term of http://www.unicode.org/copyright.html
where the link goes to a long-winded and confusing page. The file itself is just a list of facts (http://www.annexia.org/tmp/allkeys.txt).
Ancillary question:
(5) If it turns out that some files aren't safe to distribute, do I need to remove them from the source tarball, and if so how? Do I have to prepare my own tarball and host it too?
Rich.
On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote:
Ancillary question:
(5) If it turns out that some files aren't safe to distribute, do I need to remove them from the source tarball, and if so how? Do I have to prepare my own tarball and host it too?
You can do the fllowing: 1. Extract the files from the tarball. 2. Create a shell script which removes the questionable files from the tree. 3. Create a new tarball with an appropriate name (foobar-1.2-nouni.tar.bz2). 4. Replace the old source tarball: $ make FILES="foobar-1.2-nouni.tar.gz2" new-sources 5. Add and commit the shell script to CVS.
You can see an example of this in my packaging of drivel, which removes an MD5 implementation that was using the Aladdin Software License. That license is incompatible with the GPL code used in the rest of that software.
http://cvs.fedoraproject.org/viewcvs/rpms/drivel/F-8/?root=pkgs
On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote:
Ancillary question:
(5) If it turns out that some files aren't safe to distribute, do I need to remove them from the source tarball, and if so how? Do I have to prepare my own tarball and host it too?
You can do the fllowing: 1. Extract the files from the tarball. 2. Create a shell script which removes the questionable files from the tree. 3. Create a new tarball with an appropriate name (foobar-1.2-nouni.tar.bz2). 4. Replace the old source tarball: $ make FILES="foobar-1.2-nouni.tar.gz2" new-sources 5. Add and commit the shell script to CVS.
You can see an example of this in my packaging of drivel, which removes an MD5 implementation that was using the Aladdin Software License. That license is incompatible with the GPL code used in the rest of that software.
http://cvs.fedoraproject.org/viewcvs/rpms/drivel/F-8/?root=pkgs
On Mon, 2008-03-10 at 15:38 +0000, Richard W.M. Jones wrote:
There's no license information but it was my understanding (IANAL) that simple lists of facts like this couldn't be monopolized in the US.
Yes. This is fine to include.
(2) The package ships Unicode data with the license below. Is it OK?
http://www.unicode.org/Public/3.2-Update/UnicodeData-3.2.0.html#UCD_Terms
This is already listed in the "Good License" list, use "UCD" in the License tag.
http://fedoraproject.org/wiki/Licensing/UCD
(3) The package contains locales from the IBM ICU project. The license for this looks like BSD to me, so is this OK? http://source.icu-project.org/repos/icu/icu/trunk/license.html
This is yet another MIT variant, use "MIT" in the License tag. (I've added it to the Licensing/MIT page)
(4) Finally there is one file whose license is described like this:
The file allkey.txt [sic] is obtained from Unicode Consortium Web site. Its copyright is owned by Unicode Consortium. Its use, reproduction, distribution are permitted under the term of http://www.unicode.org/copyright.html
Believe it or not, this long winded document eventually refers to "Exhibit A", which is still another MIT variant (I named it "Modern Style without sublicense (Unicode)" at Licensing/MIT). So, it is also fine.
So, with all of that in hand, this is what your License tag should look like for your specific package (from 253564):
# Several files are MIT and UCD licensed, but the overall work is LGPLv2 + # and the LGPL/GPL supercedes compatible licenses. License: LGPLv2+
Note that you had "LGPLv2", which is extremely uncommon, since the LGPLv2 by default has an "or greater clause", thus, the only way you can get LGPLv2 (which means only v2) is to explicitly exclaim that the license is v2 only.
~spot