What's the best way to raise licensing issues in already-added packages? I think there are largely two cases:
* Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
* Fedora and its distributors appear violating the license. An example would be a package that ships a pre-built Linux kernel binary without the required GPL notices, and without corresponding soruce code.
Do these two cases need to be treated differently? In the past, I may have filed bugs in Bugzilla, but this might be construed as a bit rude.
I looked at https://docs.fedoraproject.org/en-US/legal/ and couldn't find any discussion of this topic. Sorry if I missed it.
Thanks, Florian
On Mon Dec 19, 2022 at 12:18 +0100, Florian Weimer wrote:
- Fedora and its distributors appear violating the license. An example would be a package that ships a pre-built Linux kernel binary without the required GPL notices, and without corresponding soruce code.
This is also a violation of the Packaging Guidelines which makes who to report it to even murkier.
-- Maxwell G (@gotmax23) Pronouns: He/Him/His
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
Miroslav
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the
license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Miroslav _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
* Jilayne Lovejoy:
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the
license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Thanks. I'll keep filing fedora-license-data issues until told otherwise.
Florian
On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer fweimer@redhat.com wrote:
- Jilayne Lovejoy:
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Thanks. I'll keep filing fedora-license-data issues until told otherwise.
I think we can make that documentation a little clearer that the license review process can be initiated by any interested Fedora contributor (not just actual/intended package maintainers), for existing as well as proposed new Fedora packages. What we don't want is for it to be used for substantially non-Fedora-related purposes (e.g. a license for which review is sought should demonstrably exist in an existing Fedora package or a project that (but for any license issues) seems likely to be included in Fedora).
Richard
On 1/2/23 10:57 AM, Richard Fontana wrote:
On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer fweimer@redhat.com wrote:
- Jilayne Lovejoy:
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Thanks. I'll keep filing fedora-license-data issues until told otherwise.
I think we can make that documentation a little clearer that the license review process can be initiated by any interested Fedora contributor (not just actual/intended package maintainers), for existing as well as proposed new Fedora packages. What we don't want is for it to be used for substantially non-Fedora-related purposes (e.g. a license for which review is sought should demonstrably exist in an existing Fedora package or a project that (but for any license issues) seems likely to be included in Fedora).
Richard
I just had a re-read and it doesn't say anything specific to "package maintainers" but I think uses "Fedora contributors" initially, which should cover your point. I think it's clear it should be for a package included in Fedora, but we don't have an explicit statement to NOT use it for non-Fedora related purposes - do you think we should add that?
I did fix a bit of formatting just now, though :)
J.
On Tue, Jan 3, 2023 at 3:04 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
On 1/2/23 10:57 AM, Richard Fontana wrote:
On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer fweimer@redhat.com wrote:
- Jilayne Lovejoy:
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a):
- Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Thanks. I'll keep filing fedora-license-data issues until told otherwise.
I think we can make that documentation a little clearer that the license review process can be initiated by any interested Fedora contributor (not just actual/intended package maintainers), for existing as well as proposed new Fedora packages. What we don't want is for it to be used for substantially non-Fedora-related purposes (e.g. a license for which review is sought should demonstrably exist in an existing Fedora package or a project that (but for any license issues) seems likely to be included in Fedora).
Richard
I just had a re-read and it doesn't say anything specific to "package maintainers" but I think uses "Fedora contributors" initially, which should cover your point. I think it's clear it should be for a package included in Fedora, but we don't have an explicit statement to NOT use it for non-Fedora related purposes - do you think we should add that?
I did fix a bit of formatting just now, though :)
Also re-reading - I guess the only thing that's unclear is the initial text:
"This page describes how to request the review of *a new license for inclusion in Fedora Linux* and other related processes.
[...]
"Request review of a new license" [...]
While the following text makes things clear, I think there is something confusing about the phrase "new license" -- someone might assume that doesn't cover "licenses Fedora has arguably been distributing code/content under for 20 years", for example.
Separately, but related to Florian's question, I think we should make clear in documentation (if we don't already) that fedora-license-data is not intended to deal with questions about license compliance, except to the extent that impossibility or impracticality of compliance with a license may be a reason for concluding that it is not allowed.
Richard
On 1/3/23 12:39 PM, Richard Fontana wrote:
On Tue, Jan 3, 2023 at 3:04 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
On 1/2/23 10:57 AM, Richard Fontana wrote:
On Mon, Jan 2, 2023 at 3:19 AM Florian Weimer fweimer@redhat.com wrote:
- Jilayne Lovejoy:
On 12/19/22 3:10 PM, Miroslav Suchý wrote:
Dne 19. 12. 22 v 12:18 Florian Weimer napsal(a): > * Fedora and its distributors comply with the licensing terms, but the > license is not obviously on Fedora's allowed list. An example would > be an obscure field-of-use restriction (as in the JSON license). Create an issue in https://gitlab.com/fedora/legal/fedora-license-data/
And the license may be added to not-allowed list. See https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=created_d...
And in that issue you can discuss what to do with the package if it already in Fedora Linux.
the process for license review is outlined at this particular link: https://docs.fedoraproject.org/en-US/legal/license-review-process/
:)
Thanks. I'll keep filing fedora-license-data issues until told otherwise.
I think we can make that documentation a little clearer that the license review process can be initiated by any interested Fedora contributor (not just actual/intended package maintainers), for existing as well as proposed new Fedora packages. What we don't want is for it to be used for substantially non-Fedora-related purposes (e.g. a license for which review is sought should demonstrably exist in an existing Fedora package or a project that (but for any license issues) seems likely to be included in Fedora).
Richard
I just had a re-read and it doesn't say anything specific to "package maintainers" but I think uses "Fedora contributors" initially, which should cover your point. I think it's clear it should be for a package included in Fedora, but we don't have an explicit statement to NOT use it for non-Fedora related purposes - do you think we should add that?
I did fix a bit of formatting just now, though :)
Also re-reading - I guess the only thing that's unclear is the initial text:
"This page describes how to request the review of *a new license for inclusion in Fedora Linux* and other related processes.
[...]
"Request review of a new license" [...]
While the following text makes things clear, I think there is something confusing about the phrase "new license" -- someone might assume that doesn't cover "licenses Fedora has arguably been distributing code/content under for 20 years", for example.
I've simply removed the word "new" :) https://gitlab.com/fedora/legal/fedora-legal-docs/-/merge_requests/152
Separately, but related to Florian's question, I think we should make clear in documentation (if we don't already) that fedora-license-data is not intended to deal with questions about license compliance, except to the extent that impossibility or impracticality of compliance with a license may be a reason for concluding that it is not allowed.
not sure where to put that or what exactly to say... did you have an idea? as a threshold question, should that note go in the license-data repo itself or the Fedora-legal documentation?
Jilayne
Richard
On Fri, Jan 13, 2023 at 9:29 PM Jilayne Lovejoy jlovejoy@redhat.com wrote:
On 1/3/23 12:39 PM, Richard Fontana wrote:
Separately, but related to Florian's question, I think we should make clear in documentation (if we don't already) that fedora-license-data is not intended to deal with questions about license compliance, except to the extent that impossibility or impracticality of compliance with a license may be a reason for concluding that it is not allowed.
not sure where to put that or what exactly to say... did you have an idea? as a threshold question, should that note go in the license-data repo itself or the Fedora-legal documentation?
I think it should go in the legal documentation. The issue is really the nonsuitability of the fedora-license-data issue tracker for handling compliance questions.
On Mon, Dec 19, 2022 at 6:18 AM Florian Weimer fweimer@redhat.com wrote:
What's the best way to raise licensing issues in already-added packages? I think there are largely two cases:
- Fedora and its distributors comply with the licensing terms, but the license is not obviously on Fedora's allowed list. An example would be an obscure field-of-use restriction (as in the JSON license).
This requires a BZ set to block FE-Legal *and* an issue filed at https://gitlab.com/fedora/legal/fedora-license-data/.
When doing so, please link the BZ and the GitLab issue together.
- Fedora and its distributors appear violating the license. An example would be a package that ships a pre-built Linux kernel binary without the required GPL notices, and without corresponding soruce code.
The correct way to handle this is file a bug on RHBZ and block FE-Legal.
Do these two cases need to be treated differently? In the past, I may have filed bugs in Bugzilla, but this might be construed as a bit rude.
The two cases are handled differently, as I outlined above.
I looked at https://docs.fedoraproject.org/en-US/legal/ and couldn't find any discussion of this topic. Sorry if I missed it.
No worries!
-
Florian Weimer -
Jilayne Lovejoy -
Maxwell G -
Miroslav Suchý -
Neal Gompa -
Richard Fontana