[Fedora-packaging] Licensing guidelines suggestions
Tom "spot" Callaway
tcallawa at redhat.com
Mon Aug 6 20:48:07 UTC 2007
On Mon, 2007-08-06 at 23:05 +0300, Ville Skyttä wrote:
> Hello,
>
> Here's a few notes/questions that IMO need to be addressed in the new
> licensing guidelines in Wiki. IANAL, etc, but anyway, something for near
> future FPC meetings (which I still probably won't be able to attend to for a
> couple of weeks):
>
> 1) The licensing pages strongly imply that OSI-approved licenses are ok.
> However for example the original Artistic license is OSI-approved but listed
> in Wiki page as "bad". Something needs real fixing - "ask upstream to move
> to a "good" Artistic license" is IMO just a band aid.
> http://fedoraproject.org/wiki/Licensing
> http://www.opensource.org/licenses/artistic-license.php
I think we're going to need the Fedora Board to decide this. Its a
little outside of our jurisdiction, unfortunately.
> 2) The Wiki pages refer to "files" and "content" without specifying whether
> those refer to files/content in the source rpm, the resulting binary rpms, or
> both.
>
> Example case: an upstream source tarball contains source files under let's say
> BSD, LGPLv2.1+ and GPLv2+ licenses. That would mean that let's say a binary
> built from all those would fall under GPLv2+. Specifying GPLv2+ as the
> License tag would be misrepresenting the copyrights of the files in the
> source rpm that carry BSD and LGPLv2.1+ notices. Specifying "BSD and
> LGPLv2.1+ and GPLv2+" would be misrepresenting the copyright of the combined
> work in the resulting binary.
My interpretation is that the License: tag represents the
license/copyright on the bits in the binary rpm.
Again, keep in mind that the License: tag is not legally binding, so its
more of a helpful tool for initial auditing, and not much more.
> 3) Source licenses are not the only thing that affect the distributables'
> copyrights. For example when something is built from let's say LGPLv2+
> sources but linked with a GPLv2+ library, the resulting binary will be
> GPLv2+, while the sources are still LGPLv2+ (unless their embedded copyright
> notices are changed to GPLv2+, but that can't be done for many *GPL
> licenses).
>
>
> Suggested combined fix for 2) and 3) above: change the licensing guidelines to
> prominently note something like that the value of the License tag represents
> the copyright/license info of binary packages only, and only when built in
> the configuration specified by the Fedora build system, build
> dependencies/conflicts in the specfile, and no non-Fedora software installed
> that will affect the build in any way. Source rpms' copyrights are
> determined by the sources and other content included in them.
This seems fine to me. I'll work on drafting a change for vote.
~spot
More information about the Fedora-packaging
mailing list