On Mon, Apr 28, 2025 at 09:27:29AM +0200, Miroslav Suchý via legal wrote: > Dne 26. 04. 25 v 6:07 odp. Fabio Valentini via legal napsal(a): > > > why LicenseRef-Callaway-CC-BY-SA, LicenseRef-Callaway-BSD , > > > LicenseRef-Callaway-MIT , LicenseRef-Callaway-OFL are not valid for > > > license-validate command anh what is need to validate > > > > > > marker (https://bugzilla.redhat.com/show_bug.cgi?id=2362370#c2 ) ? > > As far as I know, these LicenseRef identifiers were only introduced by > > automatic conversions to SPDX for existing packages. > > Right. I will elaborate on this. > > I will take BSD as an example. > > When package had license BSD this could not be converted to SPDX > automatically. As the SPDX equivalent is either BSD-2-Clause or BSD-3-Clause > (and you can find other variations too). To find which license is correct > you have to manually check the license. And that does not scale for hundreds > or thousands packages. On the other hand, when we leave BSD string there, it > is not SPDX id. It is not valid SPDX formula. And SPDX tooling will fail to > parse it. > > So we decided to make partial step forward. Migrate BSD to > LicenseRef-Callaway-BSD (and comment above the License tag). This id **is** > valid SPDX id as LicenseRef-* is reserved by SPDX specification for custom > usage. So we do conform to SPDX standard. But at the same time we know we > can do more. And with a bit of work it can be converted from custom id to > standard id (either BSD-2-Clause or BSD-3-Clause). For this reason - to > encourage the migration to final standard id - we did not add > LicenseRef-Callaway-BSD to fedora-license-data set and it popups as not > allowed license (because it is unknown to fedora-license-data). > > What you need to validate it? You can use help of: > > $ license-fedora2spdx BSD > Warning: more options on how to interpret BSD. Possible options: > ['TCP-wrappers', 'BSD-3-Clause', 'BSD-3-Clause-Modification', > 'BSD-2-Clause', 'BSD-2-Clause-Views', 'BSD-2-Clause-FreeBSD', > 'BSD-1-Clause'] > {{pick BSD choice} > > This will give you hint of known SPDX id for the Callaway umbrella string. > You need to check the license and find if it matches one of these SPDX ids > and use that one. Note, best practice is to not assume that the old LicenseRef-Callaway-BSD specification was an exhaustive list of licenses. Under old Fedora doctrine we may have minimized the license lists - iow we often intentionally threw away data. IOW, the most thorough approach would be to not merely convert "BSD" one of the new variants, but to instead re-scan the project to re-identify all of its licenses, and ensure that they all are listed in the RPM spec. In addition to fixing cases where we minimized the license list, this also often finds places where upstream quietly/inadvertantly introduced files under new licenses. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
