[Fedora-packaging] License Tag Draft

Tom "spot" Callaway tcallawa at redhat.com
Fri Jul 27 13:18:17 UTC 2007 

On Fri, 2007-07-27 at 09:47 +0200, Nicolas Mailhot wrote:
> Le jeudi 26 juillet 2007 à 22:33 -0700, Toshio Kuratomi a écrit :
> 
> > So, AIUI, Firefox would be under:
> > License: (GPLv2+ || LGPLv2.1+ || MPLv1.1+)
> 
> This kind of notation is pretty useless. in theory many packages are
> dual or tri-licensed. In reality the multi-licensing if often collapsed
> due to deps (upstream or downstream) that impose one particular license.
> If we go the "or" route no one will check, and everyone will assume the
> most permissive license applies (even if it's not the case due to the
> packages fedora builds again)
> 
> IMHO in the case of multi-licensing we should choose one of the possible
> licenses and stick with it. Only revisit the choice if another fedora
> package forces us to, and let the packager of this other package do the
> licensing analysis.

I think the problem is that when Firefox is under GPLv2+, LGPLv2.1+ and
MPLv1.1+, differing Fedora packages that want to link to it will each
choose the appropriate license that matches it, for linking purposes.

So, we really can't just pick a license and stick with it, because
that's just not correct. I'm also not sure I want the packager to bear
the burden, and I suspect the various upstreams would get rather angry
over our attempts to "simplify" their licensing. :)

We've had a sort of "or" route for a while now (Foo/Bar/Baz), but the
problem is that we've also had packagers using that as an "and" where it
applies.

Also, I've found that most packagers either don't want to, or aren't
qualified to do licensing analysis. I'm getting better at it through
practice, but I'm certainly not perfect either (which is why I defer to
the thoughts of more skilled folks, either at Red Hat or the FSF, when I
have any doubt).

> This is different from the case where different bits of a component
> are under different licences. There we have no choice but carefully
> track licensing boundaries?

Well, I wouldn't say we have no choice, since we've not been doing this
in Fedora so far, but it certainly seems to be a logical continuation
(at least to me). Having a list of all the licenses that all the files
in a package uses is useful, but when one of those files has a license
related conflict (I linked against foo in package bar, was it GPLv3 or
not?), it would be very helpful to have a quick way to check at a
glance, without exploding a source tree.

~spot

More information about the Fedora-packaging mailing list