Tl;dr Please start migrating your license tag to SPDX now. Tool `license-fedora2spdx` is your friend. The JSON format
changed - but is backwards compatible.
Hi.
I want to update you on where we are with SPDX Change https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1
<https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1>:
1.
All parts that are part of this phase are done. We are missing only one
optional item, and we want to automatize the
generation of legal-docs. Right now I have to manually create PR for
legal-docs whenever I release fedora-license-data.
2.
All tooling and documentation are in place. The documentation is
here:https://docs.fedoraproject.org/en-US/legal/allowed-licenses/<https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>The
package `fedora-license-data` is in Fedoras and EPELs. The subpackage
`rpmlint-fedora-license-data` contains the
data for rpmlint.
3.
The latest version of `fedora-license-data` **changed the format** of JSON
file. If you use this file, please see
https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/119
<https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/119>and
update your tool. The JSON file now
contains data in both old and new formats.
4.
The JSON is automatically updated after each commit (and merged MR). For
details see
https://gitlab.com/fedora/legal/fedora-license-data#artifact
<https://gitlab.com/fedora/legal/fedora-license-data#artifact>
5.
Please, start migrating your spec files **now**. You can use the tool
`license-fedora2spdx` from package
`license-validate`. Use this opportunity to check if your package license
matches the upstream version - especially
if you took over the package from the previous maintainer. If you are not
sure what SPDX string to use, ask for help
on the “legal” mailing
listhttps://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/
<https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org/>
6.
When you are changing your license tag, there is no need to notify the devel
mailing list.
7.
When your license does not have an SPDX identifier, then please follow this
documentationhttps://docs.fedoraproject.org/en-US/legal/update-existing-packages/
<https://docs.fedoraproject.org/en-US/legal/update-existing-packages/>
8.
After you migrate your SPEC file, please add the string “SPDX” to the entry
of the packages’ %changelog. This is the
easiest way to detect the migration has been done. The second best option is
to add it to the dist-git commit message.
9.
The list of packages that do not mention “SPDX” neither in %changelog nor in
dist-git log is here
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-distgit-changelog.txt<https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-distgit-changelog.txt>If
you see there some false positives, please let me know (privately) and I
will adjust my scripts.
10.
As of 2022-10-27:
1.
There are 23302 spec files in Fedora
2.
264 mentions "SPDX" in the spec changelog
3.
out of the remaining, 173 packages mention "SPDX" in dist-git log
4.
22865 packages need to be migrated yet.
5.
11371 package has straight answer from `license-fedora2spdx` and the
migration is trivial.
11.
Right now, we are finalizing the Change proposal for phase
2.https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2<https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2>This
is yet about to be finished and approved. The main takeaway is that we do
not plan to do any mass action before
Fedora 38 branching (I.e. 2023-02-07)
Miroslav
on behalf of other owners of this Change (Jillayne, Neal, David, Richard,
Matthew)
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
