Hot news:
- I walked through all packages with "Public Domain" license. For all such packages I identified the public domain
dedication and added it to
https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/public-domain-text.txt?ref_type=heads Richard F. did the
review and I opened PRs for such packages to change the license to LicenseRef-Fedora-Public-Domain. There are about 30
PRs wating to be merged. In several cases I had to open issue as the public domain dedication is not easy and has some
sort of problem.
- Unfortunately in several cases, the evaluation of dedication (either public domain or "Redistributable") was found as
not good enough. I.e. the license is not allowed. Several packages has been already retired in Fedora Linux because of
that. You can track it here: https://bugzilla.redhat.com/show_bug.cgi?id=2310597
- I started walking through "Redistributable, no modification permitted" that is usually used in firmware package. It is
much smaller set of packages compared to Public Domain set. I should have it done by next report. But the analysis is
much harder.
- sometimes you used in License tag deprecated license id
https://spdx.github.io/spdx-spec/v2.3/SPDX-license-list/#a3-deprecated-licenses Note that while we usually abbreviate
the communication that you must use SPDX ID, but there is silent part "and approved for usage in Fedora Linux". I.e.
such ID must be in fedora-license-data. And these deprecated ID are not there (and never will be).
- We have 59 open issues for fedora-license-data
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?sort=updated_desc&state=opened&first_page_size=50
From past experience, you should expect that it will take about 3 months to
proceed all these issues.
- For most packages the license change is "just" committed to dist-git. The change in binary RPM will be visible after
next mass rebuild (scheduled to 2025-01-15).
Two weeks ago we had:
* 24311spec files in Fedora
* 30967license tags in all spec files
* 360 tags are not SPDX complient (number from line bellow minus packages with
LicenseRef-Callaway-*)
* 2658 tags have not been converted to SPDX yet
* 86 tags can be trivially converted using `license-fedora2spdx`
* Progress: 98.84% ░░░░░░░░░█100%
ELN subset:
68 out of 2310 packages are not converted yet (progress 97.06%)
Today we have:
* 24340spec files in Fedora
* 30993license tags in all spec files
* 305 tags are not SPDX compliant (number from line bellow minus packages with
LicenseRef-Callaway-*)
* 2587 tags have not been converted to SPDX yet
* 56 tags can be trivially converted using `license-fedora2spdx`
* Progress: 99.02% ░░░░░░░░░█100%
ELN subset:
62 out of 2313 packages are not converted yet (progress 97.32%)
Graph of these data with the burndown chart:
https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing
The list of packages needed to be converted is here:
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt
List by package maintainers is here
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt
Packages that are neither in SPDX nor in Callaway format (highest priority for
now) - 59 packages:
https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt
Most of such packages has open issue in fedora-license-data. A lot of them are waiting for SPDX to approved the license
and assign ID.
New version of fedora-license-data has been released. With:
7 new licenses and lots of public domain dedications and several firmware
licenses
12 licenses are waiting to be reviewed by SPDX.org (and then to be added to fedora-license-data)
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked
Legal docs and especially
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
was updated too.
New projection when we will be finished is 2024-11-30 (+13 days from last report). Pure linear approximation. This
information no longer makes sense. Most of the packages are already SPDX compliant and for most of the remaining
packages we have open issue that will take weeks/months to be resolved. I will remove this prediction from future reports.
If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license
tag matches SPDX formula, you can put your package on ignore list
https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt
Either pull-request or direct email to me is fine.
Miroslav
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
