[opensuse-packaging] Lots of problems with Licence strings in SLE_15_SP1
Hi all! Starting sometime ago I see lots of failed builds due to license strings not valid for exactly SLE_15_SP1, giving no problems whatever for other releases, especially not Leap_15.2. I'm talking about devel:languages:R:released, where a lot of packages from CRAN are (semi-)automatically built. One such package is R-acepack. The spec file says: License: MIT + file LICENSE On CRAN that seems popular and up to now we had no problems with that. Most of the failing packages use exactly this license. The authors use a blank MIT license and add a file with just the copyright holders names etc. What is the intended reaction as a packager? I would like to keep the License specified as intended by upstream. Essentially this is MIT, so it should definitely be ok for OBS. Of course (?) there is no such entry in https://spdx.org/licenses/ Thx for any hints. Detlef -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hello Detlef, Am Montag, 13. April 2020, 19:18:53 CEST schrieb Detlef Steuer:
Starting sometime ago I see lots of failed builds due to license strings not valid for exactly SLE_15_SP1, giving no problems whatever for other releases, especially not Leap_15.2.
I'm talking about devel:languages:R:released, where a lot of packages from CRAN are (semi-)automatically built.
One such package is R-acepack.
The spec file says:
License: MIT + file LICENSE
Packaging practice should be to use a license string that is listed in https://spdx.org/licenses/, as you pointed out below. Additionally there is a tag for the %files section where you should place the license file: %license COPYING or %license LICENSE, whatever it is called.
On CRAN that seems popular and up to now we had no problems with that. Most of the failing packages use exactly this license. The authors use a blank MIT license and add a file with just the copyright holders names etc.
There is a difference between license and copyright(-holders)! If in doubt, act as described here: https://en.opensuse.org/openSUSE:Packaging_guidelines#Licensing and ask SUSE legal for advice.
What is the intended reaction as a packager?
I would like to keep the License specified as intended by upstream. Essentially this is MIT, so it should definitely be ok for OBS. Of course (?) there is no such entry in https://spdx.org/licenses/
Thx for any hints.
HTH Axel -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Am 13.04.20 um 19:18 schrieb Detlef Steuer:
I would like to keep the License specified as intended by upstream.
There is an easy fix for that: teach upstream about spdx :) But you can also disable the strict policies for such projects. A `Support: !rpmlint-Factory-strict` in your project config will do. Leap and Tumbleweed only enforce this in staging projects, not in their devel projects. Greetings, Stephan -- Lighten up, just enjoy life, smile more, laugh more, and don't get so worked up about things. Kenneth Branagh -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Mon, Apr 13, Detlef Steuer wrote:
The spec file says:
License: MIT + file LICENSE
Ok, this license entry doesn't really make any sense. Please, think about, for which reasons does RPM have this field? That a user can check the license of a package if it is OK for him without downloading the sources and look into them. Now, RPM tells the user that the package is MIT and that the user needs to look into the LICENSE file. In the LICENSE file could be some for the user very important informations, so he has to download the RPM or Sources, search for the LICENSE file and need to read that. Doesn't make any sense, in this case, you could also remove the License tag from RPM.
What is the intended reaction as a packager?
Fix your spec file and provide the relevant informatins, don't point the user to the package or sources.
I would like to keep the License specified as intended by upstream. Essentially this is MIT, so it should definitely be ok for OBS.
Who tells you that the LICENSE file does not contian restrictions? If it is only MIT, remove the "+ file LICENSE", if that does not contain anything relevant. Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Felix Imendoerffer (HRB 36809, AG Nürnberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Monday 2020-04-13 19:18, Detlef Steuer wrote:
The spec file says:
License: MIT + file LICENSE
On CRAN that seems popular and up to now we had no problems with that. Most of the failing packages use exactly this license. The authors use a blank MIT license and add a file with just the copyright holders names etc.
Adding to what thkukuk said, the RPM License: field exists to summarize _the terms_. It is not supposed to be an author list, or a reference thereto, nor is it supposed to satisfy any potential advertisement clauses (e.g. the one in BSD-4-Clause). -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Am Tue, 14 Apr 2020 10:25:08 +0200
schrieb Thorsten Kukuk
On Mon, Apr 13, Detlef Steuer wrote:
The spec file says:
License: MIT + file LICENSE
Ok, this license entry doesn't really make any sense. Please, think about, for which reasons does RPM have this field? That a user can check the license of a package if it is OK for him without downloading the sources and look into them.
Well, I agree, but we are talking about thousends of packages. If you look into these packages they all choose a blank MIT license and a file with personal information about the license owner. No idea who invented that kind of license specification, but it is used in the wild.
Now, RPM tells the user that the package is MIT and that the user needs to look into the LICENSE file. In the LICENSE file could be some for the user very important informations, so he has to download the RPM or Sources, search for the LICENSE file and need to read that. Doesn't make any sense, in this case, you could also remove the License tag from RPM.
I agree, but no way to change upstream.
What is the intended reaction as a packager?
Fix your spec file and provide the relevant informatins, don't point the user to the package or sources.
That would mean we lose the CRAN ecosystem as a whole. Debian and Fedora handle that problem somehow.
I would like to keep the License specified as intended by upstream. Essentially this is MIT, so it should definitely be ok for OBS.
Who tells you that the LICENSE file does not contian restrictions? If it is only MIT, remove the "+ file LICENSE", if that does not contain anything relevant.
For me that clearly is "MIT", but IANAL, and don't want to interpret whatever upstream put in that field. I just quote whatever they have chosen. (At the core I rely on CRAN to check the usefuleness of the license for redistribution.) Thx for your feedback Detlef
Thorsten
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (5)
-
Axel Braun
-
Detlef Steuer
-
Jan Engelhardt
-
Stephan Kulow
-
Thorsten Kukuk