On Monday 21 Mar 2011 11:22:40 Sascha Peilicke wrote:
The spec file license tag clearly isn't meant for that. I'm no lawyer, but to me it seems like the only proper way is like Debian does it. They add an extra file to their packages which lists all the licenses that apply. Also it allows to clearly state that in-tree libraries are licensed differently. Based on that, the spec file License header could then contain only the most prominent license. However, this increases packagers work but seems more useful to me. What do you think?
Pursuant to a quite prolonged discussion on opensuse-factory and to a separate but related enterprise-related discussion on the spdx mailing lists we decided to start using the same syntax that Fedora has been successfully using for a number of years (RHEL too). The Linux Foundation workgroup of which Red Hat and SUSE had representatives have prepared a specification which will state how licenses are to be declared for a package (including e.g. multiple licensing and dual licensing scenarios). On further discussion with the Fedora representative we concluded that the spdx format will be largely enterprise oriented and that the list of licenses/short-names will probably not suffice to cover the needs of an open source distribution such as openSUSE or Fedora. Pursuant to the aforementioned discussion on opensuse-factory we imported Fedora's list of licenses to http://en.opensuse.org/openSUSE:Accepted_licences With the intend of syncing up with even more distribtions we also (with vuntz's help) are trying to have a face-to-face meeting with the various legal representative of e.g. Ubuntu, Debian, openSUSE, Fedora, Mandriva/Mageia and Gentoo (I possibly left out some) to try to work something out which will be more permanent. As we don't yet know what will come of this, I think it would be premature to resort to a far-reaching step like requiring packagers to produce a copyright file in the way that Debian does (I'm not against the idea per se, but it introducts a substantial margin-of-error and the job should really be done by the _upstream_ developers - if at all - as they are the only ones who can truly and authoritatively state what the license(s) should be). As to the RPM %license field - it was _never_ meant to reflect the entire licensing state of a package. As you identified, we could certainly try to attain more accurary by having packages use subpackages for libraries etc and to add the proper %license for the executable and for the library - this is often overlooked at the moment. Thus, I suggest that we stick with the Fedora-style RPM syntax for now - pending what happens with the cross-distro effort. At least that way we will have some degree of consistency - up to now we had none. Ciaran -- Ciaran Farrell __o cfarrell@suse.de _`\<,_ Phone: +49 (0)911 74053 262 (_)/ (_) SUSE Linux Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstrasse 5, 90409, Nuremberg, Germany /ˈkiː.ræn/