New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPDX statement in appdata file does not match LICENSE #9674
Comments
My reading is that OR is used when the code as a whole can be distributed under any one of multiple licenses, not that various parts fall under different licenses. That becomes particularly clear in the following paragraph about the AND operator, which is for when one must abide by all of the provisions of both. So it looks like |
This issue did not get any activity in the past 60 days and will be closed in 365 days if no update occurs. Please check if the master branch has fixed it and report again or close the issue. |
@ralfbrown I agree that using GPL3 seems to be the best way to fix this issue. |
I agree that simplifying the license field down to just GPL-3.0+ makes sense. You certainly shouldn't include documentation or content licenses there. That said, I'm very nervous about seeing the CC-BY-NC-3.0. The NC licenses are banned from Fedora, and presumably most other major Linux distributions, due to the noncommercial use restriction. (As you can imagine, people like to use Fedora/Ubuntu/etc. for commercial purposes.) This is very serious and, if not corrected, could result in Darktable being removed from distros now that it's been noticed. However, I did a very quick search of the Darktable codebase, and I'm not actually sure that any content in Darktable really actually uses this license? I could easily have missed something, but the only obvious reference I found was in src/libs/metadata.c, which seems fine. So hopefully this is just a simple mistake, and updating the license tag is all that's required? Note the other Creative Commons licenses (the non-NC ones) that you've listed are all fine for distros, even though they are not free software licenses. Distros simply do not expect all your content and documentation to meet FSF free software definitions. But GNOME Software does, which is why you don't want to list these in the appstream metadata. |
Since nobody responded, I've reported this here. |
@TurboGit @aurelienpierre you might want to consider this as release critical. as this means that distros either have to strip the offending files or will drop DT all together. |
right now it seems that offending file is .appdata.xml |
maybe the old manual was affected which is now split out? that would also mean if the distros just drop the manual pdf, then we would be clean again. |
what about translations? |
watermarks/promo.svg seems to be labeled by-nc-3.0 in its XML. Didn't that come up in some other issue earlier this year? Every other occurrence of "by-nc" in the repo is either one of the presets for the metadata module or the translation of the preset name in a .po file. |
what is the promo.svg used for? can we just drop it? |
Indeed: #10002 |
well he allows relicening the file in a comment. so we have many options just someone from the DT team needs to decide which way to go. |
Removing it might break someone's edits. |
which begs the question ... what implications for the licensing of the photo edits using this file, the whole issue has? :D |
@MRIG so relicening the file as CC-BY-SA-3.0 or newer might be ok for you? |
In [darktable-org#10002][0] the author and creator offered to drop the file or relicense the file if necessary. As [parafin][1] pointed out, dropping the file might break edits. So apply the 2nd option. Fixes darktable-org#10002 [0]: darktable-org#10002 (comment) [1]: darktable-org#9674 (comment)
With the change in b5f4026 we have no more files in CC-BY-NC-3.0. This should fix darktable-org#9674.
This is not fixed. Please refer back to the first post in this issue: you need to remove all content and documentation licenses from the appstream metadata, or the software is still going to be considered proprietary by software centers. Only list software licenses there. I recommend: |
can you explain why CC licenses cause problems? because it would be kinda incorrect to not list the licenses for data files. |
They're not software licenses. Please read the first post of this issue again. The documentation for the |
I mean sure i can do a follow up PR that just removes the CC parts ... but it still feels wrong. |
As a follow up question ... are there any tools that would warn a software developer about this problem so it could be integrated in the testsuite and/or package build? |
Really all I can do is refer you to the documentation:
That's the same quote from the first comment in this issue. The "main" license for Darktable is GPLv3+. You're not expected to list the licenses of every component file.
I do not know, sorry. :( |
During the first round of fixes I missed the part that the license field should only list the main license of the software. See the discussion in darktable-org#9674 Hopefully the final fix for darktable-org#9674
Gnome software reports Darktable license as
Proprietary
, since the appdata filedefines:
darktable/data/darktable.appdata.xml.in
Line 10 in 1dd4b36
and
CC-BY-NC-3.0
is not an approved OSI or FSF free software license.According to https://www.darktable.org/about/ and https://github.com/darktable-org/darktable/blob/master/LICENSE
the license is GPLv3.
The issue is described in
https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#tag-project_license
Looking in https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/#1-disjunctive-or-operator
it seems that using
OR
will fix this issue.See also gnome-software bug:
https://gitlab.gnome.org/GNOME/gnome-software/-/issues/1338
The text was updated successfully, but these errors were encountered: