Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

License clarification #2511

Closed
xsuchy opened this issue May 17, 2023 · 11 comments
Closed

License clarification #2511

xsuchy opened this issue May 17, 2023 · 11 comments

Comments

@xsuchy
Copy link
Member

xsuchy commented May 17, 2023

As part of the move to the SPDX identifier I have tried to convert rpm license to SPDX:

The current license string in Fedora is:

# Partially GPL/LGPL dual-licensed and some bits with BSD
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD                                                                                                                                
License: GPLv2+

The README in this repository states:

RPM is Copyright (c) 1998 by Red Hat Software, Inc.,
and may be distributed under the terms of the GPL and LGPL (see  the
file COPYING for details).

http://rpm.org/about.html states

RPM is [free software](https://www.gnu.org/philosophy/free-sw.html), released under the [GNU GPL](https://www.fsf.org/licensing/licenses/gpl.html).

OpenSuse states in rpm.spec: GPL-2.0-or-later

And with respect to no effective analysis - what is the license of this project?

When crawling through the repository I:

  • failed what is the exception suggested in "LGPLv2+ with exceptions"
  • what is the BSD referred in the comment? - we have several variants of BSD in SPDX

If I omit these two issues I tend to think that the correct license is GPL-2.0-or-later AND LGPL-2.1-or-later but I will welcome your guidance.
@pmatilai
Copy link
Member

pmatilai commented May 22, 2023
edited

See https://github.com/rpm-software-management/rpm/blob/master/COPYING for the exception(s) and other options.

@pmatilai
Copy link
Member

pmatilai commented May 22, 2023
edited

The "BSD bits" probably refers to Berkeley DB which is long gone from rpm. There was a time when the entire BDB source, along with libmagic, lua and whoknowswhat was distributed in the rpm release tarballs.

@xsuchy
Copy link
Member Author

xsuchy commented May 28, 2023

I compared the second part of COPYING and COPYING-2 with https://www.gnu.org/licenses/old-licenses/lgpl-2.0.txt and it matches 100 % (sans formatting and old address). I still do not see any exceptions.

@xsuchy
Copy link
Member Author

xsuchy commented May 31, 2023

I filed https://src.fedoraproject.org/rpms/rpm/pull-request/44

@pmatilai
Copy link
Member

I compared the second part of COPYING and COPYING-2 with https://www.gnu.org/licenses/old-licenses/lgpl-2.0.txt and it matches 100 % (sans formatting and old address). I still do not see any exceptions.

Um, the first part is the exception. More precisely, only parts of the codebase are alternatively available as LGPL. How that's supposed to be expressed in terms of SPDX or anything else, I have no idea.

@xsuchy
Copy link
Member Author

xsuchy commented May 31, 2023

Um, the first part is the exception. More precisely, only parts of the codebase are alternatively available as LGPL. How that's supposed to be expressed in terms of SPDX or anything else, I have no idea.

That should be GPL-2.0-or-later AND LGPL-2.1-or-later

@Conan-Kudo
Copy link
Member

For RPM packaging purposes, the librpm subpackage would be LGPL-2.1-or-later. Fedora's rpm-libs package would be LGPL-2.1-or-later and GPL-2.0-or-later while the rest of the binary packages would be GPL-2.0-or-later.

@xsuchy
Copy link
Member Author

xsuchy commented Jun 6, 2023

Hmm, reading again the COPYING:

Alternatively,
all of the source code in the lib and rpmio subdirectories of the RPM source
code distribution as well as any code derived from that code may instead be
distributed under the GNU Library General Public License (LGPL), at the
choice of the distributor.

It is Alternatively ... at choice of distributor

So it should be GPL-2.0-or-later for the main part. And GPL-2.0-or-later OR LGPL-2.1-or-later for rpm-libs* and rpm-plugin*. Right?

@hroncok
Copy link
Contributor

hroncok commented Jun 7, 2023
edited

That depends on what files are built from what source. If anything in the main package is actually built from lib or rpmio dirs, the License would be GPL-2.0-or-later OR (GPL-2.0-or-later AND LGPL-2.1-or-later), based on the "no effective analysis" rule, wouldn't it? (Silly, isn't it?)

@pmatilai
Copy link
Member

pmatilai commented Jun 7, 2023

And that all depends on what exact package and version we're talking about. I assume current Fedora rawhide from the context, but the packaging has evolved quite a bit over time.

In the rawhide rpm, 'rpm-libs' is supposed to be "GPL or LGPL" and the rest just GPL. Except maybe 'rpm-devel', where at least librpmio and librpm related headers are necessarily "GPL or LGPL" too.

@pmatilai
Copy link
Member

Let's continue this in the Fedora PR, other distros can and do package things differently so this could get confusing.

xsuchy added a commit to xsuchy/rpm-web that referenced this issue Jun 13, 2023
@xsuchy
clarify license and use SPDX ids
a621298 
This follows up rpm-software-management/rpm#2511
@xsuchy xsuchy mentioned this issue Jun 13, 2023
Merged
ffesti pushed a commit to rpm-software-management/rpm-web that referenced this issue Apr 4, 2024
@xsuchy @ffesti
clarify license and use SPDX ids
62dd49a 
This follows up rpm-software-management/rpm#2511
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xsuchy @Conan-Kudo @hroncok @pmatilai