https://bugzilla.redhat.com/show_bug.cgi?id=2437480
Ben Beasley <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |182235 (FE-Legal) CC| |[email protected] --- Comment #1 from Ben Beasley <[email protected]> --- The crate contains JSONRPC standards documents in Markdown format that carry licenses I don’t recognize as approved for distribution in Fedora. docs/jsonprc2.0_official_spec.md Copyright (C) 2007-2010 by the JSON-RPC Working Group This document and translations of it may be used to implement JSON-RPC, it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not bemodified in any way. The limited permissions granted above are perpetual and will not be revoked. This document and the information contained herein is provided "AS IS" and ALL WARRANTIES, EXPRESS OR IMPLIED are DISCLAIMED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. docs/jsonrpc1.0_official_spec.md Copyright (C) 2005 JSON-RPC.ORG This document and translations of it may be used to implement JSON-RPC, it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way. The limited permissions granted above are perpetual and will not be revoked by JSON-RPC.org. This document and the information contained herein is provided on an "AS IS" basis and json-rpc.org DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. docs/jsonrpc2.0_specifications.md License text missing, but is likely intended to be very similar considering https://www.jsonrpc.org/specification. docs/json-rpc-Koebler-2008.md No clear license attached. The licenses of the first two could likely be acceptable for documentation in Fedora, but would need to be submitted and approved via https://gitlab.com/fedora/legal/fedora-license-data/-/issues. However, I am concerned that these Markdown documents don’t have clear “upstream” sources, and that they may in fact be modified in some way from the original documents, even if just by translating to Markdown – something their licenses expressly prohibit. The third document is a little worse, because the license text is missing. The fourth document is worse still, because it’s not clear that it *has* a license that allows redistribution. Your best bet is probably to work with upstream and ask them to make a new release with the contents of docs/ excluded so you don’t have to worry about these files. Failing that, you could do something similar to https://src.fedoraproject.org/rpms/rust-fiat-crypto/blob/426eb67ee434e9563467e17fecf20892ff6e9b1c/f/gen_clean_tarball.sh to produce a modified crate archive and upload that to the lookaside cache instead. Another issue I noticed is that license.txt contains the following: Copyright 2025 David Heurtevent Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. However, section 4.a of the Apache-2.0 license says, You must give any other recipients of the Work or Derivative Works a copy of this License which would seem to imply that the entire Apache-2.0 license text needs to be distributed in the crate. See also https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=182235 [Bug 182235] Fedora Legal Tracker -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2437480 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202437480%23c1 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
