Re: F40 Change Proposal: SPDC Licence Phase 3 (System-Wide)
Correction to title - SPDX Licence Phase 3 -- ___ devel-announce mailing list -- devel-annou...@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-annou...@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: F40 Change Proposal: SPDC Licence Phase 3 (System-Wide)
Correction to title - SPDX Licence Phase 3 -- ___ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
F40 Change Proposal: SPDC Licence Phase 3 (System-Wide)
wiki -> https://fedoraproject.org/wiki/Changes/RemovePythonMockUsage This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == The third phase of transition from using Fedora's short names for licenses to [https://spdx.org/licenses/ SPDX identifiers] in the License: field of Fedora package spec files. This phase focuses on finishing migrating packages from ELN set. We still do not expect that all packages from Fedora Linux will be migrated in this phase. == Owner == * Name: [[User:msuchy| Miroslav Suchý]], [[User:jlovejoy| Jilayne Lovejoy]], [[User:dcantrell| David Cantrell]], [[User:ref| Richard Fontana]] * Email: msu...@redhat.com, dcantr...@redhat.com, jlove...@redhat.com, rfont...@redhat.com == Detailed Description == This is follow-up of [[Changes/SPDX_Licenses_Phase_2|Phase 2]]. During this phase, all remaining packages should be migrated to use SPDX license identifiers in the License: field of the package spec file. So far, package maintainers have been updating their packages in accordance with the guidance provided at https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ and filing issues in the [https://gitlab.com/fedora/legal/fedora-license-data fedora-license-data repo]. Miroslav has been tracking how many packages that have been updated. Given the large number of packages in Fedora, this progress is good, but slow. The intake of newly discovered licenses is still more than we are able to process. We want to focus on adding the new license to both fedora-license-data and SPDX.org list. At the same time, we want to focus on the ELN subset of Fedora and cooperate with maintainers of these packages to finish the migration of these packages. This Change will be followed by [[Changes/SPDX_Licenses_Phase_4|Phase 4]], where we want to finish the migration of the remaining Fedora packages. == Feedback == See [[Changes/SPDX_Licenses_Phase_1#Feedback|feedback section of Phase 1]] Discussions on the mailing list: * [https://lists.fedoraproject.org/archives/search?q=SPDX+statistics=1=devel%40lists.fedoraproject.org=date-desc regular SPDX Statistics] * [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/3TGCSROJTSX5PXZLKOHCOMVIBTZDORNS/ SPDX - How to handle MIT and BSD] Challenges: * license-fedora2spdx tool uses mapping of legacy Fedora short names to SPDX identifiers using the [https://gitlab.com/fedora/legal/fedora-license-data/-/tree/main fedora-license-data] to suggest SPDX identifiers. Where there is an apparent one-to-one mapping, the package maintainer could simply update the License field: and move on. * for many packages, particularly packages that use "umbrella" legacy short names that may refer to a large set of unrelated or loosely related licenses, further inspection will be needed. Currently, Fedora documentation provides sparse advice on how to do this inspection and thus, a range of methods are used. Progress to date: [https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0 Burndow chart] == Benefit to Fedora == The use of standardized identifiers for licenses will align Fedora with other distributions and facilitates efficient and reliable identification of licenses. Depending on the level of diligence done in this transition, Fedora could be positioned as a leader and contributor to better license information upstream (of Fedora). == Scope == * Change Owners: ** Continue adding newly found licenses to fedora-license-data and to SPDX.org list. ** Continue to report progress ** Focus on the ELN subset of Fedora. * Other developers: ** All packages (during the package review) should use the SPDX expression. - this is redundant as this has already been approved since Phase 1, but it should be reminded. ** Migrate the existing License tag from a short name to an SPDX expression. * Release engineering: nothing * Policies and guidelines: all done in previous phases * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: == Upgrade/compatibility impact == License strings are not used anything in run time. This change will not affect the upgrade or runtime of Fedora. During the transition period, developer tools like rpminspect, licensecheck, etc. may produce false negatives. And we have to define a date where we flip these tools from old Fedora's short names to the SPDX formula. == How To Test == See [[Changes/SPDX_Licenses_Phase_1#How_To_Test|How to test section of Phase 1]] == User Experience == Users should be able to use standard software tools that audit licenses. E.g. for Software Bills of Materials. == Dependencies == No other dependencies. == Contingency Plan == * Contingency mechanism: There will be no way back. We are already
F40 Change Proposal: SPDC Licence Phase 3 (System-Wide)
wiki -> https://fedoraproject.org/wiki/Changes/RemovePythonMockUsage This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == The third phase of transition from using Fedora's short names for licenses to [https://spdx.org/licenses/ SPDX identifiers] in the License: field of Fedora package spec files. This phase focuses on finishing migrating packages from ELN set. We still do not expect that all packages from Fedora Linux will be migrated in this phase. == Owner == * Name: [[User:msuchy| Miroslav Suchý]], [[User:jlovejoy| Jilayne Lovejoy]], [[User:dcantrell| David Cantrell]], [[User:ref| Richard Fontana]] * Email: msu...@redhat.com, dcantr...@redhat.com, jlove...@redhat.com, rfont...@redhat.com == Detailed Description == This is follow-up of [[Changes/SPDX_Licenses_Phase_2|Phase 2]]. During this phase, all remaining packages should be migrated to use SPDX license identifiers in the License: field of the package spec file. So far, package maintainers have been updating their packages in accordance with the guidance provided at https://docs.fedoraproject.org/en-US/legal/update-existing-packages/ and filing issues in the [https://gitlab.com/fedora/legal/fedora-license-data fedora-license-data repo]. Miroslav has been tracking how many packages that have been updated. Given the large number of packages in Fedora, this progress is good, but slow. The intake of newly discovered licenses is still more than we are able to process. We want to focus on adding the new license to both fedora-license-data and SPDX.org list. At the same time, we want to focus on the ELN subset of Fedora and cooperate with maintainers of these packages to finish the migration of these packages. This Change will be followed by [[Changes/SPDX_Licenses_Phase_4|Phase 4]], where we want to finish the migration of the remaining Fedora packages. == Feedback == See [[Changes/SPDX_Licenses_Phase_1#Feedback|feedback section of Phase 1]] Discussions on the mailing list: * [https://lists.fedoraproject.org/archives/search?q=SPDX+statistics=1=devel%40lists.fedoraproject.org=date-desc regular SPDX Statistics] * [https://lists.fedoraproject.org/archives/list/de...@lists.fedoraproject.org/thread/3TGCSROJTSX5PXZLKOHCOMVIBTZDORNS/ SPDX - How to handle MIT and BSD] Challenges: * license-fedora2spdx tool uses mapping of legacy Fedora short names to SPDX identifiers using the [https://gitlab.com/fedora/legal/fedora-license-data/-/tree/main fedora-license-data] to suggest SPDX identifiers. Where there is an apparent one-to-one mapping, the package maintainer could simply update the License field: and move on. * for many packages, particularly packages that use "umbrella" legacy short names that may refer to a large set of unrelated or loosely related licenses, further inspection will be needed. Currently, Fedora documentation provides sparse advice on how to do this inspection and thus, a range of methods are used. Progress to date: [https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0 Burndow chart] == Benefit to Fedora == The use of standardized identifiers for licenses will align Fedora with other distributions and facilitates efficient and reliable identification of licenses. Depending on the level of diligence done in this transition, Fedora could be positioned as a leader and contributor to better license information upstream (of Fedora). == Scope == * Change Owners: ** Continue adding newly found licenses to fedora-license-data and to SPDX.org list. ** Continue to report progress ** Focus on the ELN subset of Fedora. * Other developers: ** All packages (during the package review) should use the SPDX expression. - this is redundant as this has already been approved since Phase 1, but it should be reminded. ** Migrate the existing License tag from a short name to an SPDX expression. * Release engineering: nothing * Policies and guidelines: all done in previous phases * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: == Upgrade/compatibility impact == License strings are not used anything in run time. This change will not affect the upgrade or runtime of Fedora. During the transition period, developer tools like rpminspect, licensecheck, etc. may produce false negatives. And we have to define a date where we flip these tools from old Fedora's short names to the SPDX formula. == How To Test == See [[Changes/SPDX_Licenses_Phase_1#How_To_Test|How to test section of Phase 1]] == User Experience == Users should be able to use standard software tools that audit licenses. E.g. for Software Bills of Materials. == Dependencies == No other dependencies. == Contingency Plan == * Contingency mechanism: There will be no way back. We are already
