Re: htdig: about to orphan due to license issues, how to?
On Mon, 13 Mar 2023 at 09:10, Petr Menšík wrote: > Okay, thank you. Retired the package in rawhide and orphaned the > package. If the removal should be required also in stable releases, I > would have to take it again. It would be a part of f38 as it is now > sadly, should it be removed even when it is already in the final freeze? > > This is for the beta versus final release so I think a ticket to releng https://pagure.io/releng/ explaining the reason and why it needs to be removed should cover it. For F37 and F36, it is there and done. I would just let it 'time-out' in those releases. > I am not sure how much severe is the license problem. Should all stable > branches get it retired too? Should complete removal [1] apply to this > package? > > 1. > > https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#complete_removal > > On 3/13/23 08:31, Florian Weimer wrote: > > * Petr Menšík: > > > >> Is it enough if I orphan that package? Is there any guidance where > >> existing package is found to have licensing problem, how should it be > >> solved? Should something be done to the stable branches also? Should > >> it be retired from all stable branches as well? How should I proceed > >> in this case? > > I think you should retire it from rawhide at least because it will fail > > to build after the C99 transition for Fedora 40 anyway. > > > > As far as I understand it, Fedora still has permission to distribute, we > > just don't like the license, so no special action is required from a > > licensing perspective. Neither Fedora Legal nor the packaging committee > > request removal in such cases or carry it out themselves. At most, a > > bug will be filed, but if the maintainer ignores it, basically nothing > > happens. > > > > Thanks, > > Florian > > > -- > Petr Menšík > Software Engineer, RHEL > Red Hat, https://www.redhat.com/ > PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB > ___ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: htdig: about to orphan due to license issues, how to?
Okay, thank you. Retired the package in rawhide and orphaned the package. If the removal should be required also in stable releases, I would have to take it again. It would be a part of f38 as it is now sadly, should it be removed even when it is already in the final freeze? I am not sure how much severe is the license problem. Should all stable branches get it retired too? Should complete removal [1] apply to this package? 1. https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/#complete_removal On 3/13/23 08:31, Florian Weimer wrote: * Petr Menšík: Is it enough if I orphan that package? Is there any guidance where existing package is found to have licensing problem, how should it be solved? Should something be done to the stable branches also? Should it be retired from all stable branches as well? How should I proceed in this case? I think you should retire it from rawhide at least because it will fail to build after the C99 transition for Fedora 40 anyway. As far as I understand it, Fedora still has permission to distribute, we just don't like the license, so no special action is required from a licensing perspective. Neither Fedora Legal nor the packaging committee request removal in such cases or carry it out themselves. At most, a bug will be filed, but if the maintainer ignores it, basically nothing happens. Thanks, Florian -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: htdig: about to orphan due to license issues, how to?
* Petr Menšík: > Is it enough if I orphan that package? Is there any guidance where > existing package is found to have licensing problem, how should it be > solved? Should something be done to the stable branches also? Should > it be retired from all stable branches as well? How should I proceed > in this case? I think you should retire it from rawhide at least because it will fail to build after the C99 transition for Fedora 40 anyway. As far as I understand it, Fedora still has permission to distribute, we just don't like the license, so no special action is required from a licensing perspective. Neither Fedora Legal nor the packaging committee request removal in such cases or carry it out themselves. At most, a bug will be filed, but if the maintainer ignores it, basically nothing happens. Thanks, Florian ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: htdig: about to orphan due to license issues, how to?
On Sat, Mar 11, 2023 at 8:58 AM Petr Menšík wrote: > Hi! > > I own htdig package, which got recently discovered license issue with > bundled libdb version ~3.x [1]. I think the only reason it is still in > Fedora is that just compiled for years back. I doubt anyone is using it > at the moment and I have never used it myself. I just inherited it when > joined Red Hat and just once fixed FTBFS bug, otherwise there weren't > been any feedback to it for years. > > It uses undeclared libdb copy with Sleepycat license, which were > declared incompatible for Fedora [2]. Just to clarify, the true Sleepycat License (while problematic by design) has always been allowed for Fedora. The bundled libdb in htdig is under a modification of the Sleepycat license that imposes use restrictions and is non-FOSS (in the relevant fedora-license-data issue I describe it as a "monstrosity"). Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: htdig: about to orphan due to license issues, how to?
Il 11/03/23 14:58, Petr Menšík ha scritto: > Hi! > > I own htdig package, which got recently discovered license issue with > bundled libdb version ~3.x [1]. I think the only reason it is still in > Fedora is that just compiled for years back. I doubt anyone is using it > at the moment and I have never used it myself. I just inherited it when > joined Red Hat and just once fixed FTBFS bug, otherwise there weren't > been any feedback to it for years. > > It uses undeclared libdb copy with Sleepycat license, which were > declared incompatible for Fedora [2]. I don't want to invest time to > make it compile with alternative database, because I don't think time > spent on it is worth it. If anyone would like to maintain and solve > those issues, send me a mail. I am happy to give it to anyone else. > Upstream is long dead though. > > Is it enough if I orphan that package? Is there any guidance where > existing package is found to have licensing problem, how should it be > solved? Should something be done to the stable branches also? Should it > be retired from all stable branches as well? How should I proceed in > this case? > > Best Regards, > Petr > My memory suggests that for this kind of trouble not only the package has to be retired in stable branches too, but the offending sources must also be deleted from lookaside cache to prevent being distributed by Fedora. However, I can't find anymore where this was written... Mattia ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: htdig: about to orphan due to license issues, how to?
On 11-03-2023 14:58, Petr Menšík wrote: Is it enough if I orphan that package? Is there any guidance where existing package is found to have licensing problem, how should it be solved? Should something be done to the stable branches also? Should it be retired from all stable branches as well? How should I proceed in this case? Orphaning the package should be enough. If no-one adopts it, it will be retired six weeks after orphaning. You can also chose to retire it directly[1]. Regarding stable branches, my initial gut feeling is that it should be retired/orphaned there as well since the license is prohibitive. But I'll leave that to more experienced packagers to comment on. [1] https://docs.fedoraproject.org/en-US/package-maintainers/Package_Retirement_Process/ -- Sandro ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
