SPDX Statistics - Morse edition

[Miroslav Suchý]

Hot news:

 SPDX released new license list https://github.com/spdx/license-list-XML/releases/tag/v3.24.0 with 25 new licenses. Lot 
of them are there because of Fedora maintainers. Thank you.



Two weeks ago we had:



* 23990spec files in Fedora

* 30640license tags in all spec files

* 10589 tags have not been converted to SPDX yet

* 4656 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,44% ░░ 100%

ELN subset:

90 out of 2394 packages are not converted yet (progress 96.23%) 


Today we have:

* 24034spec files in Fedora

* 30706license tags in all spec files

* 10497 tags have not been converted to SPDX yet

* 4620 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,81% ░░ 100%

ELN subset:

92 out of 2375 packages are not converted yet (progress 96.07%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    10 new licenses (plus several public domain declarations).
    4 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-05-12 (+17 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Why Morse edition? On today's date at 1884 Samuel Morse used the Morse system for telegraphy from Baltimore to 
Washington.He sent a message "Ce que Dieu a forgé". This was first electrical telegraph (previously optical ones were 
used). The code was then enhanced by Morse's assistant Vail and became recognized as Morse code.


https://en.wikipedia.org/wiki/Morse_code


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Vít Ondruch]

It is still not late to introduce e.g. `%callaway_licenses` macro and 
enclose the old licenses into such macro, to make it more obvious that 
those licenses were not converted yet. This should have been done from 
the start 



Vít


Dne 13. 05. 24 v 23:41 Miroslav Suchý napsal(a):

Dne 13. 05. 24 v 5:38 odp. Fabio Valentini napsal(a):

Can we at least still recommend to use the AND / OR / WITH
capitalization for Fedora license tags, even if the lower-case ones
are technically considered valid now?


The other way round. We will not encourage using lower case and all 
our examples use upper case.


And I will stop correcting such errors - I made dozens such PRs.

BTW

GfDl-1.1-oR-lAtEr AND cC-bY-Sa-3.0

is valid SPDX expression. And was even valid with SPDX v2.x 
specification. But please dont say that to anyone :)


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys

--
___
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_signature.asc
Description: OpenPGP digital signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Miroslav Suchý]

Dne 13. 05. 24 v 5:38 odp. Fabio Valentini napsal(a):

Can we at least still recommend to use the AND / OR / WITH
capitalization for Fedora license tags, even if the lower-case ones
are technically considered valid now?


The other way round. We will not encourage using lower case and all our 
examples use upper case.

And I will stop correcting such errors - I made dozens such PRs.

BTW

GfDl-1.1-oR-lAtEr AND cC-bY-Sa-3.0

is valid SPDX expression. And was even valid with SPDX v2.x specification. But 
please dont say that to anyone :)

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Neal Gompa]

On Mon, May 13, 2024 at 3:28 PM Richard Fontana  wrote:
>
> On Mon, May 13, 2024 at 11:44 AM Fabio Valentini  wrote:
> >
> > On Fri, May 10, 2024 at 11:29 AM Miro Hrončok  wrote:
> > >
> > > On 10. 05. 24 10:55, Miroslav Suchý wrote:
> > > > Hot news:
> > > >
> > > > SPDX v3 has been published. The biggest change for us is that 
> > > > license
> > > > expression allows lowercase operators (and, or, with). This got into the
> > > > specification because of your (Fedora maintainers) feedback!
> > >
> > > So we can now have packages with uppercase AND/ORs and packages with 
> > > lowercase
> > > and/ors and we can no longer quickly recognize SPDX expression by 
> > > observing
> > > uppercase AND/ORs?
> > >
> > > That does not sound like improvement to me :/
> >
> > I agree, this is just making things more confusing.
> > Can we at least still recommend to use the AND / OR / WITH
> > capitalization for Fedora license tags, even if the lower-case ones
> > are technically considered valid now?
>
> This all resulted from some Fedora contributors complaining about
> capitalized operators on (I think) aesthetic grounds. I guess you
> can't please everyone. :)
>

The only way to recognize SPDX expressions is to read the identifiers.
Everything else is a coincidence. :)



-- 
真実はいつも一つ！/ Always, there's only one truth!
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Richard Fontana]

On Mon, May 13, 2024 at 11:44 AM Fabio Valentini  wrote:
>
> On Fri, May 10, 2024 at 11:29 AM Miro Hrončok  wrote:
> >
> > On 10. 05. 24 10:55, Miroslav Suchý wrote:
> > > Hot news:
> > >
> > > SPDX v3 has been published. The biggest change for us is that license
> > > expression allows lowercase operators (and, or, with). This got into the
> > > specification because of your (Fedora maintainers) feedback!
> >
> > So we can now have packages with uppercase AND/ORs and packages with 
> > lowercase
> > and/ors and we can no longer quickly recognize SPDX expression by observing
> > uppercase AND/ORs?
> >
> > That does not sound like improvement to me :/
>
> I agree, this is just making things more confusing.
> Can we at least still recommend to use the AND / OR / WITH
> capitalization for Fedora license tags, even if the lower-case ones
> are technically considered valid now?

This all resulted from some Fedora contributors complaining about
capitalized operators on (I think) aesthetic grounds. I guess you
can't please everyone. :)

Richard
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Miro Hrončok]

On 10. 05. 24 22:45, Miroslav Suchý wrote:

Dne 10. 05. 24 v 11:29 dop. Miro Hrončok napsal(a):


So we can now have packages with uppercase AND/ORs and packages with 
lowercase and/ors and we can no longer quickly recognize SPDX expression by 
observing uppercase AND/ORs?


That does not sound like improvement to me :/


This is very very frequent mistake. Mistake for people that does not have time 
to study the specification and thinks that the case variant does not matter.


Recognizing if something is SPDX expression using uppercase operators is IMHO 
bad idea. What is wrong with `license-validate`?


license-validate does not fit into my head. Seeing uppercase AND/OR does not 
mean the SPDX expression is correct, it only means it is an attempt of an SPDX 
expression. Which is often enough for me, when I read a specfile. I won't run 
license-validate on it when I am there to bump a vertsion, but I will notice 
the License uses and/or and hence I can do the SPDX conversion shile touching 
it (that is, up until SPDX 3).


--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Fabio Valentini]

On Fri, May 10, 2024 at 11:29 AM Miro Hrončok  wrote:
>
> On 10. 05. 24 10:55, Miroslav Suchý wrote:
> > Hot news:
> >
> > SPDX v3 has been published. The biggest change for us is that license
> > expression allows lowercase operators (and, or, with). This got into the
> > specification because of your (Fedora maintainers) feedback!
>
> So we can now have packages with uppercase AND/ORs and packages with lowercase
> and/ors and we can no longer quickly recognize SPDX expression by observing
> uppercase AND/ORs?
>
> That does not sound like improvement to me :/

I agree, this is just making things more confusing.
Can we at least still recommend to use the AND / OR / WITH
capitalization for Fedora license tags, even if the lower-case ones
are technically considered valid now?

Fabio
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Miroslav Suchý]

Dne 10. 05. 24 v 11:47 odp. Gary Buhrmaster napsal(a):

Unless the BZs force a package to be
updated you may very well end up with
~20% of the Fedora packages nearly
forever not being updated with proper
SPDX licenses as they are as likely or
not going to be forever be on re-build
auto-pilot (thanks to the mass rebuild(s)).


My intentions, is that from that moment going forward, we can assume that all 
packages will have license in SPDX format.

And we can build a tooling that will work with SPDX only. If the package license tag was not in SPDX format (It is bug, 
we have plenty of them already across whole Fedora Linux) then it will be harder for you to work with the tooling. I.e.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Gary Buhrmaster]

On Fri, May 3, 2024 at 9:40 AM Miroslav Suchý  wrote:

> The current change
>
>   https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4
>
> is planned to be the last one. At the end of this phase - scheduled to 
> 2024-08-06 - we plan to mark this conversion as "done". My estimation is that 
> by that time 80% tags will be migrated. Everything remaining will treated as 
> a bug. I will open BZ for every remaining package.

Unless the BZs force a package to be
updated you may very well end up with
~20% of the Fedora packages nearly
forever not being updated with proper
SPDX licenses as they are as likely or
not going to be forever be on re-build
auto-pilot (thanks to the mass rebuild(s)).

Perhaps those packages will need to
(somehow?) be excluded from mass
rebuilds so they either get updated, or
are retired?
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Miroslav Suchý]

Dne 10. 05. 24 v 11:29 dop. Miro Hrončok napsal(a):


So we can now have packages with uppercase AND/ORs and packages with lowercase and/ors and we can no longer quickly 
recognize SPDX expression by observing uppercase AND/ORs?


That does not sound like improvement to me :/


This is very very frequent mistake. Mistake for people that does not have time to study the specification and thinks 
that the case variant does not matter.


Recognizing if something is SPDX expression using uppercase operators is IMHO bad idea. What is wrong with 
`license-validate`?


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Artur Frenszek-Iwicki]

>  SPDX v3 has been published. The biggest change for us is that license 
> expression
> allows lowercase operators (and, or, with). 
Worth noting is that the spec [0] says thse should be
either all-lowercase or ALL-UPPERCASE:
> License expression operators (AND, and, OR, or, WITH and with)
> should be matched in a case-sensitive manner, i.e., letters must be
> all upper case or all lower case.

Guess it's time for me to update my license string parser. [1]

A.FI.

[0] 
https://spdx.github.io/spdx-spec/v3.0/annexes/SPDX-license-expressions/#d2-case-sensitivity
[1] https://github.com/suve/vrms-rpm
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Hulk edition

[Miro Hrončok]

On 10. 05. 24 10:55, Miroslav Suchý wrote:

Hot news:

    SPDX v3 has been published. The biggest change for us is that license 
expression allows lowercase operators (and, or, with). This got into the 
specification because of your (Fedora maintainers) feedback!


So we can now have packages with uppercase AND/ORs and packages with lowercase 
and/ors and we can no longer quickly recognize SPDX expression by observing 
uppercase AND/ORs?


That does not sound like improvement to me :/

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Hulk edition

[Miroslav Suchý]

Hot news:

   SPDX v3 has been published. The biggest change for us is that license expression allows lowercase operators (and, 
or, with). This got into the specification because of your (Fedora maintainers) feedback!

   And there is new terminal AdditionRef-* which can be used for custom 
exceptions. We have no use for this now.
   It will take some time untill a tooling will accomodate this change. For fedora-license-data you can track it in 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/514


Two weeks ago we had:


* 23943spec files in Fedora

* 30600license tags in all spec files

* 10639 tags have not been converted to SPDX yet

* 4689 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,23% ░░ 100%

ELN subset:

94 out of 2394 packages are not converted yet (progress 96.07%)



Today we have:

* 23990spec files in Fedora

* 30640license tags in all spec files

* 10589 tags have not been converted to SPDX yet

* 4656 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,44% ░░ 100%

ELN subset:

90 out of 2394 packages are not converted yet (progress 96.23%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

No license has been added to fedora-license-data. Therefore no release and no 
update of documentation.


New projection when we will be finished is 2025-04-25 (+19 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Hulk? On today's date at 1962 Marvel published first comics about The Hulk. Stan Lee (the writer) stated that the 
Hulk's creation was inspired by a combination of Frankenstein and Dr. Jekyll and Mr. Hyde.


https://en.wikipedia.org/wiki/Hulk
http://tonsoffacts.com/32-fun-interesting-facts-hulk/

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Miroslav Suchý]

Dne 03. 05. 24 v 10:44 dop. Tim Landscheidt napsal(a):

Maybe I misunderstood the original post, but I did not per-
ceive the intent of the data's publication to be informative
and useful, but to motivate (converting the licenses).


This.

And to provide at least some estimates. When we started with this, there were people estimating the work for few months. 
Others to decades.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Miroslav Suchý]

Dne 03. 05. 24 v 1:59 dop. Gary Buhrmaster napsal(a):

Joking aside, I do agree the non-trivial conversions are
likely to be the hard ones, and there will be a very long
tail (many years more) for 100% as the work to deal with
some of those hard ones may require expertise that is
in limited or even unavailable supply, and when they
require new (legal) license reviews and SPDX definitions
they can take quite some time.  Alternatively, it is possible
that there is a target (say, 95%) after which the SPDX
conversion project will be stated to be "essentially"
complete and is ended even if not 100%.


The current change

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

is planned to be the last one. At the end of this phase - scheduled to 2024-08-06 - we plan to mark this conversion as 
"done". My estimation is that by that time 80% tags will be migrated. Everything remaining will treated as a bug. I will 
open BZ for every remaining package.


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Tim Landscheidt]

John Reiser  wrote:

>> New projection when we will be finished is 2025-04-06 (+5
>> days from last report).  Pure linear approximation.

> Such a linear approximation, based on the entire tracked history,
> is the second worst possible estimate.  (The worst possible estimate
> is the output of a random date generator.)

> Financial markets and other arenas using serious statistical forecasting
> have known for decades that it is much better to estimate by assuming
> a rate equal to the moving average rate over a fixed-length relevant
> period.  Repeatedly estimating based on the entire history does not
> meet the fixed-length requirement, because the entire history grows.
> Typical periods range from a small number of months to one year.
> For Fedora, one relevant period might be six months, the
> interval between scheduled releases.  Also useful are 90 and
> 120 days.

> Graphing the estimated completion date based on such a moving
> average rate would be much more informative and useful than the
> estimated dates which have been published so far.

Maybe I misunderstood the original post, but I did not per-
ceive the intent of the data's publication to be informative
and useful, but to motivate (converting the licenses).

Tim
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[John Reiser]

On 4/26/24 11:20, Miroslav Suchý wrote:

New projection when we will be finished is 2025-04-06 (+5 days from last 
report).  Pure linear approximation.


Such a linear approximation, based on the entire tracked history,
is the second worst possible estimate.  (The worst possible estimate
is the output of a random date generator.)

Financial markets and other arenas using serious statistical forecasting
have known for decades that it is much better to estimate by assuming
a rate equal to the moving average rate over a fixed-length relevant
period.  Repeatedly estimating based on the entire history does not
meet the fixed-length requirement, because the entire history grows.
Typical periods range from a small number of months to one year.
For Fedora, one relevant period might be six months, the interval 
between scheduled releases.  Also useful are 90 and 120 days.


Graphing the estimated completion date based on such a moving
average rate would be much more informative and useful than the
estimated dates which have been published so far.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Gary Buhrmaster]

On Thu, May 2, 2024 at 6:11 PM Matthew Miller  wrote:

> Just eyeballing the prediction graph in the Google doc, it looks like the
> linear approximation is distorted by the big drop in "non-trivial" last
> September. And, the slope for "converted" is pretty steep before that, but
> significantly flatter after. I think this is making the prediction a little
> too optimistic.
>
> If we extrapolate linearly just from 2023-09-29 on, that gives an end-date
> of 2026-02-22. And linearly is probably optimistic too, given the classic
> "last 10% is 90% of the time" thing.

Linear approximation is almost always wrong, it is just
also hard to predict by how much (we could make a
linear prediction on how bad it will be?).  If one only
looks at the graph for the last six months or so the
linear estimate for completion is more towards the
end of the century.

Joking aside, I do agree the non-trivial conversions are
likely to be the hard ones, and there will be a very long
tail (many years more) for 100% as the work to deal with
some of those hard ones may require expertise that is
in limited or even unavailable supply, and when they
require new (legal) license reviews and SPDX definitions
they can take quite some time.  Alternatively, it is possible
that there is a target (say, 95%) after which the SPDX
conversion project will be stated to be "essentially"
complete and is ended even if not 100%.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Alexander Ploumistos]

On Thu, May 2, 2024 at 8:11 PM Matthew Miller  wrote:
>
> If we extrapolate linearly just from 2023-09-29 on, that gives an end-date
> of 2026-02-22. And linearly is probably optimistic too, given the classic
> "last 10% is 90% of the time" thing.

That sounds reasonable, but we'll also be enjoying the "SPDX
statistics - X edition" tidbits for quite some time!
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - L'Aigle meteorite edition

[Matthew Miller]

On Fri, Apr 26, 2024 at 08:20:43PM +0200, Miroslav Suchý wrote:
> Graph of these data with the burndown chart:
> 
> https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing
[...]
> New projection when we will be finished is 2025-04-06 (+5 days from last
> report).  Pure linear approximation.

Just eyeballing the prediction graph in the Google doc, it looks like the
linear approximation is distorted by the big drop in "non-trivial" last
September. And, the slope for "converted" is pretty steep before that, but
significantly flatter after. I think this is making the prediction a little
too optimistic.

If we extrapolate linearly just from 2023-09-29 on, that gives an end-date
of 2026-02-22. And linearly is probably optimistic too, given the classic
"last 10% is 90% of the time" thing.

On the other hand, if we have some other big conversion efforts (like a
virtual hackfest or something), maybe factoring in a big jump _is_ right.


-- 
Matthew Miller

Fedora Project Leader
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - L'Aigle meteorite edition

[Miroslav Suchý]

Hot news:

   Automated migration of "trivial" conversions is in process. I migrated bunch of licenses that are only seldomly 
used. The bigger group (GPL*) are waiting at the starting line, but Jilayne asked me to wait a moment as she wants to 
check few things. I expect that the progress resumes after Red Hat summit (May 6-9).


Two weeks ago we had:


* 23901spec files in Fedora

* 30551license tags in all spec files

* 10964 tags have not been converted to SPDX yet

* 4964 tags can be trivially converted using `license-fedora2spdx`

* Progress: 64,11% ░░ 100%

ELN subset:

100 out of 2397 packages are not converted yet (progress 95.83%)



Today we have:

* 23943spec files in Fedora

* 30600license tags in all spec files

* 10639 tags have not been converted to SPDX yet

* 4689 tags can be trivially converted using `license-fedora2spdx`

* Progress: 65,23% ░░ 100%

ELN subset:

94 out of 2394 packages are not converted yet (progress 96.07%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    7 new licenses (plus two public domain declarations).
    10 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-04-06 (+5 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why L'Aigle meteorite? On today's date at 1803 meteorite fell upon the town L'Aigle in France. More than 3000 fragments 
reached ground. Previously scientists believed that meteorites were terrestrial. But this event brought first evidence 
that meteorites are extraterrestrial.


https://en.wikipedia.org/wiki/L%27Aigle_(meteorite)#

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Human Space Flight edition

[Miroslav Suchý]

Hot news:

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ contains usage column for licenses that are allowed for 
something (documentation, firmware...)


   Automated migration of "trivial" conversions have started (see other threads 
in this mailing list).

Two weeks ago we had:


* 23849spec files in Fedora

* 30493license tags in all spec files

* 11026 tags have not been converted to SPDX yet

* 5004 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,84% ░░ 100%

ELN subset:

100 out of 2395 packages are not converted yet (progress 95.82%)



Today we have:

* 23901spec files in Fedora

* 30551license tags in all spec files

* 10964 tags have not been converted to SPDX yet

* 4964 tags can be trivially converted using `license-fedora2spdx`

* Progress: 64,11% ░░ 100%

ELN subset:

100 out of 2397 packages are not converted yet (progress 95.83%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    1 new license (plus two public domain declarations).
    14 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-04-01 (+20 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Human Space Flight edition? On today's date at 1961 Yuri Gagarin flew to the space in Vostok 1. Since 1963 this day 
is celebrated as International Day of Human Space Flight. Also on this day at 1981 the first Space Shuttle (Columbia) 
was lunched.


https://en.wikipedia.org/wiki/International_Day_of_Human_Space_Flight

https://en.wikipedia.org/wiki/Vostok_1

And you may also learn about Oleg Ivanovsky 
https://www.telegraph.co.uk/news/obituaries/1713/Oleg-Ivanovsky-obituary.html#disqus_thread



Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Comenius edition

[Miroslav Suchý]

Hot news:

    The last phase https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 
has been approved with FESCO.

Two weeks ago we had:


* 23821spec files in Fedora

* 30463license tags in all spec files

* 11091 tags have not been converted to SPDX yet

* 4996 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,59% ░░ 100%

ELN subset:

105 out of 2411 packages are not converted yet (progress 95.64%)



Today we have:

* 23849spec files in Fedora

* 30493license tags in all spec files

* 11026 tags have not been converted to SPDX yet

* 5004 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,84% ░░ 100%

ELN subset:

100 out of 2395 packages are not converted yet (progress 95.82%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    3 new licenses (plus two public domain declarations).
    14 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-03-11 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Comenius edition? On today's date at 1592 Jan Amos Komensky was born. He was Moravian philosopher and pedagogue who 
is considered the father of modern education. He was first to define school year, school week, school leave. What are 
the requirements for a classroom. He set up school organization - from kindergarten to academia (university). Most of 
his principles are still valid. And some principles are still not yet achieved by some schools: Put everything into 
practice. Teaching should be fun. The pupil should be the teacher at the same time...


https://en.wikipedia.org/wiki/John_Amos_Comenius

https://en.wikipedia.org/wiki/Great_Didactic

https://en.wikipedia.org/wiki/Orbis_Pictus

https://en.wikipedia.org/wiki/Janua_linguarum_reserata


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

[Miroslav Suchý]

Dne 21. 03. 24 v 19:47 kloc...@fedoraproject.org napsal(a):

Those trivial substs probably would cover +90% of all packages in time in my 
estimation.


See

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0

The "trivial" conversion is possible for 4996 license tags (you do not want to count packages, you need to count License 
tags). Out of 11k.  That is 45%. For the remaining 55% you have to actually check the text of the license. Or use 
license scanner.



Currently in Fedora is 23ish k packages so to review with greater care ~2.5k 
lets say 30-50/day as afk/warming-up task each day should take for single 
person top few weeks .. not years. And because it would be done by single 
person I'm sure that he/she will be improving that task during that applying 
better and better methodology ans sometimes tools. In that approach I'm 100% 
sure that quality of that review will far greater than with spreading that task 
to all possible maintainers.
Issue only is that this can be done OLNY by proven packager because submission 
PRs/discussing/etc will eat order of magnitude more time to someone without 
such permission.


Do I understand it correctly that you are willing to help? I will help you get the proven packager status and onboard 
you to current state and availale tooling.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

[kloczek]

> On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko 
>  
> While I agree with some of what you're saying here, the problem is
> that it is, in fact, *not trivial* in many cases.
> Migrating the License tag from Callaway to SPDX identifiers is only
> the "easy" part of the transition.
> Re-reviewing package contents and re-classifying licenses is the
> non-trivial part, and that definitely can't be scripted.

Re-reviewing is another story/task.
What I wrote was about substing obvious cases.
Those trivial substs probably would cover +90% of all packages in time in my 
estimation.
Currently in Fedora is 23ish k packages so to review with greater care ~2.5k 
lets say 30-50/day as afk/warming-up task each day should take for single 
person top few weeks .. not years. And because it would be done by single 
person I'm sure that he/she will be improving that task during that applying 
better and better methodology ans sometimes tools. In that approach I'm 100% 
sure that quality of that review will far greater than with spreading that task 
to all possible maintainers.
Issue only is that this can be done OLNY by proven packager because submission 
PRs/discussing/etc will eat order of magnitude more time to someone without 
such permission.

Licenses are changing all the time so always will be non-empty set of spec 
files with incorrect Licence: field(s) assignment.
This is like with collecting mushrooms in the forest. Fist group collects "all 
what was possible to find" and went after all home with full buckets. Than 
second one after few days is doing the same .. and so on

kloczek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

[Miroslav Suchý]

Dne 20. 03. 24 v 15:20 Fabio Valentini napsal(a):

Migrating the License tag from Callaway to SPDX identifiers is only
the "easy" part of the transition.
Re-reviewing package contents and re-classifying licenses is the
non-trivial part, and that definitely can't be scripted.


*nod*

1) Trivial example: how would you convert "BSD" string?

2) During past few months I have seen lots of packages that changed their license to something else and only scancode 
reports revealed that to them.


3) Lots of license had long discussion if they should be allowed and how. E.g KDE uses LicenseRef-KDE-Accepted-LGPL 
which is valide SPDX id, but is not allowed in Fedora and you have to use "|LGPL-2.1-only OR LGPL-3.0-only"|


|4) And you probably missed that every 14 days I include something like "5-10 new license were identified and added (to 
SPDX list and to fedora-license-data). For lots of months. That is huge work that AFAIK no one before ever done. Across 
whole IT world.

|

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

[Fabio Valentini]

On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko  wrote:
>
> On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý  wrote:
>>
>> Hot news:
>>
>> The last phase has been announce 
>> https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will 
>> proceed when approved with FESCO.
>
>
> I think that generally you are wasting your man/hours posting such statistics.
> The same time could be used better by going with a few grep. sort, sed 
> oneliers to co update and align all packages License: fields and commit all 
> those changes across all per packages repos in a few minutes.
> Some of the proven packagers with RW access to all packages repos can apply 
> necessary changes in a few tenths of minutes.
> Subject of SPDX migrations are already IIRC active since July 2022 (soon it 
> will be two years anniversary).
> All those changes should not be applied relying on each package maintainers 
> because that change is from Trival™️ class.

While I agree with some of what you're saying here, the problem is
that it is, in fact, *not trivial* in many cases.
Migrating the License tag from Callaway to SPDX identifiers is only
the "easy" part of the transition.
Re-reviewing package contents and re-classifying licenses is the
non-trivial part, and that definitely can't be scripted.

Fabio
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Book Smugglers edition

[Tomasz Kłoczko]

On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý  wrote:

> Hot news:
> The last phase has been announce
> https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will
> proceed when approved with FESCO.
>

I think that generally you are wasting your man/hours posting such
statistics.
The same time could be used better by going with a few grep. sort, sed
oneliers to co update and align all packages License: fields and commit all
those changes across all per packages repos in a few minutes.
Some of the proven packagers with RW access to all packages repos can apply
necessary changes in a few tenths of minutes.
Subject of SPDX migrations are already IIRC active since July 2022 (soon it
will be two years anniversary).
All those changes should not be applied relying on each package maintainers
because that change is from Trival™️ class.

kloczek
-- 
Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Book Smugglers edition

[Miroslav Suchý]

Hot news:

    The last phase has been announce https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will proceed 
when approved with FESCO.


RC2 of SPDX  v.3 specification has been published. 
https://spdx.github.io/spdx-spec/v3.0/ .


Two weeks ago we had:


* 23786spec files in Fedora

* 30396license tags in all spec files

* 11182 tags have not been converted to SPDX yet

* 5044 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,21% ░░ 100%

ELN subset:

112 out of 2411 packages are not converted yet (progress 95.35%)



Today we have:

* 23821spec files in Fedora

* 30463license tags in all spec files

* 11091 tags have not been converted to SPDX yet

* 4996 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,59% ░░ 100%

ELN subset:

105 out of 2411 packages are not converted yet (progress 95.64%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    1 new license (plus two public domain declarations).
    16 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-02-22 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Book Smugglers? On this date, at 1846 was born Jurgis Bielinis who become successful book smugglers and even founded 
Garšviai Book Smuggling Society at the time of Lithuanian press ban. Bielinis is informally referred to as the King of 
Book Smugglers. Bielinis's birthday is commemorated as the Day of Book Smugglers.

More reading about Lithuanian book smugglers:
https://www.atlasobscura.com/articles/lithuanian-book-smugglers
https://en.wikipedia.org/wiki/Jurgis_Bielinis
(my favourite part is when he hid from police under his wife's skirt)
Does it inspired you? You can become book smuggler even nowadays: 
https://wordsrated.com/global-book-banning-statistics/


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Beginning of the year edition

[Miroslav Suchý]

Hot news:

    fedora-license-data has Copr project https://copr.fedorainfracloud.org/coprs/g/osci/fedora-license-data where new 
package is built whenever new PR is merged


    The last phase is ready for wrangler https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will 
proceed when approved with FESCO.


    I corrected lots of SPDX formula where you used lowercase "and", "or". The specification allows only "AND", "OR". 
This will likely change in specification version 3, but now the operator has to be upper case.


Two weeks ago we had:


* 23737spec files in Fedora

* 30335license tags in all spec files

* 11314 tags have not been converted to SPDX yet

* 5105 tags can be trivially converted using `license-fedora2spdx`

* Progress: 62,70% ░░ 100%

ELN subset:

128 out of 2412 packages are not converted yet (progress 94.69%)


Today we have:

* 23786spec files in Fedora

* 30396license tags in all spec files

* 11182 tags have not been converted to SPDX yet

* 5044 tags can be trivially converted using `license-fedora2spdx`

* Progress: 63,21% ░░ 100%

ELN subset:

112 out of 2411 packages are not converted yet (progress 95.35%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    7 new licenses (plus some public domain declarations).
    17 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-02-01 (+17 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Beggining of the year? That should be January 1st, right? Before the advent of the Gregorian calendar, March 1st was 
considered the beginning of the year. Hence Septemeber as the "seventh month" despite the fact it is 9th now. But in the 
Republic of Venice, for example, March was considered the beginning of the year until 1797. So in Venice, March 1790 < 
January 1790. For more interesting facts about time (and time zones) see this legendary video 
https://www.youtube.com/watch?v=-5wpm-gesOY



Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Ben Beasley]

Going purely by upstream support status, yes, GConf2 should be retired; 
it’s been obsolete for a decade.


Going by dependent packages, it’s not so simple. Some of these 
dependencies are no doubt spurious, optional, or otherwise “removable;” 
others are real hard dependencies from outdated-but-still-useful 
application packages.


$ repoquery --repo=rawhide -q --whatrequires GConf2 --recursive
GConf2-devel-0:3.2.6-41.fc40.i686
GConf2-devel-0:3.2.6-41.fc40.x86_64
GtkAda-devel-0:2.24.2-48.fc40.i686
GtkAda-devel-0:2.24.2-48.fc40.x86_64
GtkAda-gnome-0:2.24.2-48.fc40.i686
GtkAda-gnome-0:2.24.2-48.fc40.x86_64
alexandria-0:0.7.9-7.fc40.noarch
apcupsd-gui-0:3.14.14-31.fc40.x86_64
cbrpager-0:0.9.22-31.fc40.x86_64
ccgo-0:0.3.6.5-22.fc40.x86_64
cdcollect-0:0.6.0-42.fc40.x86_64
fantasdic-0:1.0-0.25.beta7.fc40.noarch
gconf-editor-0:3.0.1-29.fc40.x86_64
gconfmm26-0:2.28.3-72.fc40.i686
gconfmm26-0:2.28.3-72.fc40.x86_64
gconfmm26-devel-0:2.28.3-72.fc40.i686
gconfmm26-devel-0:2.28.3-72.fc40.x86_64
giver-0:0.1.8-38.fc40.x86_64
gnome-desktop-sharp-devel-0:2.26.0-49.fc40.i686
gnome-desktop-sharp-devel-0:2.26.0-49.fc40.x86_64
gnome-do-0:0.95.3-27.fc40.x86_64
gnome-do-devel-0:0.95.3-27.fc40.i686
gnome-do-devel-0:0.95.3-27.fc40.x86_64
gnome-phone-manager-0:0.69-45.fc40.x86_64
gnome-sharp-0:2.24.2-34.fc40.x86_64
gnome-sharp-devel-0:2.24.2-34.fc40.i686
gnome-sharp-devel-0:2.24.2-34.fc40.x86_64
gnome-translate-0:0.99-43.fc39.x86_64
gnome-vfs2-0:2.24.4-45.fc40.i686
gnome-vfs2-0:2.24.4-45.fc40.x86_64
gnome-vfs2-common-0:2.24.4-45.fc40.noarch
gnome-vfs2-devel-0:2.24.4-45.fc40.i686
gnome-vfs2-devel-0:2.24.4-45.fc40.x86_64
gnome-vfs2-monikers-0:2.15.3-37.fc40.x86_64
gnome-vfs2-smb-0:2.24.4-45.fc40.x86_64
gphotoframe-0:2.0.2-24.hg2084299dffb6.fc40.noarch
grhino-0:0.16.1-19.fc40.x86_64
gtk-sharp-beans-0:2.14.0-35.fc40.x86_64
gtk-sharp-beans-devel-0:2.14.0-35.fc40.i686
gtk-sharp-beans-devel-0:2.14.0-35.fc40.x86_64
icedtea-web-0:1.8.8-4.fc40.x86_64
icedtea-web-devel-0:1.8.8-4.fc40.noarch
icedtea-web-javadoc-0:1.8.8-4.fc40.noarch
ignuit-0:2.24.3-16.fc40.x86_64
libbonoboui-0:2.24.5-25.fc39.i686
libbonoboui-0:2.24.5-25.fc39.x86_64
libbonoboui-devel-0:2.24.5-25.fc39.i686
libbonoboui-devel-0:2.24.5-25.fc39.x86_64
libgnome-0:2.32.1-30.fc40.i686
libgnome-0:2.32.1-30.fc40.x86_64
libgnome-devel-0:2.32.1-30.fc40.i686
libgnome-devel-0:2.32.1-30.fc40.x86_64
libgnomeui-0:2.24.5-32.fc40.i686
libgnomeui-0:2.24.5-32.fc40.x86_64
libgnomeui-devel-0:2.24.5-32.fc40.i686
libgnomeui-devel-0:2.24.5-32.fc40.x86_64
librawstudio-0:2.1-0.35.20210527.gitc140a5e.s20231112gitc753388.fc40.i686
librawstudio-0:2.1-0.35.20210527.gitc140a5e.s20231112gitc753388.fc40.x86_64
librawstudio-devel-0:2.1-0.35.20210527.gitc140a5e.s20231112gitc753388.fc40.i686
librawstudio-devel-0:2.1-0.35.20210527.gitc140a5e.s20231112gitc753388.fc40.x86_64
linsmith-0:0.99.33-7.fc40.x86_64
mail-notification-0:5.4-111.git.9ae8768.fc40.x86_64
mono-addins-devel-0:1.3.3-6.fc40.i686
mono-addins-devel-0:1.3.3-6.fc40.x86_64
mono-tools-0:4.2-30.fc40.x86_64
mono-tools-devel-0:4.2-30.fc40.i686
mono-tools-devel-0:4.2-30.fc40.x86_64
mono-tools-gendarme-0:4.2-30.fc40.x86_64
mono-tools-monodoc-0:4.2-30.fc40.x86_64
monodevelop-0:5.10.0-27.fc40.x86_64
monodevelop-debugger-gdb-0:5.0.1-16.fc40.x86_64
monodevelop-devel-0:5.10.0-27.fc40.i686
monodevelop-devel-0:5.10.0-27.fc40.x86_64
mtn-browse-0:1.20-18.fc40.noarch
pdfmod-0:0.9.1-32.fc40.x86_64
perl-Gnome2-0:1.048-12.fc40.x86_64
perl-Gnome2-GConf-0:1.047-12.fc40.x86_64
perl-Gnome2-VFS-0:1.084-12.fc40.x86_64
pinta-0:1.7.1-7.fc40.x86_64
rawstudio-0:2.1-0.35.20210527.gitc140a5e.s20231112gitc753388.fc40.x86_64
ruby-bonoboui2-0:0.90.4-19.fc40.x86_64
ruby-bonoboui2-devel-0:0.90.4-19.fc40.i686
ruby-bonoboui2-devel-0:0.90.4-19.fc40.x86_64
ruby-gconf2-0:0.90.4-19.fc40.x86_64
ruby-gconf2-devel-0:0.90.4-19.fc40.i686
ruby-gconf2-devel-0:0.90.4-19.fc40.x86_64
ruby-gnome2-0:0.90.4-19.fc40.x86_64
ruby-gnome2-devel-0:0.90.4-19.fc40.i686
ruby-gnome2-devel-0:0.90.4-19.fc40.x86_64
ruby-gnomevfs-0:0.90.4-19.fc40.x86_64
ruby-gnomevfs-devel-0:0.90.4-19.fc40.i686
ruby-gnomevfs-devel-0:0.90.4-19.fc40.x86_64
ruby-libglade2-0:0.90.4-19.fc40.x86_64
ruby-libglade2-devel-0:0.90.4-19.fc40.i686
ruby-libglade2-devel-0:0.90.4-19.fc40.x86_64
sirius-0:0.8.0-46.fc40.x86_64
teg-0:0.12.0-7.fc40.x86_64
tomboy-0:1.15.9-20.fc40.x86_64
tomboy-devel-0:1.15.9-20.fc40.i686
tomboy-devel-0:1.15.9-20.fc40.x86_64
tomoe-gtk-devel-0:0.6.0-44.fc40.i686
tomoe-gtk-devel-0:0.6.0-44.fc40.x86_64
ucview-0:0.33-27.fc40.i686
ucview-0:0.33-27.fc40.x86_64
ucview-devel-0:0.33-27.fc40.i686
ucview-devel-0:0.33-27.fc40.x86_64
ufraw-0:0.23-0.17.20210425.fc39.x86_64
ufraw-common-0:0.23-0.17.20210425.fc39.x86_64
ufraw-gimp-0:0.23-0.17.20210425.fc39.x86_64
verbiste-gnome-0:0.1.48-3.fc40.x86_64
wallpapoz-0:0.6.2-16.fc40.noarch
xoo-0:0.8-23.fc40.x86_64

Looking only at direct dependencies:

$ fedrq wrsrc -s GConf2
GtkAda-2.24.2-48.fc40.src
alexandria-0.7.9-7.fc40.src
apcupsd-3.14.14-31.fc40.src
cdrdao-1.2.5-9.fc40.src

Re: SPDX Statistics - Please Please Me edition

[Miroslav Suchý]

Dne 26. 02. 24 v 15:51 Richard Hughes napsal(a):

If the SPDX listing isn't using src.fedoraproject.org and instead
using something like bugzilla please yell. Being listed as maintaining
all those also makes the packager-dashboard basically useless for me
too. 


I am using a script:

https://pagure.io/fedora-misc-package-utilities/blob/master/f/find-package-maintainers

And as you already found, it is using data from src.fedoraproject.org.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Zbigniew Jędrzejewski-Szmek]

On Mon, Feb 26, 2024 at 02:51:34PM +, Richard Hughes wrote:
> On Fri, 16 Feb 2024 at 15:07, Miroslav Suchý  wrote:
> > * 23711 spec files in Fedora
> 
> I was looking through the list for any of my packages, and I've found
> that I'm "maintaining" long dead packages like
> https://src.fedoraproject.org/rpms/GConf2

Should this package be retired?

Zbyszek
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Stephen Smoogen]

On Tue, 27 Feb 2024 at 09:44, Richard Hughes  wrote:

> On Mon, 26 Feb 2024 at 15:44, Stephen Smoogen  wrote:
> > I wonder if you have it from a group you are in or if it was the general
> creep of time that has added you to a lot of packages?
>
> I'm a packager and a provenpackager, so I'm a bit confused why I'm on
> so many packages as a separate committer. I've been at Red Hat for a
> lng time, so it might be various things being imported from cvs
> for example. I also see alexl is in the same boat as me.
>
> Is there any automated way to drop these? e.g. a git repo with ACLs
> that I could send a patch for?
>
>
I think it is all stored in the pagure database and would need to be
removed with either direct database commands or something similar. This
might be better to ask in a releng ticket so they can give direct answers.



> Richard.
> --
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>


-- 
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Richard Hughes]

On Mon, 26 Feb 2024 at 15:44, Stephen Smoogen  wrote:
> I wonder if you have it from a group you are in or if it was the general 
> creep of time that has added you to a lot of packages?

I'm a packager and a provenpackager, so I'm a bit confused why I'm on
so many packages as a separate committer. I've been at Red Hat for a
lng time, so it might be various things being imported from cvs
for example. I also see alexl is in the same boat as me.

Is there any automated way to drop these? e.g. a git repo with ACLs
that I could send a patch for?

Richard.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Stephen Smoogen]

On Mon, 26 Feb 2024 at 09:54, Richard Hughes  wrote:

> On Fri, 16 Feb 2024 at 15:07, Miroslav Suchý  wrote:
> > * 23711 spec files in Fedora
>
> I was looking through the list for any of my packages, and I've found
> that I'm "maintaining" long dead packages like
> https://src.fedoraproject.org/rpms/GConf2
>
> According to that I have "commit" ACLs, but I couldn't find any way to
> relinquish those using the web UI. I suppose I could contact the "main
> admin" of the package, but I don't think that would scale as I've also
> got "commit" on ~250 other packages.
>
> If the SPDX listing isn't using src.fedoraproject.org and instead
> using something like bugzilla please yell. Being listed as maintaining
> all those also makes the packager-dashboard basically useless for me
> too. :)
>

I wonder if you have it from a group you are in or if it was the general
creep of time that has added you to a lot of packages?

-- 
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Please Please Me edition

[Richard Hughes]

On Fri, 16 Feb 2024 at 15:07, Miroslav Suchý  wrote:
> * 23711 spec files in Fedora

I was looking through the list for any of my packages, and I've found
that I'm "maintaining" long dead packages like
https://src.fedoraproject.org/rpms/GConf2

According to that I have "commit" ACLs, but I couldn't find any way to
relinquish those using the web UI. I suppose I could contact the "main
admin" of the package, but I don't think that would scale as I've also
got "commit" on ~250 other packages.

If the SPDX listing isn't using src.fedoraproject.org and instead
using something like bugzilla please yell. Being listed as maintaining
all those also makes the packager-dashboard basically useless for me
too. :)

RIchard.
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Please Please Me edition

[Miroslav Suchý]

Hot news:

    SPDX did a new release of license list with 43 new licenses. Most of them 
were added thank to Fedora maintainers
https://github.com/spdx/license-list-XML/releases

Two weeks ago we had:


* 23711spec files in Fedora

* 30306license tags in all spec files

* 11542 tags have not been converted to SPDX yet

* 5193 tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,92% ░░ 100%

ELN subset:

217 out of 2766 packages are not converted yet (progress 92.15%)



Today we have:

* 23737spec files in Fedora

* 30335license tags in all spec files

* 11314 tags have not been converted to SPDX yet

* 5105 tags can be trivially converted using `license-fedora2spdx`

* Progress: 62,70% ░░ 100%

ELN subset:

128 out of 2412 packages are not converted yet (progress 94.69%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With:
    14 new licenses (plus some public domain declarations).
    20 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-01-17 (+12 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Please Please Me edition? On this day, in 1963 Beatles got the first place in UK music chart for the first time. It 
was their first album. They decided to record it after a success of their single. So they recorded 10 additional songs 
(in one day) and album Please Please Me was born. It stayed in the chart for almost a year until Beatles recorded next 
album. This was surprising as before this album the charts were occupied by movie songs and easy listening song for 
adults and not for teenagers. Follow the rabbit hole:


https://en.wikipedia.org/wiki/Please_Please_Me

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Selkirk edition

[Miroslav Suchý]

Hot news:

Richard and I had several days PTOs, so the progress of MR in 
fedora-license-data was affected by this.

Now lets dive into numbers:

Two weeks ago we had:


* 23681 spec files in Fedora

* 30232license tags in all spec files

* 11697 tags have not been converted to SPDX yet

* 5264tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,31% ░░ 100%

ELN subset:

250 out of 2439 packages are not converted yet (progress 89.75%)



Today we have:

* 23711spec files in Fedora

* 30306license tags in all spec files

* 11542 tags have not been converted to SPDX yet

* 5193 tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,92% ░░ 100%

ELN subset:

217 out of 2766 packages are not converted yet (progress 92.15%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 3 new licenses (plus some public domain declarations). 28 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

License analysis of remaining packages: 
http://miroslav.suchy.cz/fedora/spdx-reports/


New projection when we will be finished is 2025-01-05 (+15 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Selkirk edition? On this day, in 1709 Alexander Selkirk was rescued after living as a castaway for four years and 
four months. His story heavily inspired Daniel Defoe to write Robinson Crusoe.


https://en.wikipedia.org/wiki/Alexander_Selkirk

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Lisa edition

[Miroslav Suchý]

Hot news:

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3 was approved.

I generated license analysis using scancode-toolkit for all remaining packages 
http://miroslav.suchy.cz/fedora/spdx-reports/

Now lets dive into numbers:

Two weeks ago we had:


* 23542 spec files in Fedora

* 30058license tags in all spec files

* 11715 tags have not been converted to SPDX yet

* 5266tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,03% ░░ 100%

ELN subset:

290 out of 2457 packages are not converted yet (progress 88.20%)



Today we have:

* 23681 spec files in Fedora

* 30232license tags in all spec files

* 11697 tags have not been converted to SPDX yet

* 5264tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,31% ░░ 100%

ELN subset:

250 out of 2439 packages are not converted yet (progress 89.75%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 9 new licenses (plus some public domain declarations). 22 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-12-21 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Lisa edition? On this day, in 1983 Apple released Apple Lisa - first personal computer with a GUI. Read about it on 
https://en.wikipedia.org/wiki/Apple_Lisa It is reminder that Apple was not always successful. And that revolutionary 
products does not mean economical success and can be obsoleted by products that are "good-enough".


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Eight-hour day edition

[Miroslav Suchý]

Dne 05. 01. 24 v 8:14 Miroslav Suchý napsal(a):


To ease the migration I created a scantool-tookit reports for remaining 
packages. It is available here

http://miroslav.suchy.cz/fedora/spdx-reports/

Right now there are missing packages from ELN set and all other missing Fedora packages from A to L. The script 
generating the reports is still running - It has been running whole Chrismas.


If your package is missing wait few more days. Or you can install 
scancode-toolkit and run:
~/.local/bin/scancode --license --html /tmp/spdx.html --license-references  . 


I am adding more and more reports. Now all packages from A* to Q* are available.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Eight-hour day edition

[Miroslav Suchý]

Dne 05. 01. 24 v 7:38 Miroslav Suchý napsal(a):


Hot news:


I forgot to mention one thing:

To ease the migration I created a scantool-tookit reports for remaining 
packages. It is available here

http://miroslav.suchy.cz/fedora/spdx-reports/

Right now there are missing packages from ELN set and all other missing Fedora packages from A to L. The script 
generating the reports is still running - It has been running whole Chrismas.


If your package is missing wait few more days. Or you can install 
scancode-toolkit and run:
~/.local/bin/scancode --license --html /tmp/spdx.html --license-references  .


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Eight-hour day edition

[Miroslav Suchý]

Hot news:

The process of adding licenses is back on track.

https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3 has been submitted.

Now lets dive into numbers:

Two weeks ago we had:


* 23562 spec files in Fedora

* 30067license tags in all spec files

* 11907 tags have not been converted to SPDX yet

* 5370tags can be trivially converted using `license-fedora2spdx`

* Progress: 60,04% ░░ 100%

ELN subset:

507 out of 3734 packages are not converted yet (progress 86.42%)



Today we have:

* 23542 spec files in Fedora

* 30058license tags in all spec files

* 11715 tags have not been converted to SPDX yet

* 5266tags can be trivially converted using `license-fedora2spdx`

* Progress: 61,03% ░░ 100%

ELN subset:

290 out of 2457 packages are not converted yet (progress 88.20%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 6 new licenses (plus some public domain declarations). 17 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-11-30 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Eight-hour day? It is reference to working hours per day. Until early of 20th century it was common that working day 
ranged from 10 to 16 hours. There were numerous strikes and fights to lower it to 12 and 10. And later to 8. Until 5 
January 1914 when the Ford Motor Company took the radical step of doubling pay to $5 a day (equivalent to $150) and 
cutting shifts from nine hours to eight. When their profit margin doubled next year, other companies started to follow.


https://en.wikipedia.org/wiki/Eight-hour_day

Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Public Christmas Tree edition

[Miroslav Suchý]

Hot news:

We added new license LicenseRef-Fedora-Firmware that we use for firmware that does not have clear license declarations 
and only "Redistributable..."-like declarations.

https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/460/diffs

The process of adding the licenses on list is still very slow.

We come to conclusion how to handle LicenseRef-KDE-Accepted-* licenses 
https://gitlab.com/fedora/legal/fedora-legal-docs/-/merge_requests/265/diffs


We are working on phase 3 and phase 4 proposals. But they are not yet ready.
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_3
https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4

Now lets dive into numbers:

Two weeks ago we had:


* 23479 spec files in Fedora

* 29970license tags in all spec files

* 11999 tags have not been converted to SPDX yet

* 6587tags can be trivially converted using `license-fedora2spdx`


This was error, that was: 5412 tags can be trivially converted using 
`license-fedora2spdx`


* Progress: 59.96% ░█ 100%

ELN subset:

327 out of 2444 packages are not converted yet (progress 86.62%)



Today we have:

* 23562 spec files in Fedora

* 30067license tags in all spec files

* 11907 tags have not been converted to SPDX yet

* 5370tags can be trivially converted using `license-fedora2spdx`

* Progress: 60,04% ░░ 100%

ELN subset:

507 out of 3734 packages are not converted yet (progress 86.42%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 4 new licenses (plus some public domain declarations). 20 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too. And the table there was simplified.


New projection when we will be finished is 2024-11-14 (+20 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Public Christmas Tree? On today's date at 1919 Czech writer and poet Rudolf Těsnohlídek discovered abandoned girl, 
aged seventeen months, in danger of freezing. They rescued the girl and give her name Liduška. I was unable to find the 
published information in English so I translated what Těsnohlídek wrote (translation with the help of DeepL)"


"We found it last year on Christmas Eve under a lone spruce tree in the forests of Bílovy," the writer recalls. "We went 
looking for a Christmas tree, a tiny little fir. The lights were already on in the village, as everywhere was being 
busily cleaned up for the holidays. We fell into a valley through which thousands of hikers pass on summer Sundays. No 
one was passing through today. The only one returning was the gamekeeper, who had lingered behind to procure a crib for 
the church. We set off, so as not to get quite dark in the woods, to the nearest coppice on the steep hillside. We 
laboured our way over the frosty ground to the middle of the hillside, where it was flatter and where we could have 
taken a more vigorous step, but here the cry of the forest arrested the steps of the three of us. It was a few crows, 
which, cawing a warning to the others, had fallen on the opposite hillside. They swooped down to await death as always. 
We stood in human, unsparing curiosity, and then the wind blew a faint moan towards us. It was a poignant wail, a 
defenceless, dying, farewell to the world. So the deer one wails when mortally wounded. We wanted to shorten her agony 
and headed across the undergrowth to the supposed doe. How many small suitable Christmas trees there were, but we didn't 
spot a single one. All we could see in front of us at that moment was a sprawling spruce tree. Approaching it, we 
realized that the groan was the fading cry of a child. We froze in surprise. We imagined her standing there in her 
flimsy rags, wearing a thin skirt, waiting. Perhaps the mother had placed it here in the lee of the thicket to wait 
until it had gathered the brushwood, and it was afraid of the dark and the coming night, and therefore 

SPDX Statistics - Freeze 'Em All edition

[Miroslav Suchý]

Hot news:

We added new license LicenseRef-Not-Copyrightable that should be used for packages like foo-filesystem that e.g., create 
just directories and does not have copyrightable code nor content.


The process of adding the licenses on list is still very slow recently.

I made an error when added packages to ignore list (those that does not need any change) and my script ignored more 
packages than it should. It is fixed now. So about two dozen packages show up in list.


Now lets dive into numbers:

Two weeks ago we had:


* 23426 spec files in Fedora

* 29916license tags in all spec files

* 12081 tags have not been converted to SPDX yet

* 5482tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.62% ░█ 100%

ELN subset:

655 out of 3798 packages are not converted yet (progress 82.75%)



Today we have:

* 23479 spec files in Fedora

* 29970license tags in all spec files

* 11999 tags have not been converted to SPDX yet

* 6587tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.96% ░█ 100%

ELN subset:

327 out of 2444 packages are not converted yet (progress 86.62%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 4 new licenses (plus some public domain declarations). 17 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too. And the table there was simplified.


New projection when we will be finished is 2024-10-25 (+21 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Freeze 'Em All edition? On today's date at 2013 Metallica played a concert named Freeze 'Em All on Antartica station 
Base Carlini and become the first band that performed live concert on all seven continents.


https://en.wikipedia.org/wiki/Freeze_%27Em_All

https://www.youtube.com/watch?v=2Hi2u98VKxc


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Origin of Species edition

[Miroslav Suchý]

Hot news:

I have started looking at Cavil - tool that audit the licensing info after each 
commit.

The process of adding the licenses on list is still very slow recently.

Now lets dive into numbers:

Two weeks ago we had:


* 23365 spec files in Fedora

* 29583license tags in all spec files

* 12255 tags have not been converted to SPDX yet

* 5577tags can be trivially converted using `license-fedora2spdx`

* Progress: 58.95% ░█ 100%

ELN subset:

623 out of 3969 packages are not converted yet (progress 84%)


Today we have:

* 23426 spec files in Fedora

* 29916license tags in all spec files

* 12081 tags have not been converted to SPDX yet

* 5482tags can be trivially converted using `license-fedora2spdx`

* Progress: 59.62% ░█ 100%

ELN subset:

655 out of 3798 packages are not converted yet (progress 82.75%)

Graph of these data with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 5 new licenses (plus some public domain declarations). 16 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-10-05 (+16 days from last 
report).  Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Origin of Species edition? On today's date at 1859 was published Charles Darwin's book On the Origin of Species - 
first scientific work that species evolves over generations through natural selection. It took Darwin 20 years to write 
this book and he delayed it because he wanted finish his book about coral reefs first. The book had several edition and 
sixth edition was the first one that used the word "evolution".


https://en.wikipedia.org/wiki/On_the_Origin_of_Species


Miroslav


--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

RE: Reichspogromnacht (was: SPDX Statistics - Kristallnacht edition)

[Kenneth Goldman]

For the record, Americans use the term Kristallnacht, and American Jews do
not find it offensive.

It is used as the symbolic start date of the holocaust, and there are often
memorial services.

> > > Note that the term "Kristallnacht" (or "Reichskristallnacht") is
> > > itself a nazi propaganda term, and it is nowadays generally agreed
> > > in Austria and Germany that that term should not be used. Broken
> > > glass is just broken glass, not "crystal". And the term only
> > > (euphemistically) mentions the violence against things and neglects
> > > to mention the violence against people.


smime.p7s
Description: S/MIME cryptographic signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reichspogromnacht (was: SPDX Statistics - Kristallnacht edition)

[Eike Rathke]

Hi,

On Thursday, 2023-11-16 11:19:24 +0100, Michael J Gruber wrote:

> Am Do., 16. Nov. 2023 um 01:27 Uhr schrieb Kevin Kofler via devel <
> devel@lists.fedoraproject.org>:
> > Miroslav Suchý wrote:
> > > Why Kristallnachte edition? On today's date at 1938, was i Kristallnacht
> > > (Night of Broken Glass) - a pogrom against Jews in Germany. It was first
> > > step where every other step was worse than the previous one. It was
> > > basicaly a first step that lead to holocaust.
> >
> > https://en.wikipedia.org/wiki/Kristallnacht#Kristallnacht_as_a_turning_point
> >
> > Note that the term "Kristallnacht" (or "Reichskristallnacht") is itself a
> > nazi propaganda term, and it is nowadays generally agreed in Austria and
> > Germany that that term should not be used. Broken glass is just broken
> > glass, not "crystal". And the term only (euphemistically) mentions the
> > violence against things and neglects to mention the violence against
> > people.
> 
> Historical events do not vanish by renaming them - and no single word can
> describe the horror, be it "massacre" or "catastrophe" in the language of
> your choice. We need to educate ourselves (and then others) about events
> and names, and in fact that is what Miro's historical connotations can do,
> even when they give us shivers.

And that is why it is more correctly named Reichspogromnacht (for Pogrom
see https://en.wikipedia.org/wiki/Pogrom), because it is not just about
shattered glass but all the violence against the ethnic/religious group.

And even more, Novemberpogrome, because it was not only one night. (term
also mentioned in the English Kristallnacht Wikipedia article above).
https://de.wikipedia.org/wiki/Novemberpogrome_1938

  Eike

-- 
GPG key 0x6A6CD5B765632D3A - 2265 D7F3 A7B0 95CC 3918  630B 6A6C D5B7 6563 2D3A


signature.asc
Description: PGP signature
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Kristallnacht edition

[Michael J Gruber]

Am Do., 16. Nov. 2023 um 01:27 Uhr schrieb Kevin Kofler via devel <
devel@lists.fedoraproject.org>:

> Miroslav Suchý wrote:
> > Why Kristallnachte edition? On today's date at 1938, was i Kristallnacht
> > (Night of Broken Glass) - a pogrom against Jews in Germany. It was first
> > step where every other step was worse than the previous one. It was
> > basicaly a first step that lead to holocaust.
> >
> >
>
> https://en.wikipedia.org/wiki/Kristallnacht#Kristallnacht_as_a_turning_point
>
> Note that the term "Kristallnacht" (or "Reichskristallnacht") is itself a
> nazi propaganda term, and it is nowadays generally agreed in Austria and
> Germany that that term should not be used. Broken glass is just broken
> glass, not "crystal". And the term only (euphemistically) mentions the
> violence against things and neglects to mention the violence against
> people.
>
> ... and that is why Miro mentioned all of that explicitly (and
diligently), and even pointed to a source for more information.

Historical events do not vanish by renaming them - and no single word can
describe the horror, be it "massacre" or "catastrophe" in the language of
your choice. We need to educate ourselves (and then others) about events
and names, and in fact that is what Miro's historical connotations can do,
even when they give us shivers.

Michael
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Kristallnacht edition

[Kevin Kofler via devel]

Miroslav Suchý wrote:
> Why Kristallnachte edition? On today's date at 1938, was i Kristallnacht
> (Night of Broken Glass) - a pogrom against Jews in Germany. It was first
> step where every other step was worse than the previous one. It was
> basicaly a first step that lead to holocaust.
> 
> 
https://en.wikipedia.org/wiki/Kristallnacht#Kristallnacht_as_a_turning_point

Note that the term "Kristallnacht" (or "Reichskristallnacht") is itself a 
nazi propaganda term, and it is nowadays generally agreed in Austria and 
Germany that that term should not be used. Broken glass is just broken 
glass, not "crystal". And the term only (euphemistically) mentions the 
violence against things and neglects to mention the violence against people.

Kevin Kofler
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Kristallnacht edition

[Miroslav Suchý]

Hot news:

Robert-Andre Mauchin packaged python-spdx-tools for Fedora. For scancode-toolkit - all dependencies are finally reviewed 
and present in Fedora, scancode-toolkit is in the middle of review. Big thanks to Robert and everybody who did the 
package reviews.


The process of adding the licenses on list is very slow recently as the lawyers does not have too much free time before 
the end of the year.


Now lets dive into numbers:

Two weeks ago we had:


* 23282 spec files in Fedora

* 29750license tags in all spec files

* 12512 tags have not been converted to SPDX yet

* 5677tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.94% ░█ 100%

ELN subset:

437 out of 3013 packages are not converted yet (progress 85%)



Today we have:

* 23365 spec files in Fedora

* 29583license tags in all spec files

* 12255 tags have not been converted to SPDX yet

* 5577tags can be trivially converted using `license-fedora2spdx`

* Progress: 58.95% ░█ 100%

ELN subset:

623 out of 3969 packages are not converted yet (progress 84%)

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 2 new licenses (plus bunch of public domain declarations). 19 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-09-19.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Very impractical tip of the day:

   A compendium of absurd, funny, and downright bad licenses: 
https://github.com/ErikMcClure/bad-licenses/


Why Kristallnachte edition? On today's date at 1938, was i Kristallnacht (Night of Broken Glass) - a pogrom against Jews 
in Germany. It was first step where every other step was worse than the previous one. It was basicaly a first step that 
lead to holocaust.


https://en.wikipedia.org/wiki/Kristallnacht#Kristallnacht_as_a_turning_point

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Wichterle edition

[Miroslav Suchý]

Hot news:

fedora-license data now includes machine readable field with known exceptions 
to use otherwise not-allowed exception

https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/422

This  field is already exported to JSON and license-validate understand it:

$ license-validate--packagefedora-logos  LicenseRef-Fedora-Logos
 Uses not-allowed license, but package is known to be exception.
 Run with -v option to see more information.
 $ license-validate LicenseRef-Fedora-Logos
 Uses not-allowed license.
 Run with -v option to see more information.
 [exit code 1]

rpminspect feature is tracked under 
https://github.com/rpminspect/rpminspect/issues/1286

If you have a package that uses not-allowed license and you are using exception, please open issue at 
https://gitlab.com/fedora/legal/fedora-license-data


Now lets dive into numbers:

Two weeks ago we had:


* 23188 spec files in Fedora

* 29635license tags in all spec files

* 12724 tags have not been converted to SPDX yet

* 5742tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.06% ░█ 100%

ELN subset:

490 out of 3139 packages are not converted yet



Today we have:

* 23282 spec files in Fedora

* 29750license tags in all spec files

* 12512 tags have not been converted to SPDX yet

* 5677tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.94% ░█ 100%

ELN subset:

437 out of 3013 packages are not converted yet (progress 85%)

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 1 new license (plus bunch of public domain declarations). 20 
licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-09-07.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

   Do you know there is a standard to describe license of project that consist of different files with different 
licenses? https://reuse.software/



Why Wichterle edition? On today's date at 1913, the inventor of soft contact lens was born. His story is full of 
surprises: he used kids toy set to construct first Spin Casting Machine; Czech regime sold the patent to US company for 
couple of bucks because they did not want to allow traveling of this scientist to US to defend the patent. And Otto 
Wichterle spent most of his life as regular scientist without any glory because he signed petition against a regime.


https://en.wikipedia.org/wiki/Otto_Wichterle

https://web.archive.org/web/20150129033858/http://www.andrewgasson.co.uk/opioneers_wichterle.htm

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Miracle of the Sun edition

[Robert-André Mauchin]

On 10/13/23 08:15, Miroslav Suchý wrote:

Hot news:

There was new release of SPDX License list. If you want to see impact of Fedora work you can 
check number of new licenses in recent releases and compare


https://github.com/spdx/license-list-XML/releases

and compare it with content of the releases before we started migrating packages (~ Nov 
2022) i.e. version 3.19.


Reviewers wanted: Package review of scancode-toolkit still need 3 dependencies to be review 
https://bugzilla.redhat.com/show_bug.cgi?id=2235055


Now lets dive into numbers:

Two weeks ago we had:


* 23100 spec files in Fedora

* 29479license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░█ 100%

ELN subset:

913 out of 3957 packages are not converted yet



Today we have:

* 23188 spec files in Fedora

* 29635license tags in all spec files

* 12724 tags have not been converted to SPDX yet

* 5742tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.06% ░█ 100%

ELN subset:

490 out of 3139 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 15 new licenses (plus bunch of 
public domain declarations). 15 licenses are waiting to be review by SPDX.org (and then to 
be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-23.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX 
and you know your license tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.



I'm updating Clementine to SPDX, with full reanalysis of the project:

# Apache-2.0:
#   - ext/libclementine-common/core/latch.cpp
#   - ext/libclementine-common/core/latch.h
#   - ext/libclementine-remote/remotecontrolmessages.proto
#   - ext/libclementine-common/core/logging.cpp
#   - ext/libclementine-common/core/logging.h
#   - ext/libclementine-common/core/messagehandler.cpp
#   - ext/libclementine-common/core/messagehandler.h
#   - ext/libclementine-common/core/override.h
#   - ext/libclementine-common/core/timeconstants.h
# BSL-1.0: 3rdparty/utf8-cpp
# GPL-2.0-or-later:
#   - src/engines/gstengine.cpp
#   - src/engines/gstengine.h
#   - src/widgets/sliderwidget.cpp
#   - src/widgets/sliderwidget.h
# LGPL-2.0-or-later:
#   - gst/moodbar/gstfastspectrum.cpp
#   - gst/moodbar/gstfastspectrum.h
# LGPL-2.1-only:
#   - 3rdparty/taglib
#   - src/widgets/stylehelper:
# LGPL-2.1-only WITH Qt-LGPL-exception-1.1 OR GPL-3.0-only:
#   - 3rdparty/qsqlite/clementinesqlcachedresult.cpp
#   - 3rdparty/qsqlite/clementinesqlcachedresult.h
#   - 3rdparty/qsqlite/qsql_sqlite.cpp
#   - 3rdparty/qsqlite/qsql_sqlite.h
# LGPL-2.1-only WITH Qt-LGPL-exception-1.1 OR LGPL-3.0-only WITH 
Qt-LGPL-exception-1.1:
#   - 3rdparty/qsqlite/smain.cpp
#   - 3rdparty/qsqlite/smain.h
# MIT: 3rdparty/qocoa
License:GPL-3.0-or-later AND GPL-2.0-or-later AND BSL-1.0 AND LGPL-2.0-or-later AND 
LGPL-2.1-only AND Apache-2.0 AND (LGPL-2.1-only WITH Qt-LGPL-exception-1.1 OR GPL-3.0-only) 
AND (LGPL-2.1-only WITH Qt-LGPL-exception-1.1 OR LGPL-3.0-only WITH Qt-LGPL-exception-1.1) 
AND MIT

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Miracle of the Sun edition

[zebob . m]

On 10/13/23 2:46 PM, Michael Catanzaro  wrote:

On Fri, Oct 13 2023 at 08:15:39 AM +0200, Miroslav Suchý  
wrote:
> Scancode-toolkit is not yet in Fedora, but you can instal it form PyPI:
>
>     $ pip install scancode-toolkit
>  $  ~/.local/bin/scancode --license --html /tmp/spdx.html .
>

I attempted this, but unfortunately it depedns on intbitset which is incompatible with 
python 3.12, so it won't work if you've upgraded to Fedora 39. Example errors:


  intbitset/intbitset.c: In function ‘__Pyx_Raise’:
  intbitset/intbitset.c:15725:34: error: ‘PyThreadState’ {aka ‘struct _ts’} has no 
member named ‘curexc_traceback’

  15725 | PyObject* tmp_tb = tstate->curexc_traceback;
    | ^~
  intbitset/intbitset.c:15728:19: error: ‘PyThreadState’ {aka ‘struct _ts’} has no 
member named ‘curexc_traceback’

  15728 | tstate->curexc_traceback = tb;
    | ^~


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue


It's on my COPR and review requests are up

https://copr.fedorainfracloud.org/coprs/eclipseo/scancode-toolkit/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Miracle of the Sun edition

[Michael Catanzaro]

On Fri, Oct 13 2023 at 08:15:39 AM +0200, Miroslav Suchý 
 wrote:
Scancode-toolkit is not yet in Fedora, but you can instal it form 
PyPI:


$ pip install scancode-toolkit
 $  ~/.local/bin/scancode --license --html /tmp/spdx.html .



I attempted this, but unfortunately it depedns on intbitset which is 
incompatible with python 3.12, so it won't work if you've upgraded to 
Fedora 39. Example errors:


 intbitset/intbitset.c: In function ‘__Pyx_Raise’:
 intbitset/intbitset.c:15725:34: error: ‘PyThreadState’ {aka 
‘struct _ts’} has no member named ‘curexc_traceback’

 15725 | PyObject* tmp_tb = tstate->curexc_traceback;
   | ^~
 intbitset/intbitset.c:15728:19: error: ‘PyThreadState’ {aka 
‘struct _ts’} has no member named ‘curexc_traceback’

 15728 | tstate->curexc_traceback = tb;
   | ^~


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Miracle of the Sun edition

[Sandro]

On 13-10-2023 08:15, Miroslav Suchý wrote:
Reviewers wanted: Package review of scancode-toolkit still need 3 
dependencies to be review 
https://bugzilla.redhat.com/show_bug.cgi?id=2235055


I took up three of those reviews, but they have been idling ever since...

-- Sandro
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Miracle of the Sun edition

[Miroslav Suchý]

Hot news:

There was new release of SPDX License list. If you want to see impact of Fedora work you can check number of new 
licenses in recent releases and compare


https://github.com/spdx/license-list-XML/releases

and compare it with content of the releases before we started migrating 
packages (~ Nov 2022) i.e. version 3.19.

Reviewers wanted: Package review of scancode-toolkit still need 3 dependencies to be review 
https://bugzilla.redhat.com/show_bug.cgi?id=2235055


Now lets dive into numbers:

Two weeks ago we had:


* 23100 spec files in Fedora

* 29479license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░█ 100%

ELN subset:

913 out of 3957 packages are not converted yet



Today we have:

* 23188 spec files in Fedora

* 29635license tags in all spec files

* 12724 tags have not been converted to SPDX yet

* 5742tags can be trivially converted using `license-fedora2spdx`

* Progress: 57.06% ░█ 100%

ELN subset:

490 out of 3139 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 15 new licenses (plus bunch of public domain declarations). 
15 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data) 
https://gitlab.com/fedora/legal/fedora-license-data/-/issues/?label_name%5B%5D=SPDX%3A%3Ablocked


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-23.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

Scancode-toolkit is not yet in Fedora, but you can instal it form PyPI:

    $ pip install scancode-toolkit
    $  ~/.local/bin/scancode --license --html /tmp/spdx.html .

This will produce nice report of all files in current directory. Beware that 
the scan takes looong time.

Why Miracle of the Sun edition? On today's date at 1917, was last event from series of events also known as Miracle of 
Fatima. Thousands people watched extraodinary solar activity. This was the biggest miracle of 20th century.


https://en.wikipedia.org/wiki/Miracle_of_the_Sun


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Munich Agreement edition

[Miroslav Suchý]

Dne 03. 10. 23 v 9:31 John Reiser napsal(a):


Especially because texlive was such an outlier, then any linear estimate
should state the starting and ending dates that were used for the projection. 


https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0

See the formula in cell A53

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Munich Agreement edition

[John Reiser]

New projection when we will be finished is 2024-08-06.  Pure linear 
approximation.


Especially because texlive was such an outlier, then any linear estimate
should state the starting and ending dates that were used for the projection.
Similar to financial statistics, it might be better
to use a moving average over a constant trailing duration
(such as previous 90 days), perhaps with adjustment due to texlive.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Munich Agreement edition

[Richard Fontana]

On Fri, Sep 29, 2023 at 3:03 AM Miroslav Suchý  wrote:

> Can I ask for additional help? Robert-André packaged scancode-toolkit for 
> Fedora. This is license-check on steroids. Very useful and powerful tool. But 
> it has lots of dependencies. Robert packaged them too.

That's great news!

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Munich Agreement edition

[Miroslav Suchý]

Hot news: we are over 50 %!!! With almost 4k license tags converted in past 2 
weeks. How it was possible?

First - it is because you rocks and really lots of work has been done. Both on our (Change owners) side and on you as 
package maintainers.


But the biggest impact was migration of texlive package. Texlive is huge package and it has 6558 subpackages and 4010 
License tags. Texlive package was converted to SPDX format long time ago. But it is not sufficient to use SPDX formula. 
The license has to be approved for usage in Fedora too. I.e. SPDX IDs added to fedora-license-data collection. It took 
some time and the licenses ware review few days ago. This resulted in 3700 license tags being suddenly marked as 
migrated. That is good, because it was result of several months of work. There will be additional work because there is 
still 339 tags that does not conform our guidelines and one license has been found as not-allowed. Richard and Than is 
working on it and I applaud to them.


I must highlight that we added 25 license to fedora-license-data in past 2 weeks. That is almost 2 licenses per day 
(including weekends). When you realize that it requires legal audit, comparing to existing licenses, diving into 
history, sometimes communicating with stewards of the licenses. Submitting them to SPDX where we discuss it and add 
markup that allow to have template for several similar licenses... This is simply amazing pace.


Can I ask for additional help? Robert-André packaged scancode-toolkit for Fedora. This is license-check on steroids. 
Very useful and powerful tool. But it has lots of dependencies. Robert packaged them too. He "just" need reviewers to 
get this in Fedora. If you can check "Depends on" of https://bugzilla.redhat.com/show_bug.cgi?id=2235055 and do review 
of one of these dependecies that will be awesome.


Now lets dive into numbers:

Two weeks ago we had:


* 23143 spec files in Fedora

* 29600license tags in all spec files

* 16169 tags have not been converted to SPDX yet

* 5903tags can be trivially converted using `license-fedora2spdx`

* Progress: 45.35% ██ 100%

ELN subset:

603 out of 2986 packages are not converted yet



Today we have:

* 23100 spec files in Fedora

* 29479license tags in all spec files

* 12870 tags have not been converted to SPDX yet

* 5817tags can be trivially converted using `license-fedora2spdx`

* Progress: 56.34% ░█ 100%

ELN subset:

913 out of 3957 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 25 new licenses (plus bunch of public domain declarations). 
18 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-08-06.  Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Munich Agreement edition? On today's date [*] at 1938, four biggest European countries agreed that Germany can annex 
border parts of Czechoslovakia where ethnics German lived. It was done in hope that it will stop the low-intensity war 
and to keep the peace in Europe. But it was actually prelude to World War II.


https://en.wikipedia.org/wiki/Munich_Agreement

[*] the pact was signed shortly after midnight, so some resources use tomorrows 
date.


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Marco Polo edition

[Miroslav Suchý]

I forgot to add one important piece of news about rust packages:

Because Fabio reported that all crates (rust-*) has been migrated. I added all rust-* packages that has "valid as SPDX 
but no changelog entry" to ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt#_72

And remove the the wide rust-* regexp from ignore list.

That revealed remaining issues with crates, rust itself and coreos-installer 
that were previously hidden. See

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt#_11221

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Marco Polo edition

[Miroslav Suchý]

Two weeks ago we had:


* 23128 spec files in Fedora

* 29572license tags in all spec files

* 16519 tags have not been converted to SPDX yet

* 6059tags can be trivially converted using `license-fedora2spdx`

* Progress: 44.14% ██ 100%

ELN subset:

825 out of 2479 packages are not converted yet



Today we have:

* 23143 spec files in Fedora

* 29600license tags in all spec files

* 16169 tags have not been converted to SPDX yet

* 5903tags can be trivially converted using `license-fedora2spdx`

* Progress: 45.35% ██ 100%

ELN subset:

603 out of 2986 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 17 new licenses (plus bunch of public domain declarations). 
31 licenses are waiting to be review by SPDX.org (and then to be added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-30 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why Marco Polo edition? On today's date at 1254, an Italian merchant Marco Polo was born. He traveled to Asia (today's 
China). It took him 4 years to get there, 3 years to get back. And he stayed 17 years there. He wrote a book Millione 
about this travel. That made him famous and even nowadays is great insight about Asia of that time.


https://en.wikipedia.org/wiki/Marco_Polo
https://en.wikipedia.org/wiki/The_Travels_of_Marco_Polo

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Passenger pigeon edition

[Jilayne Lovejoy]

On 9/2/23 5:32 AM, Miroslav Suchý wrote:

Dne 02. 09. 23 v 13:07 Zbigniew Jędrzejewski-Szmek napsal(a):

"python-lit warning: valid as old and new and no changelong entry, please check"

The License string is valid as both the old-style Fedora license and a SPDX
expression, and the tooling did not match anything in the changelog that would
indicate the license was converted to SPDX.


Typical example is

MIT

this is valid string in old system. And also in the SPDX format. But 
the old MIT represented whole family. It can be actually anything from


$ license-fedora2spdx'MIT'
Warning: more options on how to interpret MIT. Possible options: 
['mpich2', 'libtiff', 'Xfig', 'UnixCrypt', 'SMLNJ', 'SGI-B-2.0', 
'NTP', 'MIT', 'MIT-open-group', 'MIT-feh', 'MIT-enna', 
'MIT-Modern-Variant', 'MIT-F
estival', 'MIT-CMU', 'ICU', 'HPND', 'HPND-sell-variant', 'HP-1986', 
'Boehm-GC', 'BSL-1.0', 'Adobe-Glyph']

{{pick MIT choice}}

It can be converted to MIT, but also to ICU or HPND... and without any 
indication in the changelog there is no way to know if you check it or 
not.



This is probably a good explanation to add to our Updating Existing 
Packages documentation page. I've added an issue as a reminder. Need to 
probably do a documentation update soon...


Jilayne


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Passenger pigeon edition

[Miroslav Suchý]

Dne 02. 09. 23 v 13:07 Zbigniew Jędrzejewski-Szmek napsal(a):

"python-lit warning: valid as old and new and no changelong entry, please check"

The License string is valid as both the old-style Fedora license and a SPDX
expression, and the tooling did not match anything in the changelog that would
indicate the license was converted to SPDX.


Typical example is

MIT

this is valid string in old system. And also in the SPDX format. But the old MIT represented whole family. It can be 
actually anything from


$ license-fedora2spdx'MIT'
Warning: more options on how to interpret MIT. Possible options: ['mpich2', 'libtiff', 'Xfig', 'UnixCrypt', 'SMLNJ', 
'SGI-B-2.0', 'NTP', 'MIT', 'MIT-open-group', 'MIT-feh', 'MIT-enna', 'MIT-Modern-Variant', 'MIT-F

estival', 'MIT-CMU', 'ICU', 'HPND', 'HPND-sell-variant', 'HP-1986', 'Boehm-GC', 
'BSL-1.0', 'Adobe-Glyph']
{{pick MIT choice}}

It can be converted to MIT, but also to ICU or HPND... and without any indication in the changelog there is no way to 
know if you check it or not.



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Passenger pigeon edition

[Zbigniew Jędrzejewski-Szmek]

On Sat, Sep 02, 2023 at 02:39:14AM -0700, Tom Stellard wrote:
> Hi,
> 
> What does this message mean:
> 
> "python-lit warning: valid as old and new and no changelong entry, please 
> check"

The License string is valid as both the old-style Fedora license and a SPDX
expression, and the tooling did not match anything in the changelog that would
indicate the license was converted to SPDX.

Zbyszek
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Passenger pigeon edition

[Tom Stellard]

Hi,

What does this message mean:

"python-lit warning: valid as old and new and no changelong entry, please check"

-Tom

On 9/1/23 01:33, Miroslav Suchý wrote:

Two weeks ago we had:


* 23030 spec files in Fedora

* 29469license tags in all spec files

* 16716 tags have not been converted to SPDX yet

* 6149tags can be trivially converted using `license-fedora2spdx`

* Progress: 43.28% ██ 100%

ELN subset:

895 out of 2492 packages are not converted yet



Today we have:

* 23128 spec files in Fedora

* 29572license tags in all spec files

* 16519 tags have not been converted to SPDX yet

* 6059tags can be trivially converted using `license-fedora2spdx`

* Progress: 44.14% ██ 100%

ELN subset:

825 out of 2479 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 9 new licenses. 33 
licenses have been submitted to SPDX.org and are waiting to be review (and then 
added to fedora-license-data).

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-22 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry 
mentioning SPDX and you know your license tag matches SPDX formula, you can put 
your package on ignore list

https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

     You can use Chrome or Firefox plugin to find what is the license and how 
much it differ from nearest SPDX match.
https://github.com/spdx/spdx-license-diff#installation


Why Passenger pigeon edition? Passenger pigeon is extinct species. On today's 
date at 1914, last known one died at Cincinnati Zoo.

https://en.wikipedia.org/wiki/Passenger_pigeon

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav




___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Passenger pigeon edition

[Miroslav Suchý]

Two weeks ago we had:


* 23030 spec files in Fedora

* 29469license tags in all spec files

* 16716 tags have not been converted to SPDX yet

* 6149tags can be trivially converted using `license-fedora2spdx`

* Progress: 43.28% ██ 100%

ELN subset:

895 out of 2492 packages are not converted yet



Today we have:

* 23128 spec files in Fedora

* 29572license tags in all spec files

* 16519 tags have not been converted to SPDX yet

* 6059tags can be trivially converted using `license-fedora2spdx`

* Progress: 44.14% ██ 100%

ELN subset:

825 out of 2479 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 9 new licenses. 33 licenses have been submitted to SPDX.org 
and are waiting to be review (and then added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-22 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

    You can use Chrome or Firefox plugin to find what is the license and how 
much it differ from nearest SPDX match.
https://github.com/spdx/spdx-license-diff#installation


Why Passenger pigeon edition? Passenger pigeon is extinct species. On today's date at 1914, last known one died at 
Cincinnati Zoo.


https://en.wikipedia.org/wiki/Passenger_pigeon

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

Dne 28. 08. 23 v 15:36 Richard Fontana napsal(a):

As for + being valid SPDX syntax, can that be supported by
fedora-license-validate or whatever the tool is called today?

That's probably a good idea, though it would seem to be predicated on
us documenting that any "allowed" license identifier is still allowed
if it adds the `+` operator.


I filed issue https://gitlab.com/fedora/legal/fedora-license-data/-/issues/308

Lets continue there.

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Mon, Aug 28, 2023 at 8:30 AM Fabio Valentini  wrote:

> What's the commended approach for packages that use deprecated
> identifiers then? I would rather not just convert "GPL-2.0" to
> "GPL-2.0-or-later" or "GPL-2.0-only", since it's almost always not
> obvious which one was originally intended. Do we need to file issues
> with upstream projects and ask them to clarify?

That is probably not worthwhile in most cases. I think it makes more
sense to document some general policies about this.

For example, any Rust crate metadata using `GPL-2.0` (i.e.., *seeming*
to use the deprecated SPDX identifier) can probably be assumed to mean
`GPL-2.0-only` if there is no other information in the project
suggesting otherwise. However, if a project just says "Licensed under
GPLv2", there's an undocumented Fedora convention from the Callaway
era of assuming (at least where convenient) that means GPLv2 or later
if there is no further information suggesting otherwise. Getting this
issue right (i.e., how to represent the *GPL licenses (in terms of the
"or-later" vs. "only" characteristic) probably no longer has much
practical significance so it's not worth spending too much energy on.

> As for + being valid SPDX syntax, can that be supported by
> fedora-license-validate or whatever the tool is called today?

That's probably a good idea, though it would seem to be predicated on
us documenting that any "allowed" license identifier is still allowed
if it adds the `+` operator.

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Mon, Aug 28, 2023 at 4:39 AM Jilayne Lovejoy  wrote:
>
> Top-posting a few comments related to this thread in total (instead of 
> multiple responses to separate posts) and in hopes that people will be more 
> likely to see/read :)
>
> As to Rust saying MPL-2.0+ is invalid - this is likely because Rust thinks of 
> the SPDX License List as *only* what is this page https://spdx.org/licenses/ 
> - ignoring the links at the top of that page that provide the greater 
> context, which is really important to understand. This is a somewhat common 
> misconception, especially when adoption of SPDX ids occurs without actual 
> engagement in the SPDX community. Some time ago, I started (in presentations) 
> to repeat "it's not just a 'list'" to help educate people and updated the 
> first FAQ to this end - 
> https://github.com/spdx/license-list-XML/blob/main/DOCS/faq.md

It's not "Rust" language per se, but about crates.io, the central
package ("crate") registry.

The package manager itself (cargo) has no requirements about license
specifications at all, and treats the "license" field in package
metadata as free-form text.
Only crates.io looks at the text of the "license" in the crate
metadata, attempts to parse it, and adds links to the license's pages
on choosealicense.com.

However, it looks like this SPDX expression parser is still limited
and doesn't support the full SPDX specification:
https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields

Reading these docs again, it sounds like the only issue here is that
the parser doesn't understand the full SPDX syntax, but that doesn't
mean that you can't *use* valid SPDX syntax.

>  Maybe I need to re-write that lead-in language on the top of the page again 
> or put a big yellow flashing sign also? sigh
>
> If you want to pass along this concept to people at Rust and tell them to 
> join the spdx-legal mailing list, we'd be happy to help advise.

As I said, it looks like this is not about *validity*, but more about
"we can't parse everything yet", so I don't see this is a problem.

> As for deprecated SPDX ids and validity in the context of Fedora - I would 
> strongly urge us to use the current ids and not muddy things with the use of 
> deprecated ids. The change as of the SPDX License List 2.0 added the 
> operators (AND, OR, WITH, and +) and so it would super confusing if people 
> still used the ids from v1.0

What's the commended approach for packages that use deprecated
identifiers then? I would rather not just convert "GPL-2.0" to
"GPL-2.0-or-later" or "GPL-2.0-only", since it's almost always not
obvious which one was originally intended. Do we need to file issues
with upstream projects and ask them to clarify?

As for + being valid SPDX syntax, can that be supported by
fedora-license-validate or whatever the tool is called today?
I'd rather not go filing unnecessary bugs with upstream again, just to
learn that I filed bugs for things that aren't even wrong.

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Jilayne Lovejoy]

Top-posting a few comments related to this thread in total (instead of 
multiple responses to separate posts) and in hopes that people will be 
more likely to see/read :)


As to Rust saying MPL-2.0+ is invalid - this is likely because Rust 
thinks of the SPDX License List as *only* what is this page 
https://spdx.org/licenses/ - ignoring the links at the top of that page 
that provide the greater context, which is really important to 
understand. This is a somewhat common misconception, especially when 
adoption of SPDX ids occurs without actual engagement in the SPDX 
community. Some time ago, I started (in presentations) to repeat "it's 
not just a 'list'" to help educate people and updated the first FAQ to 
this end - https://github.com/spdx/license-list-XML/blob/main/DOCS/faq.md
 Maybe I need to re-write that lead-in language on the top of the page 
again or put a big yellow flashing sign also? sigh


If you want to pass along this concept to people at Rust and tell them 
to join the spdx-legal mailing list, we'd be happy to help advise.


As for deprecated SPDX ids and validity in the context of Fedora - I 
would strongly urge us to use the current ids and not muddy things with 
the use of deprecated ids. The change as of the SPDX License List 2.0 
added the operators (AND, OR, WITH, and +) and so it would super 
confusing if people still used the ids from v1.0


Further comments below

thanks,
Jilayne

On 8/22/23 2:55 PM, Richard Fontana wrote:

On Tue, Aug 22, 2023 at 4:44 PM Fabio Valentini  wrote:

On Tue, Aug 22, 2023 at 10:39 PM Richard Fontana  wrote:

On Tue, Aug 22, 2023 at 3:06 PM Fabio Valentini  wrote:

On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý  wrote:

rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please check

This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an
SPDX identifier, but it's not (there is no "-or-later" variant of
MPL-2.0 in SPDX). I'll investigate and file an issue with upstream.

Jilayne can correct me if I'm wrong, but I am pretty sure `MPL-2.0+`
is a valid and semantically meaningful SPDX identifier. It is arguably
redundant since MPL-2.0 permits downstream relicensing to later
versions.

correct

It's not on the list though:
https://spdx.org/licenses/

The use of `+` is documented at
https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
(there's probably a more recent version)
Here is the current spec link 
https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/





D.3 Simple license expressions

A simple  is composed one of the following:

An SPDX License List Short Form Identifier. For example: CDDL-1.0
An SPDX License List Short Form Identifier with a unary "+" operator
suffix to represent the current version of the license or any later
version. For example: CDDL-1.0+
An SPDX user defined license reference:
["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)


I believe CDDL-1.0 is like MPL-2.0 in having a built-in "later versions" clause.
this is more or less correct, although we did some analysis on the 
various license with "or later" clauses and the variations on the actual 
wording and meaning was surprising...



Also, cargo / crates.io even documents that licenses in crate metadata
needs to be valid SPDX expressions and only things from SPDX license
list are acceptable, so this isn't considered valid by crates.io

That is at least in some sense wrong, since the SPDX spec shows that
valid SPDX expressions include use of the `+` operator with SPDX
identifiers. I think in reality crates.io is redefining what "valid
SPDX expressions" means, though possibly not intentionally.
see comment above - but I'd rephrase that crates.io is probably not 
"redefining" but operating on a limited understanding :(


For Fedora, I think there are (quite rare) cases where the use of
postpositional `+` should be recognized as valid. I know of one
package (though I can't remember what it is now) that says its license
is the Apache License 2.0 or any later version -- this is validly
represented as `Apache-2.0+` in SPDX.
I would argue that Apache-2.0+, while technically valid, would be 
silly/incorrect, though :)


Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

Dne 23. 08. 23 v 21:39 Richard Fontana napsal(a):

We are only treating the
*GPL family differently because of SPDX's (possibly unfortunate)
decision to do the same.


But technically

|    GPL-2.0-or-later+
|

|is a valid SPDX string. Right?
|

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Tue, Aug 22, 2023 at 5:08 PM Miroslav Suchý  wrote:
>
> Dne 22. 08. 23 v 22:55 Richard Fontana napsal(a):
> > The use of `+` is documented at
> > https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
> > (there's probably a more recent version)
> >
> > 
> > D.3 Simple license expressions
> >
> > A simple  is composed one of the following:
> >
> > An SPDX License List Short Form Identifier. For example: CDDL-1.0
> > An SPDX License List Short Form Identifier with a unary "+" operator
> > suffix to represent the current version of the license or any later
> > version. For example: CDDL-1.0+
> > An SPDX user defined license reference:
> > ["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)
> > 
> >
> > I believe CDDL-1.0 is like MPL-2.0 in having a built-in "later versions" 
> > clause.
>
> Wow, this is new to me.
>
> Do we want to have generally accepted? Or each case of + license needs to be 
> evaluated separately?

I think we can document a general policy that if a license `foo` is
allowed in Fedora, `foo+` is also allowed. We are only treating the
*GPL family differently because of SPDX's (possibly unfortunate)
decision to do the same.

When I said things like "Apache License 2.0 or any later version" are
quite rare, that was an understatement. "Extremely uncommon" would be
more accurate.

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

Dne 22. 08. 23 v 22:55 Richard Fontana napsal(a):

The use of `+` is documented at
https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
(there's probably a more recent version)


D.3 Simple license expressions

A simple  is composed one of the following:

An SPDX License List Short Form Identifier. For example: CDDL-1.0
An SPDX License List Short Form Identifier with a unary "+" operator
suffix to represent the current version of the license or any later
version. For example: CDDL-1.0+
An SPDX user defined license reference:
["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)


I believe CDDL-1.0 is like MPL-2.0 in having a built-in "later versions" clause.


Wow, this is new to me.

Do we want to have generally accepted? Or each case of + license needs to be 
evaluated separately?

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Tue, Aug 22, 2023 at 4:44 PM Fabio Valentini  wrote:
>
> On Tue, Aug 22, 2023 at 10:39 PM Richard Fontana  wrote:
> >
> > On Tue, Aug 22, 2023 at 3:06 PM Fabio Valentini  
> > wrote:
> > >
> > > On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý  wrote:
> >
> > > > rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please 
> > > > check
> > >
> > > This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an
> > > SPDX identifier, but it's not (there is no "-or-later" variant of
> > > MPL-2.0 in SPDX). I'll investigate and file an issue with upstream.
> >
> > Jilayne can correct me if I'm wrong, but I am pretty sure `MPL-2.0+`
> > is a valid and semantically meaningful SPDX identifier. It is arguably
> > redundant since MPL-2.0 permits downstream relicensing to later
> > versions.
>
> It's not on the list though:
> https://spdx.org/licenses/

The use of `+` is documented at
https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/
(there's probably a more recent version)


D.3 Simple license expressions

A simple  is composed one of the following:

An SPDX License List Short Form Identifier. For example: CDDL-1.0
An SPDX License List Short Form Identifier with a unary "+" operator
suffix to represent the current version of the license or any later
version. For example: CDDL-1.0+
An SPDX user defined license reference:
["DocumentRef-"1*(idstring)":"]"LicenseRef-"1*(idstring)


I believe CDDL-1.0 is like MPL-2.0 in having a built-in "later versions" clause.

> Also, cargo / crates.io even documents that licenses in crate metadata
> needs to be valid SPDX expressions and only things from SPDX license
> list are acceptable, so this isn't considered valid by crates.io

That is at least in some sense wrong, since the SPDX spec shows that
valid SPDX expressions include use of the `+` operator with SPDX
identifiers. I think in reality crates.io is redefining what "valid
SPDX expressions" means, though possibly not intentionally.

For Fedora, I think there are (quite rare) cases where the use of
postpositional `+` should be recognized as valid. I know of one
package (though I can't remember what it is now) that says its license
is the Apache License 2.0 or any later version -- this is validly
represented as `Apache-2.0+` in SPDX.

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Tue, Aug 22, 2023 at 10:39 PM Richard Fontana  wrote:
>
> On Tue, Aug 22, 2023 at 3:06 PM Fabio Valentini  wrote:
> >
> > On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý  wrote:
>
> > > rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please 
> > > check
> >
> > This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an
> > SPDX identifier, but it's not (there is no "-or-later" variant of
> > MPL-2.0 in SPDX). I'll investigate and file an issue with upstream.
>
> Jilayne can correct me if I'm wrong, but I am pretty sure `MPL-2.0+`
> is a valid and semantically meaningful SPDX identifier. It is arguably
> redundant since MPL-2.0 permits downstream relicensing to later
> versions.

It's not on the list though:
https://spdx.org/licenses/

Also, cargo / crates.io even documents that licenses in crate metadata
needs to be valid SPDX expressions and only things from SPDX license
list are acceptable, so this isn't considered valid by crates.io
either.

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Tue, Aug 22, 2023 at 3:06 PM Fabio Valentini  wrote:
>
> On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý  wrote:

> > rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please 
> > check
>
> This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an
> SPDX identifier, but it's not (there is no "-or-later" variant of
> MPL-2.0 in SPDX). I'll investigate and file an issue with upstream.

Jilayne can correct me if I'm wrong, but I am pretty sure `MPL-2.0+`
is a valid and semantically meaningful SPDX identifier. It is arguably
redundant since MPL-2.0 permits downstream relicensing to later
versions.

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Tue, Aug 22, 2023 at 7:21 AM Miroslav Suchý  wrote:
>
> Dne 22. 08. 23 v 1:08 Fabio Valentini napsal(a):
>
> On Sun, Aug 20, 2023 at 9:11 AM Miroslav Suchý  wrote:
>
> New projection when we will be finished is 2025-01-11 (we are slowing down. 
> Again. :( ). Pure linear approximation.
>
> It might not be as bad as you think!
>
> All rust-* packages had been excluded from tracking since the start,
> so the progress I have been making hasn't been tracked, either. I'm
>
> They are excluded from processing. And are (and were) actually counted as 
> migrated from the first day.
>
> happy to say that as of now, all packages for Rust crates (~2300
> packages) have been updated to use SPDX license expressions (except
> those that have been FTBFS for a long time, which is about 2-3
> packages). Over the past few months I've been regenerating packaging
> for Rust crates with rust2rpm v24, which also included switching all
> crates that had been generated with rust2rpm < v22 to SPDX (also
> involved some license fixes / clarifications / problems with missing
> license files that are now fixed / etc., often working with upstream
> projects).
>
> This is great! I am very happy to hear that. Thank you for doing this.
>
> I run the statistics for rust-* only. And when I omit the reports with 
> "warning: valid as old and new and no changelong entry, please check" and 
> packages that are correctly converted I get:
>
> rust-below warning: not valid neither as Callaway nor as SPDX, please check
> rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please check
> rust-bootupd - can be trivially converted to Apache-2.0
> rust-bootupd - can be trivially converted to Apache-2.0
> rust-btrd warning: not valid neither as Callaway nor as SPDX, please check
> rust-btrd warning: not valid neither as Callaway nor as SPDX, please check
> rust-cargo-c warning: not valid neither as Callaway nor as SPDX, please check
> rust-coreos-installer - can be trivially converted to Apache-2.0
> rust-coreos-installer
> rust-coreos-installer
> rust-docopt warning: not valid neither as Callaway nor as SPDX, please check
> rust-drg - can be trivially converted to Apache-2.0
> rust-dutree warning: not valid neither as Callaway nor as SPDX, please check
> rust-dutree warning: not valid neither as Callaway nor as SPDX, please check
> rust-gmp-mpfr-sys warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-chrono-tz
> rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-im-rc warning: not valid neither as Callaway nor as SPDX, please check
> rust-libslirp
> rust-nettle warning: not valid neither as Callaway nor as SPDX, please check
> rust-nettle-sys warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-procs
> rust-python3-sys warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
> rust-rpick warning: not valid neither as Callaway nor as SPDX, please check
> rust-rpick warning: not valid neither as Callaway nor as SPDX, please check
> rust-rustcat warning: not valid neither as Callaway nor as SPDX, please check
> rust-sequoia-keyring-linter warning: not valid neither as Callaway nor as 
> SPDX, please check
> rust-sequoia-octopus-librnp warning: not valid neither as Callaway nor as 
> SPDX, please check
> rust-sequoia-sop warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-sequoia-sq warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-sequoia-sqv warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-sized-chunks warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-timebomb - can be trivially converted to Apache-2.0
> rust-tokei
> rust-tpm2-policy - can be trivially converted to EUPL-1.2
> rust-tree-sitter-cli
> rust-tree-sitter
> rust-varlink-cli
> rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check
> rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check
> rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check
> rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check
> rust-zbase32 warning: not valid neither as Callaway nor as SPDX, please check
> rust-zincati - can be trivially converted to Apache-2.0
> rust-zincati
>
> I briefly checked few packages and found two reasons of these errors:
>
> 1) rust-coreos-installer:
>
> License:ASL 2.0 and MIT and zlib
>
> This is incorrect. The operator has to be upper case. I.e.:
>
> License:ASL 2.0 AND MIT AND zlib

Maybe more significantly, `ASL 2.0` is a Callaway name, not an SPDX

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Tue, Aug 22, 2023 at 10:28 PM Richard Fontana  wrote:
>
> On Tue, Aug 22, 2023 at 9:08 AM Vít Ondruch  wrote:
> >
> >
> > Dne 22. 08. 23 v 13:21 Miroslav Suchý napsal(a):
> >
> > 2) rust-btrd:
> > License: GPL-2.0
> >
> > This is not on SPDX list, it should be either GPL-2.0-only or 
> > GPL-2.0-or-later
> >
> >
> > This is not on SPDX list *anymore*. It used to be valid identifier not long 
> > ago. I am afraid that this identifies is still accepted by e.g. RubyGems:
>
> I think more precisely `GPL-2.0` and its counterparts are valid but
> deprecated SPDX identifiers (still preferred in the Linux kernel in
> its use of SPDX identifiers in source files). Jilayne can give a more
> authoritative explanation if necessary. :) Anyway, for Fedora, I
> believe our assumption has been that we can get by without having to
> use `GPL-2.0`.

Does this mean that I can't have correct license identifiers for these
cases in Fedora unless I file upstream issues for all of them asking
them to clarify?

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Richard Fontana]

On Tue, Aug 22, 2023 at 9:08 AM Vít Ondruch  wrote:
>
>
> Dne 22. 08. 23 v 13:21 Miroslav Suchý napsal(a):
>
> 2) rust-btrd:
> License: GPL-2.0
>
> This is not on SPDX list, it should be either GPL-2.0-only or GPL-2.0-or-later
>
>
> This is not on SPDX list *anymore*. It used to be valid identifier not long 
> ago. I am afraid that this identifies is still accepted by e.g. RubyGems:

I think more precisely `GPL-2.0` and its counterparts are valid but
deprecated SPDX identifiers (still preferred in the Linux kernel in
its use of SPDX identifiers in source files). Jilayne can give a more
authoritative explanation if necessary. :) Anyway, for Fedora, I
believe our assumption has been that we can get by without having to
use `GPL-2.0`.

Richard
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Tue, Aug 22, 2023 at 9:05 PM Fabio Valentini  wrote:
>

(snip)

> Looks like there are 7 packages that I can fix later today:
>
> - rust-docopt
> - rust-procs
> - rust-rustcat
> - rust-tokei
> - rust-tree-sitter
> - rust-tree-sitter-cli
> - rust-varlink-cli

rust-docopt, rust-rustcat, rust-tokei, rust-timebomb, and
rust-varlink-cli are now fixed in rawhide.
tree-sitter and tree-sitter-cli require a more thorough license
review, and procs will be updated with the next update that I've
already prepared.

> There's four packages that use "MPL-2.0+" which is not a valid SPDX 
> identifier.
> Not sure what to do about them, since I don't want to ignore upstream
> license specification and change them to just "MPL-2.0".
>
> - rust-bitmaps
> - rust-cargo-c
> - rust-im-rc
> - rust-sized-chunks

I reported issues with upstream for the invalid MPL-2.0+ identifier:
https://github.com/bodil/bitmaps/issues/24
https://github.com/bodil/im-rs/issues/210
https://github.com/bodil/sized-chunks/issues/32

Turns out, cargo / crates.io also defines the license in crate
metadata as SPDX 2.1 license expressions:
https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields

So using an invalid one is not only a problem for us, but also for crates.io.

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

Dne 22. 08. 23 v 21:05 Fabio Valentini napsal(a):

There's four packages that use "MPL-2.0+" which is not a valid SPDX identifier.
Not sure what to do about them, since I don't want to ignore upstream
license specification and change them to just "MPL-2.0".


I checked the sized-chunks

https://crates.io/crates/sized-chunks

And while the metadata states MPL-2.0+ the License file exactly match SPDX id "MPL-2.0". Changing it downstream is 
correct way. But of course communicating it to upstream and change it in upstream metadata is even better. :)




The rest use valid SPDX identifiers but they're not recognized as such.
As others have already mentioned, the deprecated identifiers for
suffix-less GPL/LGPL variants should be accepted, or at most raise a
warning.


Having valid SPDX identifier is not enough. The identifier must be on SPDX list 
**and** on fedora-license-data list

https://gitlab.com/fedora/legal/fedora-license-data

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Tue, Aug 22, 2023 at 1:21 PM Miroslav Suchý  wrote:
>
> Dne 22. 08. 23 v 1:08 Fabio Valentini napsal(a):
>
> On Sun, Aug 20, 2023 at 9:11 AM Miroslav Suchý  wrote:
>

(snip)

Thanks for running the checks! I looked at all the packages you listed.

> I run the statistics for rust-* only. And when I omit the reports with 
> "warning: valid as old and new and no changelong entry, please check" and 
> packages that are correctly converted I get:
>
> rust-below warning: not valid neither as Callaway nor as SPDX, please check

This is a case where one of the crates in the dependency tree uses the
deprecated "LGPL-2.1" identifier, which shows up in the binary
license.

> rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please check

This uses MPL-2.0 or later, denoted as "MPL-2.0+". It looks like an
SPDX identifier, but it's not (there is no "-or-later" variant of
MPL-2.0 in SPDX). I'll investigate and file an issue with upstream.

> rust-bootupd - can be trivially converted to Apache-2.0
> rust-bootupd - can be trivially converted to Apache-2.0

rust-bootupd is built in a way that circumvents all our Rust packaging
mechanisms, it didn't show up in my lists.
It's also missing a license tag for the statically linked binary entirely.

> rust-btrd warning: not valid neither as Callaway nor as SPDX, please check
> rust-btrd warning: not valid neither as Callaway nor as SPDX, please check

Uses valid but deprecated "GPL-2.0" identifier. Not sure why it's rejected.

> rust-cargo-c warning: not valid neither as Callaway nor as SPDX, please check

Has some MPL-2.0+ in the dependency tree, will investigate.

> rust-coreos-installer - can be trivially converted to Apache-2.0
> rust-coreos-installer
> rust-coreos-installer

This package is managed by the CoreOS guys and they're doing all sorts
of weird things in it. I didn't want to touch it.

> rust-docopt warning: not valid neither as Callaway nor as SPDX, please check

This looks like a typo: "MIT AND Unicode-DFS-2016 AND ((MIT OR
Apache-2.0) AND (Unlicense OR MIT)"
(misbalanced braces), will fix.

> rust-drg - can be trivially converted to Apache-2.0

FTBFS since ages ago, cannot fix.

> rust-dutree warning: not valid neither as Callaway nor as SPDX, please check
> rust-dutree warning: not valid neither as Callaway nor as SPDX, please check

Uses valid but deprecated GPL-3.0 identifier.

> rust-gmp-mpfr-sys warning: not valid neither as Callaway nor as SPDX, please 
> check

Uses valid but deprecated LGPL-3.0+ identifier. Could likely be
changed to LGPL-3.0-or-later, which is the replacement.

> rust-chrono-tz

Contains a copy of the Olson tzdata, which hasn't been converted to
SPDX yet. It's supposed to be in the "Public Domain".

> rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
> check
> rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
> check

Uses valid but deprecated GPL-3.0 identifier.

> rust-im-rc warning: not valid neither as Callaway nor as SPDX, please check

This is likely the culprit for all the other issues with MPL-2.0+.
I'll file an issue with upstream (which is pretty dead though).

> rust-libslirp

This package has been bitrotting for years, I did not want to touch it.

> rust-nettle warning: not valid neither as Callaway nor as SPDX, please check
> rust-nettle-sys warning: not valid neither as Callaway nor as SPDX, please 
> check

Both use "LGPL-3.0 OR GPL-2.0 OR GPL-3.0" which are all valid SPDX
identifiers, just deprecated.

> rust-procs

This one looks like it was generated with a version of rust2rpm that
*should* have switched it to SPDX, but it was apparently reverted to
Callaway identifiers.
I'll fix it with the next update, which is already lined up.

> rust-python3-sys warning: not valid neither as Callaway nor as SPDX, please 
> check

This uses "Python-2.0", which is a valid, non-deprecated SPDX identifier.

> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
> rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check

Not sure why this is showing up. It looks valid to me:
"BSD-2-Clause AND ISC AND MIT AND (Apache-2.0 OR MIT) AND (Apache-2.0
WITH LLVM-exception OR Apache-2.0 OR MIT) AND (Unlicense OR MIT)"

> rust-rpick warning: not valid neither as Callaway nor as SPDX, please check
> rust-rpick warning: not valid neither as Callaway nor as SPDX, please check

Uses valid but deprecated GPL-3.0 identifier.

> rust-rustcat warning: not valid neither as Callaway nor as SPDX, please check

Oh oh, this one is my fault. Looks like I pushed an unfinished spec
file. Will fix.

> rust-sequoia-keyring-linter warning: not valid neither as Callaway nor as 
> SPDX, please check
> rust-sequoia-octopus-librnp warning: not valid neither as Callaway nor as 
> SPDX, please check
> rust-sequoia-sop warning: not valid neither as Callaway nor as SPDX, please 

Re: SPDX Statistics - Voyager 2 edition

[Neal Gompa]

On Tue, Aug 22, 2023 at 9:12 AM Vít Ondruch  wrote:
>
>
> Dne 22. 08. 23 v 15:07 Vít Ondruch napsal(a):
>
>
> Dne 22. 08. 23 v 13:21 Miroslav Suchý napsal(a):
>
> 2) rust-btrd:
> License: GPL-2.0
>
> This is not on SPDX list, it should be either GPL-2.0-only or GPL-2.0-or-later
>
>
> This is not on SPDX list *anymore*. It used to be valid identifier not long 
> ago. I am afraid that this identifies is still accepted by e.g. RubyGems:
>
> https://github.com/rubygems/rubygems/blob/0339622c9b40d3ee2596b07f188d632bc396/lib/rubygems/util/licenses.rb#L249
>
>
> I have reported this to RubyGems upstream:
>
> https://github.com/rubygems/rubygems/issues/6912
>
> BTW this is the script they use to pull the licenses:
>
> https://github.com/rubygems/rubygems/blob/master/tool/generate_spdx_license_list.rb
>
> It obviously ignores the `isDeprecatedLicenseId` JSON field.
>

Technically, it should. Deprecated != Removed/Retired. They are still
valid identifiers.



-- 
真実はいつも一つ！/ Always, there's only one truth!
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Vít Ondruch]

Dne 22. 08. 23 v 15:07 Vít Ondruch napsal(a):



Dne 22. 08. 23 v 13:21 Miroslav Suchý napsal(a):

|2) r||ust-btrd: License: ||GPL-2.0|

This is not on SPDX list, it should be either |GPL-2.0-only or 
||GPL-2.0-or-later|




This is not on SPDX list *anymore*. It used to be valid identifier not 
long ago. I am afraid that this identifies is still accepted by e.g. 
RubyGems:


https://github.com/rubygems/rubygems/blob/0339622c9b40d3ee2596b07f188d632bc396/lib/rubygems/util/licenses.rb#L249



I have reported this to RubyGems upstream:

https://github.com/rubygems/rubygems/issues/6912

BTW this is the script they use to pull the licenses:

https://github.com/rubygems/rubygems/blob/master/tool/generate_spdx_license_list.rb

It obviously ignores the `isDeprecatedLicenseId` JSON field.


Vít




I suspect it is similar story for Cargo.


Vít



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys

___
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Vít Ondruch]

Dne 22. 08. 23 v 13:21 Miroslav Suchý napsal(a):

|2) r||ust-btrd: License: ||GPL-2.0|

This is not on SPDX list, it should be either |GPL-2.0-only or 
||GPL-2.0-or-later|




This is not on SPDX list *anymore*. It used to be valid identifier not 
long ago. I am afraid that this identifies is still accepted by e.g. 
RubyGems:


https://github.com/rubygems/rubygems/blob/0339622c9b40d3ee2596b07f188d632bc396/lib/rubygems/util/licenses.rb#L249

I suspect it is similar story for Cargo.


Vít



--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys

___
devel mailing list --devel@lists.fedoraproject.org
To unsubscribe send an email todevel-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

Dne 22. 08. 23 v 1:08 Fabio Valentini napsal(a):

On Sun, Aug 20, 2023 at 9:11 AM Miroslav Suchý  wrote:

New projection when we will be finished is 2025-01-11 (we are slowing down. 
Again. :( ). Pure linear approximation.

It might not be as bad as you think!

All rust-* packages had been excluded from tracking since the start,
so the progress I have been making hasn't been tracked, either. I'm


They are excluded from processing. And are (and were) actually counted as 
migrated from the first day.


happy to say that as of now, all packages for Rust crates (~2300
packages) have been updated to use SPDX license expressions (except
those that have been FTBFS for a long time, which is about 2-3
packages). Over the past few months I've been regenerating packaging
for Rust crates with rust2rpm v24, which also included switching all
crates that had been generated with rust2rpm < v22 to SPDX (also
involved some license fixes / clarifications / problems with missing
license files that are now fixed / etc., often working with upstream
projects).


This is great! I am very happy to hear that. Thank you for doing this.

I run the statistics for rust-* only. And when I omit the reports with "warning: valid as old and new and no changelong 
entry, please check" and packages that are correctly converted I get:


rust-below warning: not valid neither as Callaway nor as SPDX, please check
rust-bitmaps warning: not valid neither as Callaway nor as SPDX, please check
rust-bootupd - can be trivially converted to Apache-2.0
rust-bootupd - can be trivially converted to Apache-2.0
rust-btrd warning: not valid neither as Callaway nor as SPDX, please check
rust-btrd warning: not valid neither as Callaway nor as SPDX, please check
rust-cargo-c warning: not valid neither as Callaway nor as SPDX, please check
rust-coreos-installer - can be trivially converted to Apache-2.0
rust-coreos-installer
rust-coreos-installer
rust-docopt warning: not valid neither as Callaway nor as SPDX, please check
rust-drg - can be trivially converted to Apache-2.0
rust-dutree warning: not valid neither as Callaway nor as SPDX, please check
rust-dutree warning: not valid neither as Callaway nor as SPDX, please check
rust-gmp-mpfr-sys warning: not valid neither as Callaway nor as SPDX, please 
check
rust-chrono-tz
rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
check
rust-ifcfg-devname warning: not valid neither as Callaway nor as SPDX, please 
check
rust-im-rc warning: not valid neither as Callaway nor as SPDX, please check
rust-libslirp
rust-nettle warning: not valid neither as Callaway nor as SPDX, please check
rust-nettle-sys warning: not valid neither as Callaway nor as SPDX, please check
rust-procs
rust-python3-sys warning: not valid neither as Callaway nor as SPDX, please 
check
rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
rust-rav1e warning: not valid neither as Callaway nor as SPDX, please check
rust-rpick warning: not valid neither as Callaway nor as SPDX, please check
rust-rpick warning: not valid neither as Callaway nor as SPDX, please check
rust-rustcat warning: not valid neither as Callaway nor as SPDX, please check
rust-sequoia-keyring-linter warning: not valid neither as Callaway nor as SPDX, 
please check
rust-sequoia-octopus-librnp warning: not valid neither as Callaway nor as SPDX, 
please check
rust-sequoia-sop warning: not valid neither as Callaway nor as SPDX, please 
check
rust-sequoia-sq warning: not valid neither as Callaway nor as SPDX, please check
rust-sequoia-sqv warning: not valid neither as Callaway nor as SPDX, please 
check
rust-sized-chunks warning: not valid neither as Callaway nor as SPDX, please 
check
rust-timebomb - can be trivially converted to Apache-2.0
rust-tokei
rust-tpm2-policy - can be trivially converted to EUPL-1.2
rust-tree-sitter-cli
rust-tree-sitter
rust-varlink-cli
rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check
rust-ybaas warning: not valid neither as Callaway nor as SPDX, please check
rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check
rust-yubibomb warning: not valid neither as Callaway nor as SPDX, please check
rust-zbase32 warning: not valid neither as Callaway nor as SPDX, please check
rust-zincati - can be trivially converted to Apache-2.0
rust-zincati

I briefly checked few packages and found two reasons of these errors:

1) rust-coreos-installer:

|License: ASL 2.0 and MIT and zlib|

This is incorrect. The operator has to be upper case. I.e.:

|License: ASL 2.0 AND MIT AND zlib 2) r||ust-btrd: License: ||GPL-2.0|

This is not on SPDX list, it should be either |GPL-2.0-only or 
||GPL-2.0-or-later|

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an 

Re: SPDX Statistics - Voyager 2 edition

[Fabio Valentini]

On Sun, Aug 20, 2023 at 9:11 AM Miroslav Suchý  wrote:
>
> New projection when we will be finished is 2025-01-11 (we are slowing down. 
> Again. :( ). Pure linear approximation.

It might not be as bad as you think!

All rust-* packages had been excluded from tracking since the start,
so the progress I have been making hasn't been tracked, either. I'm
happy to say that as of now, all packages for Rust crates (~2300
packages) have been updated to use SPDX license expressions (except
those that have been FTBFS for a long time, which is about 2-3
packages). Over the past few months I've been regenerating packaging
for Rust crates with rust2rpm v24, which also included switching all
crates that had been generated with rust2rpm < v22 to SPDX (also
involved some license fixes / clarifications / problems with missing
license files that are now fixed / etc., often working with upstream
projects).

Fabio
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Voyager 2 edition

[Miroslav Suchý]

tl;dr summary - we are slowing down again, huge progress with adding new 
licenses

Two weeks ago we had:


* 22983 spec files in Fedora

* 29406license tags in all spec files

* 16915 tags have not been converted to SPDX yet

* 6242tags can be trivially converted using `license-fedora2spdx`

* Progress: 42.48% ██ 100%

ELN subset:

986 out of 2500 packages are not converted yet



Today we have:

* 23030 spec files in Fedora

* 29469license tags in all spec files

* 16716 tags have not been converted to SPDX yet

* 6149tags can be trivially converted using `license-fedora2spdx`

* Progress: 43.28% ██ 100%

ELN subset:

895 out of 2492 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 13 new licenses. 26 licenses have been submitted to SPDX.org 
and are waiting to be review (and then added to fedora-license-data).


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2025-01-11 (we are slowing down. 
Again. :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

    Do you want to check your LICENSE file? You can use SPDX online tool: 
https://tools.spdx.org/app/check_license/


Why Voyager 2 edition? Because on today's date at 1977 the space probe Voyager 2 was launched. It is one of five probes 
that managed to leave the Solar System. And only one probe that visited all ice giant planets. And it is still operational.


https://en.wikipedia.org/wiki/Voyager_2

https://voyager.jpl.nasa.gov/mission/status/


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Flock edition

[Miroslav Suchý]

Dne 06. 08. 23 v 10:26 Barry Scott napsal(a):



On 05/08/2023 08:07, Miroslav Suchý wrote:


Tip of the day:

    Do you want to validate your License string? Use: license-validate 
"$YOUR_LICENSE_STRING"


I dnf installed license-validate on F38
Then run it to check a license and it does this:

$ /usr/bin/license-validate BSD
No terminal defined for 'B' at line 1 col 1

BSD
^


This is the old string. In legacy system.

$ license-validate--old-vBSD
Approved license

$ license-fedora2spdx'BSD'
Warning: more options on how to interpret BSD. Possible options: ['BSD-3-Clause', 'BSD-3-Clause-Modification', 
'BSD-2-Clause', 'BSD-2-Clause-Views', 'BSD-2-Clause-FreeBSD', 'BSD-1-Clause']

{{pick BSD choice}}

You have to dig in and actually find which of these licenses it is. Let say you 
find that it is BSD-3-Clause.

$ license-validate-vBSD-3-Clause
Approved license


--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Flock edition

[Barry Scott]

On 05/08/2023 08:07, Miroslav Suchý wrote:


Tip of the day:

    Do you want to validate your License string? Use: license-validate 
"$YOUR_LICENSE_STRING"



I dnf installed license-validate on F38
Then run it to check a license and it does this:

$ /usr/bin/license-validate BSD
No terminal defined for 'B' at line 1 col 1

BSD
^

Expecting: {'__ANON_79', 'SWL', '__ANON_91', '__ANON_128', 'TTWL', 
'__ANON_8', '__ANON_253', 'LATEX2E', '__ANON_104', '__ANON_223', '


What am I doing wrong?

Barry
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Flock edition

[Miroslav Suchý]

Dne 05. 08. 23 v 8:52 Gavin Henry napsal(a):



* Progress: 41.04% ██ 100%



What tool generated the above? Looks nice.


https://mitchelpl.github.io/Progress-Bar-Generator/

--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: SPDX Statistics - Flock edition

[Gavin Henry]

> * Progress: 41.04% ██ 100%
>
>
What tool generated the above? Looks nice.

>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Flock edition

[Miroslav Suchý]

Two weeks ago we had:


* 23102 spec files in Fedora

* 29514license tags in all spec files

* 17401 tags have not been converted to SPDX yet

* 6486tags can be trivially converted using `license-fedora2spdx`

* Progress: 41.04% ██ 100%

ELN subset:

1125 out of 3083 packages are not converted yet



Today we have:

* 22983 spec files in Fedora

* 29406license tags in all spec files

* 16915 tags have not been converted to SPDX yet

* 6242tags can be trivially converted using `license-fedora2spdx`

* Progress: 42.48% ██ 100%

ELN subset:

986 out of 2500 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 13 new licenses.

New version of license-validate has been released too. It includes improvement that I gathered during Flock - thank you 
Sandro.


Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-12-19 (we are slowing down 
again :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

    Do you want to validate your License string? Use: license-validate 
"$YOUR_LICENSE_STRING"

Why SPDX Flock edition? Because this week was Flock. You can watch the 
recordings from:

https://www.youtube.com/playlist?list=PL0x39xti0_64OcXEGLCtoI4nouADqaTcT

or use the links from the schedule

https://flock2023.sched.com/

There was a talk about SPDX and workshop where we converted some packages. 
Thanks to all participants!


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Moon edition

[Miroslav Suchý]

Two weeks ago we had:


* 23090 spec files in Fedora

* 29509license tags in all spec files

* 17680 tags have not been converted to SPDX yet

* 6607tags can be trivially converted using `license-fedora2spdx`

* Progress: 40.09% ██ 100%

ELN subset:

1467 out of 3764 packages are not converted yet



Today we have:

* 23102 spec files in Fedora

* 29514license tags in all spec files

* 17401 tags have not been converted to SPDX yet

* 6486tags can be trivially converted using `license-fedora2spdx`

* Progress: 41.04% ██ 100%

ELN subset:

1125 out of 3083 packages are not converted yet

Graph with the burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

The list of packages needed to be converted is here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 10 new licenses.

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.


New projection when we will be finished is 2024-12-10 (we are slowing down a 
lot! again :( ). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day:

    The operator in compound licenses has to be upper case:

    Correct: GPL-1.0-or-later AND MIT

  Wrong: GPL-1.0-or-later and MIT


Why SPDX Moon edition? Because on today's date, in year 1969 Neil Armstrong 
stepped as a first man on the moon.

https://en.wikipedia.org/wiki/Neil_Armstrong#First_Moon_walk


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Dollar edition

[Miroslav Suchý]

Two weeks ago we had:


* 23055 spec files in Fedora

* 29519license tags in all spec files

* 17864 tags have not been converted to SPDX yet

* 6691tags can be trivially converted using `license-fedora2spdx`

* Progress: 39.48% ░░░███ 100%


Today we have:

* 23090 spec files in Fedora

* 29509license tags in all spec files

* 17680 tags have not been converted to SPDX yet

* 6607tags can be trivially converted using `license-fedora2spdx`

* Progress: 40.09% ██ 100%

ELN subset:

1467 out of 3764 packages are not converted yet

The list of packages needed to be converted is again here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released. With 6 new licenses.

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

I updated the progress the spreadsheet with Burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

New projection when we will be finished is 2024-11-18 (we are slowing down a 
lot!). Pure linear approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.

Tip of the day: Do you have license that does not have SPDX id? Here is 
shortened version how to get one:

* Submit issue against https://gitlab.com/fedora/legal/fedora-license-data when accepted the issue gets 
"licese::allowed" and "SPDX::submit issue" labels


* Then somebody has to file issue against https://github.com/spdx/license-list-XML/ When **you** do that, it speeds up 
the process. Otherwise it can take one or three weeks untill **we* do that.


* When SPDX accepts the license and emits the id for the license then the issue in fedora-license-data get label "TOML 
file::needed". And somebody has to craft TOML file and open MR. This can be you, if you want to make things faster.


And then you can finally use the new id in your SPEC file.


Why SPDX Dollar edition? Because on today's date (I am writing this on the eve of posting), in year 1785 accepted that 
money unit of USA should be one dollar. The name comes from my homeland, Czechia. In 16th century we had here currency 
thaler (in Czech tolar) that found it way to many languages and through Dutch and Spanish coined the word "dollar".


https://en.wikipedia.org/wiki/United_States_dollar

Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - Berlin edition

[Miroslav Suchý]

Two weeks ago we had:


* 23004 spec files in Fedora

* 29461license tags in all spec files

* 17975 tags have not been converted to SPDX yet

* 6743tags can be trivially converted using `license-fedora2spdx`

* Progress: 38.99% ░░░███ 100%


Today we have:

* 23055 spec files in Fedora

* 29519license tags in all spec files

* 17864 tags have not been converted to SPDX yet

* 6691tags can be trivially converted using `license-fedora2spdx`

* Progress: 39.48% ░░░███ 100%

ELN subset:

* 1229 out of 3074 packages are not converted yet

The list of packages needed to be converted is again here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released.

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

I updated the progress the spreadsheet with Burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

New projection when we will be finished is 2024-10-22. Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why SPDX Berling edition? Because on today's date, in year 1948, Berlin Blockade started. It resulted in amazing 
logistic operation known as "Berlin Air Bridge" and included nice stories like "Candy Bombers" aka "Operation LIttle 
Vittles".


https://en.wikipedia.org/wiki/Berlin_Blockade


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

SPDX Statistics - DevConf edition

[Miroslav Suchý]

Two weeks ago we had:


* 23060 spec files in Fedora

* 29563license tags in all spec files

* 18398 tags have not been converted to SPDX yet

* 6955tags can be trivially converted using `license-fedora2spdx`

* Progress: 37.8% ░░░███ 100%



Today we have:

* 23004 spec files in Fedora

* 29461license tags in all spec files

* 17975 tags have not been converted to SPDX yet

* 6743tags can be trivially converted using `license-fedora2spdx`

* Progress: 38.99% ░░░███ 100%

ELN subset:

* 1294 out of 3352 packages are not converted yet

The list of packages needed to be converted is again here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released.

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

I updated the progress the spreadsheet with Burndown chart:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

New projection when we will be finished is 2024-09-28. Pure linear 
approximation.

If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license 
tag matches SPDX formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why SPDX DevConf edition? Because this week will be https://www.devconf.info/cz/ It is packed will lots of interresting 
talks and workshops. If you cannot attend in person you can check recordings later https://www.youtube.com/@DevConfs/videos



Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

Miroslav


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: [Fedora-legal-list] Fwd: SPDX Statistics - Rust edition

[Jilayne Lovejoy]

In support of package maintainers still needing to update their license 
info for their packages - how can we help keep the momentum going?


We have our next "office hours" on Tuesday, 27th of June at 10am US 
eastern time - that is for anyone to get help, ask questions, etc.


We just had a hackfest a couple weeks ago - would another hackfest be 
helpful?


Other ideas?

Thanks!
Jilayne

On 5/27/23 11:24 PM, Miroslav Suchý wrote:


Two weeks ago we had:


* 23030 spec files in Fedora

* 29532license tags in all spec files

* 18604 tags have not been converted to SPDX yet

* 7059tags can be trivially converted using `license-fedora2spdx`

* Progress: 37% ░░░███ 100%



Today we have:

* 23060 spec files in Fedora

* 29563license tags in all spec files

* 18398 tags have not been converted to SPDX yet

* 6955tags can be trivially converted using `license-fedora2spdx`

* Progress: 37.8% ░░░███ 100%

ELN subset:

* 1831 out of 4343 packages are not converted yet

The list of packages needed to be converted is again here:

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt

List by package maintainers is here

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt

List of packages from ELN subset that needs to be converted:

https://pagure.io/copr/license-validate/blob/main/f/eln-not-migrated.txt

New version of fedora-license-data has been released.

Legal docs and especially

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/

was updated too.

I updated the progress in this spreadsheet:

https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing

New projection when we will be finished is 2024-09-07. Pure linear 
approximation.


If your package does not have neither git-log entry nor spec-changelog 
entry mentioning SPDX and you know your license tag matches SPDX 
formula, you can put your package on ignore list


https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt

Either pull-request or direct email to me is fine.


Why SPDX Rust edition? Because on today's date on 28 May 1987. During 
the Cold war, Mathias Rust made a pirate flight from Helsinki to 
Moscow and landed near Red Square.


https://en.wikipedia.org/wiki/Mathias_Rust


Do you hesitate how to proceed with the migration? Please follow

https://docs.fedoraproject.org/en-US/legal/update-existing-packages/

or attend SPDX office hours (see different thread in this mailing list)

Miroslav




___
legal mailing list --le...@lists.fedoraproject.org
To unsubscribe send an email tolegal-le...@lists.fedoraproject.org
Fedora Code of 
Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
List 
Archives:https://lists.fedoraproject.org/archives/list/le...@lists.fedoraproject.org
Do not reply to spam, report 
it:https://pagure.io/fedora-infrastructure/new_issue
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue