Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Mon, 16 Oct 2023 at 09:46, Daniel P. Berrangé wrote: > Or possibly we end up with a mixture of (2) and (3) where most firmware > are under an umbrella but a few oddballs with unusual terms justify a > dedicated LicenseRef. I'm also interested from a LVFS firmware point of view. At the moment non-free firmware is distributed with a SPDX ID of LicenseRef-proprietary with a description on the web UI of "Proprietary, distributed by agreement"[1] -- it would be nice to codify this with a common SPDX ID -- and I think this kind of firmware would be classed the same as processor microcode from a 40,000ft view. Richard. [1] https://fwupd.org/lvfs/devices/com.lenovo.ThinkStationP920.firmware ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 03:02:34PM -0400, Richard Fontana wrote: > On Sun, Oct 15, 2023 at 5:13 AM Robert-André Mauchin > wrote: > > > > Hi, > > > > I'm doing a MR on an old package that contains firmware data. > > > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > > modification > > permitted" in SPDX. > > > > The license is: > > > > The files in the directory src/miniloader are provided pursuant to the > > following license agreement: > > > > License For Customer Use of NVIDIA Software > > > > > > > What can I use for SPDX? > > The license first has to be reviewed; this will ultimately result in a > license identifier that can be used in place of "Redistributable, no > modification permitted" assuming the license is allowed or otherwise > tolerated. Please open a new issue in fedora-license-data. > > I think this would be the first firmware license we would specifically > consider since instituting the new license review process last year. > The policy on allowed firmware licenses is described here: > https://docs.fedoraproject.org/en-US/legal/license-approval/#_license_requirements_for_firmware > These criteria were based on an analysis of known firmware licenses in > Fedora done sometime around ... maybe 2010 or so? To accommodate this > license we might have to make some additions to those criteria. > > We haven't yet had to address the question of how to deal with license > identifiers for firmware. There are three possibilities: > 1. Ask SPDX to assign an identifier, the usual approach for allowed > licenses. This is unlikely to be viable because these kinds of > firmware licenses are pretty far from SPDX's license inclusion > criteria (which are generally much looser than Fedora's). > 2. Create a unique LicenseRef- identifier for each firmware license. > 3. Create an umbrella LicenseRef- identifier for all allowed Fedora > firmware licenses (similar to how 'Redistributable, no modification > permitted' was used in the Callaway system). I guess I'd say what is important / valuable is that we have some review over the license text, so it isn't a total free for all of packagers just blindly using the LicenseRef umbrella without oversight. We have precedent for (3) in our Public Domain and UltraPermissive handling. In both cases, we have the text file in fedora-license-data collecting records of which package contains which license text. Thus if we chose (3) now, we have the information record to let us fairly easily switch to (2) if we change our minds. IOW unless there are substantive legal differences between the various "redistributable, no modification permitted" texts, that we need to convey to consumers of Fedora, option (3) would be a sufficient starting point. Or possibly we end up with a mixture of (2) and (3) where most firmware are under an umbrella but a few oddballs with unusual terms justify a dedicated LicenseRef. With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 5:13 AM Robert-André Mauchin wrote: > > Hi, > > I'm doing a MR on an old package that contains firmware data. > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > modification > permitted" in SPDX. > > The license is: > > The files in the directory src/miniloader are provided pursuant to the > following license agreement: > > License For Customer Use of NVIDIA Software > > > What can I use for SPDX? The license first has to be reviewed; this will ultimately result in a license identifier that can be used in place of "Redistributable, no modification permitted" assuming the license is allowed or otherwise tolerated. Please open a new issue in fedora-license-data. I think this would be the first firmware license we would specifically consider since instituting the new license review process last year. The policy on allowed firmware licenses is described here: https://docs.fedoraproject.org/en-US/legal/license-approval/#_license_requirements_for_firmware These criteria were based on an analysis of known firmware licenses in Fedora done sometime around ... maybe 2010 or so? To accommodate this license we might have to make some additions to those criteria. We haven't yet had to address the question of how to deal with license identifiers for firmware. There are three possibilities: 1. Ask SPDX to assign an identifier, the usual approach for allowed licenses. This is unlikely to be viable because these kinds of firmware licenses are pretty far from SPDX's license inclusion criteria (which are generally much looser than Fedora's). 2. Create a unique LicenseRef- identifier for each firmware license. 3. Create an umbrella LicenseRef- identifier for all allowed Fedora firmware licenses (similar to how 'Redistributable, no modification permitted' was used in the Callaway system). Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 4:26 PM Jerry James wrote: > > On Sun, Oct 15, 2023 at 3:13 AM Robert-André Mauchin > wrote: > > I'm doing a MR on an old package that contains firmware data. > > > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > > modification > > permitted" in SPDX. > [snip] > > What can I use for SPDX? > > According to > https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_redistributable_no_modification_permitted, > you should submit this license for review. See > https://docs.fedoraproject.org/en-US/legal/license-review-process/. I believe there is already an open issue for this: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/7 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 3:13 AM Robert-André Mauchin wrote: > I'm doing a MR on an old package that contains firmware data. > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > modification > permitted" in SPDX. [snip] > What can I use for SPDX? According to https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_redistributable_no_modification_permitted, you should submit this license for review. See https://docs.fedoraproject.org/en-US/legal/license-review-process/. -- Jerry James http://www.jamezone.org/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX short name for "Redistributable, no modification permitted" (firmware)
Hi, I'm doing a MR on an old package that contains firmware data. I wanna convert to SPDX, what is the equivalent to "Redistributable, no modification permitted" in SPDX. The license is: The files in the directory src/miniloader are provided pursuant to the following license agreement: License For Customer Use of NVIDIA Software IMPORTANT NOTICE -- READ CAREFULLY: This License For Customer Use of NVIDIA Software ("LICENSE") is the agreement which governs use of the software of NVIDIA Corporation and its subsidiaries ("NVIDIA") downloadable herefrom, including computer software and associated printed materials ("SOFTWARE"). By downloading, installing, copying, or otherwise using the SOFTWARE, you agree to be bound by the terms of this LICENSE. If you do not agree to the terms of this LICENSE, do not download the SOFTWARE. RECITALS Use of NVIDIA's products requires three elements: the SOFTWARE, the hardware, and a personal computer. The SOFTWARE is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The SOFTWARE may be protected by various patents, and is not sold, and instead is only licensed for use, strictly in accordance with this document. The hardware is protected by various patents, and is sold, but this agreement does not cover that sale, since it may not necessarily be sold as a package with the SOFTWARE. This agreement sets forth the terms and conditions of the SOFTWARE LICENSE only. 1. DEFINITIONS 1.1 Customer. Customer means the entity or individual that downloads or otherwise obtains the SOFTWARE. 2. GRANT OF LICENSE 2.1 Rights and Limitations of Grant. NVIDIA hereby grants Customer the following non-exclusive, non-transferable right to use the SOFTWARE, with the following limitations: 2.1.1 Rights. Customer may install and use multiple copies of the SOFTWARE on a shared computer or concurrently on different computers, and make multiple back-up copies of the SOFTWARE, solely for Customer's use within Customer's Enterprise. "Enterprise" shall mean individual use by Customer or any legal entity (such as a corporation or university) and the subsidiaries it owns by more than fifty percent (50%). 2.1.2 Open Source Exception. Notwithstanding the foregoing terms of Section 2.1.1, SOFTWARE may be copied and redistributed solely for use on operating systems distributed under the terms of an OSI-approved open source license as listed by the Open Source Initiative at http://opensource.org, provided that the binary files thereof are not modified, and Customer provides a copy of this license with the SOFTWARE. 2.1.3 Limitations. No Reverse Engineering. Customer may not reverse engineer, decompile, or disassemble the SOFTWARE, nor attempt in any other manner to obtain the source code. Usage. SOFTWARE is licensed only for use with microprocessor(s) which have been (i) designed by NVIDIA and (ii) either (a) sold by or (b) licensed by NVIDIA. Customer shall not use SOFTWARE in conjunction with, nor cause SOFTWARE to be executed by, any other microprocessor. No Translation. Customer shall not translate SOFTWARE, nor cause or permit SOFTWARE to be translated, from the architecture or language in which it is originally provided by NVIDIA, into any other architecture or language. No Rental. Customer may not rent or lease the SOFTWARE to someone else. 3. TERMINATION This LICENSE will automatically terminate if Customer fails to comply with any of the terms and conditions hereof. In such event, Customer must destroy all copies of the SOFTWARE and all of its component parts. Defensive Suspension. If Customer commences or participates in any legal proceeding against NVIDIA, then NVIDIA may, in its sole discretion, suspend or terminate all license grants and any other rights provided under this LICENSE during the pendency of such legal proceedings. 4. COPYRIGHT All title and copyrights in and to the SOFTWARE (including but not limited to all images, photographs, animations, video, audio, music, text, and other information incorporated into the SOFTWARE), the accompanying printed materials, and any copies of the SOFTWARE, are owned by NVIDIA, or its suppliers. The SOFTWARE is protected by copyright laws and international treaty provisions. Accordingly, Customer is required to treat the SOFTWARE like any other copyrighted material, except as otherwise allowed pursuant to this LICENSE and that it may make one copy of the SOFTWARE solely for backup or archive purposes. 5. APPLICABLE LAW This agreement shall be deemed to have been made in, and shall be construed pursuant to, the laws of the State of California. 6. DISCLAIMER OF WARRANTIES AND LIMITATION ON LIABILITY 6.1 No Warranties. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE IS PROVIDED "AS IS" AND NVIDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED