Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Mon, 16 Oct 2023 at 09:46, Daniel P. Berrangé wrote: > Or possibly we end up with a mixture of (2) and (3) where most firmware > are under an umbrella but a few oddballs with unusual terms justify a > dedicated LicenseRef. I'm also interested from a LVFS firmware point of view. At the moment non-free firmware is distributed with a SPDX ID of LicenseRef-proprietary with a description on the web UI of "Proprietary, distributed by agreement"[1] -- it would be nice to codify this with a common SPDX ID -- and I think this kind of firmware would be classed the same as processor microcode from a 40,000ft view. Richard. [1] https://fwupd.org/lvfs/devices/com.lenovo.ThinkStationP920.firmware ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 03:02:34PM -0400, Richard Fontana wrote: > On Sun, Oct 15, 2023 at 5:13 AM Robert-André Mauchin > wrote: > > > > Hi, > > > > I'm doing a MR on an old package that contains firmware data. > > > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > > modification > > permitted" in SPDX. > > > > The license is: > > > > The files in the directory src/miniloader are provided pursuant to the > > following license agreement: > > > > License For Customer Use of NVIDIA Software > > > > > > > What can I use for SPDX? > > The license first has to be reviewed; this will ultimately result in a > license identifier that can be used in place of "Redistributable, no > modification permitted" assuming the license is allowed or otherwise > tolerated. Please open a new issue in fedora-license-data. > > I think this would be the first firmware license we would specifically > consider since instituting the new license review process last year. > The policy on allowed firmware licenses is described here: > https://docs.fedoraproject.org/en-US/legal/license-approval/#_license_requirements_for_firmware > These criteria were based on an analysis of known firmware licenses in > Fedora done sometime around ... maybe 2010 or so? To accommodate this > license we might have to make some additions to those criteria. > > We haven't yet had to address the question of how to deal with license > identifiers for firmware. There are three possibilities: > 1. Ask SPDX to assign an identifier, the usual approach for allowed > licenses. This is unlikely to be viable because these kinds of > firmware licenses are pretty far from SPDX's license inclusion > criteria (which are generally much looser than Fedora's). > 2. Create a unique LicenseRef- identifier for each firmware license. > 3. Create an umbrella LicenseRef- identifier for all allowed Fedora > firmware licenses (similar to how 'Redistributable, no modification > permitted' was used in the Callaway system). I guess I'd say what is important / valuable is that we have some review over the license text, so it isn't a total free for all of packagers just blindly using the LicenseRef umbrella without oversight. We have precedent for (3) in our Public Domain and UltraPermissive handling. In both cases, we have the text file in fedora-license-data collecting records of which package contains which license text. Thus if we chose (3) now, we have the information record to let us fairly easily switch to (2) if we change our minds. IOW unless there are substantive legal differences between the various "redistributable, no modification permitted" texts, that we need to convey to consumers of Fedora, option (3) would be a sufficient starting point. Or possibly we end up with a mixture of (2) and (3) where most firmware are under an umbrella but a few oddballs with unusual terms justify a dedicated LicenseRef. With regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [Fedora-legal-list] SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 5:13 AM Robert-André Mauchin wrote: > > Hi, > > I'm doing a MR on an old package that contains firmware data. > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > modification > permitted" in SPDX. > > The license is: > > The files in the directory src/miniloader are provided pursuant to the > following license agreement: > > License For Customer Use of NVIDIA Software > > > What can I use for SPDX? The license first has to be reviewed; this will ultimately result in a license identifier that can be used in place of "Redistributable, no modification permitted" assuming the license is allowed or otherwise tolerated. Please open a new issue in fedora-license-data. I think this would be the first firmware license we would specifically consider since instituting the new license review process last year. The policy on allowed firmware licenses is described here: https://docs.fedoraproject.org/en-US/legal/license-approval/#_license_requirements_for_firmware These criteria were based on an analysis of known firmware licenses in Fedora done sometime around ... maybe 2010 or so? To accommodate this license we might have to make some additions to those criteria. We haven't yet had to address the question of how to deal with license identifiers for firmware. There are three possibilities: 1. Ask SPDX to assign an identifier, the usual approach for allowed licenses. This is unlikely to be viable because these kinds of firmware licenses are pretty far from SPDX's license inclusion criteria (which are generally much looser than Fedora's). 2. Create a unique LicenseRef- identifier for each firmware license. 3. Create an umbrella LicenseRef- identifier for all allowed Fedora firmware licenses (similar to how 'Redistributable, no modification permitted' was used in the Callaway system). Richard ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 4:26 PM Jerry James wrote: > > On Sun, Oct 15, 2023 at 3:13 AM Robert-André Mauchin > wrote: > > I'm doing a MR on an old package that contains firmware data. > > > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > > modification > > permitted" in SPDX. > [snip] > > What can I use for SPDX? > > According to > https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_redistributable_no_modification_permitted, > you should submit this license for review. See > https://docs.fedoraproject.org/en-US/legal/license-review-process/. I believe there is already an open issue for this: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/7 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX short name for "Redistributable, no modification permitted" (firmware)
On Sun, Oct 15, 2023 at 3:13 AM Robert-André Mauchin wrote: > I'm doing a MR on an old package that contains firmware data. > > I wanna convert to SPDX, what is the equivalent to "Redistributable, no > modification > permitted" in SPDX. [snip] > What can I use for SPDX? According to https://docs.fedoraproject.org/en-US/legal/update-existing-packages/#_redistributable_no_modification_permitted, you should submit this license for review. See https://docs.fedoraproject.org/en-US/legal/license-review-process/. -- Jerry James http://www.jamezone.org/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
SPDX short name for "Redistributable, no modification permitted" (firmware)
Hi,
I'm doing a MR on an old package that contains firmware data.
I wanna convert to SPDX, what is the equivalent to "Redistributable, no modification
permitted" in SPDX.
The license is:
The files in the directory src/miniloader are provided pursuant to the
following license agreement:
License For Customer Use of NVIDIA Software
IMPORTANT NOTICE -- READ CAREFULLY: This License For Customer Use of
NVIDIA Software ("LICENSE") is the agreement which governs use of
the software of NVIDIA Corporation and its subsidiaries ("NVIDIA")
downloadable herefrom, including computer software and associated
printed materials ("SOFTWARE"). By downloading, installing, copying,
or otherwise using the SOFTWARE, you agree to be bound by the terms
of this LICENSE. If you do not agree to the terms of this LICENSE,
do not download the SOFTWARE.
RECITALS
Use of NVIDIA's products requires three elements: the SOFTWARE, the
hardware, and a personal computer. The SOFTWARE is protected by copyright
laws and international copyright treaties, as well as other intellectual
property laws and treaties. The SOFTWARE may be protected by various
patents, and is not sold, and instead is only licensed for use, strictly
in accordance with this document. The hardware is protected by various
patents, and is sold, but this agreement does not cover that sale, since
it may not necessarily be sold as a package with the SOFTWARE. This
agreement sets forth the terms and conditions of the SOFTWARE LICENSE only.
1. DEFINITIONS
1.1 Customer. Customer means the entity or individual that
downloads or otherwise obtains the SOFTWARE.
2. GRANT OF LICENSE
2.1 Rights and Limitations of Grant. NVIDIA hereby grants Customer
the following non-exclusive, non-transferable right to use the
SOFTWARE, with the following limitations:
2.1.1 Rights. Customer may install and use multiple copies of the
SOFTWARE on a shared computer or concurrently on different computers,
and make multiple back-up copies of the SOFTWARE, solely for Customer's
use within Customer's Enterprise. "Enterprise" shall mean individual use
by Customer or any legal entity (such as a corporation or university)
and the subsidiaries it owns by more than fifty percent (50%).
2.1.2 Open Source Exception. Notwithstanding the foregoing terms
of Section 2.1.1, SOFTWARE may be copied and redistributed solely for
use on operating systems distributed under the terms of an OSI-approved
open source license as listed by the Open Source Initiative at
http://opensource.org, provided that the binary files thereof are not
modified, and Customer provides a copy of this license with the SOFTWARE.
2.1.3 Limitations.
No Reverse Engineering. Customer may not reverse engineer,
decompile, or disassemble the SOFTWARE, nor attempt in any other
manner to obtain the source code.
Usage. SOFTWARE is licensed only for use with microprocessor(s) which have
been (i) designed by NVIDIA and (ii) either (a) sold by or (b) licensed by
NVIDIA. Customer shall not use SOFTWARE in conjunction with, nor cause
SOFTWARE to be executed by, any other microprocessor.
No Translation. Customer shall not translate SOFTWARE, nor cause or permit
SOFTWARE to be translated, from the architecture or language in which it is
originally provided by NVIDIA, into any other architecture or language.
No Rental. Customer may not rent or lease the SOFTWARE to someone
else.
3. TERMINATION
This LICENSE will automatically terminate if Customer fails to
comply with any of the terms and conditions hereof. In such event,
Customer must destroy all copies of the SOFTWARE and all of its
component parts.
Defensive Suspension. If Customer commences or participates in any legal
proceeding against NVIDIA, then NVIDIA may, in its sole discretion,
suspend or terminate all license grants and any other rights provided
under this LICENSE during the pendency of such legal proceedings.
4. COPYRIGHT
All title and copyrights in and to the SOFTWARE (including but
not limited to all images, photographs, animations, video, audio,
music, text, and other information incorporated into the SOFTWARE),
the accompanying printed materials, and any copies of the SOFTWARE,
are owned by NVIDIA, or its suppliers. The SOFTWARE is protected
by copyright laws and international treaty provisions. Accordingly,
Customer is required to treat the SOFTWARE like any other copyrighted
material, except as otherwise allowed pursuant to this LICENSE
and that it may make one copy of the SOFTWARE solely for backup or
archive purposes.
5. APPLICABLE LAW
This agreement shall be deemed to have been made in, and shall be
construed pursuant to, the laws of the State of California.
6. DISCLAIMER OF WARRANTIES AND LIMITATION ON LIABILITY
6.1 No Warranties. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, THE SOFTWARE IS PROVIDED "AS IS" AND NVIDIA AND ITS SUPPLIERS
DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, IMPLIED
