Archive:PackagingDrafts/LicenseTag

From FedoraProject

Jump to: navigation, search

Contents

License: Tag Proposal

Author: Tom 'spot' Callaway
Revision: 0.04
Initial Draft: Thursday July 26, 2007
Last Revised: Tuesday July 31, 2007


Rationale

There is now a requirement to standardize the license tags used in Fedora. The creation of the new GPL and LGPL v3 licenses (and their confusing compatibility) illustrates the need to be able to more easily identify the license(s) that a package contains. Previously, there was no standardization of licenses. Many packages with the same license end up with different license tags. Some licenses were not specific enough (GPL) and some licenses were simply too vague (Distributable).

Proposal

I propose that the following sections be added to the Packaging/NamingGuidelines (and an item added to the Packaging/ReviewGuidelines to check that the License tag is correctly filled out).

License: field

Every Fedora package must contain a License: entry. Maintainers should be aware that the contents of the License: field are understood to not be legally binding (only the source code itself is), but maintainers must make every possible effort to be accurate when filling the License: field.

Valid License Short Names

The License: field must be filled with the appropriate license Short License identifier(s) from the "Good License" tables on the Fedora Licensing page. If your license does not appear in the tables, it needs to be sent to tcallawa@redhat.com. If the license is approved, it will be added to the appropriate table.

"Distributable"

In the past, Fedora (and Red Hat Linux) packages have used "Distributable" in the License: field. In virtually all of these cases, this was not correct. Fedora no longer permits packages to use "Distributable" as a valid License. If your package contains content which is freely redistributable without restrictions, but does not contain any license other than explicit permission from the content owner/creator, then that package can use "Freely redistributable without restriction" as its License: identifier.

Firmware

The License: field for any firmware that disallows modification should be set to: "Redistributable, no modification permitted".

Versioned licenses

Some licenses include the version as part of the Short License Identifier. This is only done when multiple versions of the license differ in significant ways (e.g. one revision is GPLv2 incompatible, while a later version is not). Be careful to ensure that you use the correct Short License Identifier, as shown in the tables on the Fedora Licensing page.

"or later version" licenses

Some licenses state that either the current version of the license or later versions may be used. It is important to note when a license states this. When a license has an "or later version" clause, we note that by appending a + to the Short License Identifier. Please note that there are already special Short License Identifiers for GPLv2+ and LGPLv2+, there is no need to append an additional + for those cases.

GPL and LGPL

Since compatibility of code and library linking is especially complex with GPL and LGPL, Fedora packages can no longer simply use "GPL" or "LGPL" in the License: field. Please refer to the Fedora Licensing page for the acceptable identifiers, and be careful to ensure that you select the correct one.

Dual Licensing Scenarios

If your package is dual licensed (or triple licensed, etc.), the spec must reflect this by using "or" as a separator. Note that this only applies when the contents of the package are actually under a dual license, and not when the package contains items under multiple, distinct, and independent licenses.

Example:

Package libfoo is dual licensed as Mozilla Public License v1.1 and GNU General Public License v2 or later. The package spec must have:

License: MPLv1.1 or GPLv2+

Multiple Licensing Scenarios

If your package contains files which are under multiple, distinct, and independent licenses, then the spec must reflect this by using "and" as a separator. Fedora maintainers are highly encouraged to avoid this scenario whenever reasonably possible, by dividing files into subpackages (subpackages can each have their own License: field).

Example: Package bar-utils contains some files under the Python License, some other files under the GNU Lesser General Public License v2 or later, and one file under the BSD License (no advertising). The package spec must have:

License: Python and LGPLv2+ and BSD

In addition, the package must contain a comment explaining the multiple licensing breakdown. The actual implementation of this is left to the maintainer. Some suggested implementations include

  • A comment right above the License: field:
License: GPLv2+ and BSD
  • Including a file as %doc which contains the licensing breakdown for the packaged files, then using:

  • Noting the license above the appropriate %files section:
%files
%defattr(-,root,root,-)
%doc Changes
%{_bindir}/cobra-util
%{_bindir}/viper-util
%{_bindir}/gnu-util
%{_bindir}/rms-util
%{_bindir}/berkeley-util

Combined Dual and Multiple Licensing Scenario

If you are unlucky enough that your package possesses items multiple, distinct, and independent licenses...AND some of those items are dual licensed, you must note the dual licensed items by wrapping them with parenthesis (). Otherwise, the guidelines for Dual and Multiple Licensing apply.

Example: Package baz-utils contains some files under the Python License, some other files under the GNU Lesser General Public License v2 or later, one file under the BSD License, no advertising, and one file which is dual licensed as Mozilla Public License v1.1 and GNU General Public License v2 or later. The package spec must have:

License: Python and LGPLv2+ and BSD and (MPLv1.1 or GPLv2+)

Since this is a multiple licensing scenario, the package must contain a comment explaining the multiple licensing breakdown. The actual implementation of this is left to the maintainer.

Mixed Source Licensing Scenario

In some cases, it is possible for a binary to be generated from multiple source files with compatible, but differing licenses. Thus, the binary file would actually have simultaneous dual licensing (an AND, as opposed to an OR). For example, it is possible that a binary is generated from a source file licensed as BSD with advertising, and another source file licensed as QPL (which specifies that modifications must be shipped as patches). In this scenario, we'd wrap the list of licenses for that binary with parenthesis, example:

Package spot-utils contains some files under the Python License, but one of the files is generated from a BSD with advertising source file and a QPL source file.

License: Python and (BSD with advertising and QPL)