From Fedora Project Wiki
What should be in the License: tag in Fedora packages brings up a lot of confusion. This FAQ is meant to help answer some of hte questions that arise over and over again.
- Does the
License:tag cover the SRPM or the binary RPM?
- When a binary RPM is created from sources with different licenses do we list all of the source licenses that went into that binary RPM or do some licenses trump others?
- Example: foo.c is licensed GPLv2+, bar.c is licensed MIT. They're compiled together into /usr/bin/foobar. Is the
License:tag that ships %{_bindir}/foobar "GPLv2+" or "GPLv2+ and MIT"?
- Example: foo.c is licensed GPLv2+, bar.c is licensed MIT. They're compiled together into /usr/bin/foobar. Is the
- Does it make a difference whether what is shipped is usable as a single file or as multiple files?
- Example: A static elf library composed of some files which were licensed under the GPLv2+ and others which were licensed under the "MIT" license. The static library is a single file but a program using functions from the library could end up only using MIt or only using GPLv2+ functions.
- Example: A python module that contains a module foo/gpl.py that is GPLv2+ and foo/mit.py that is licensed MIT. The two files exist in the same python package but they don't depend on each other. A script could import foo.gpl without import foo.mit and vice-versa. Does the
License:tag contain "GPLv2+", "GPLv2+ and MIT" or something else?
- Does the
License:tag anticipate things that the binary RPM links against/deps against?- Simple example: the rpm contains a program which is licensed GPLv2+. It links against a library that's licensed Apache. Does the
License:tag contain "GPLv2+" or "GPLv3+"? - More complex example: the rpm contains a program that is licensed MIT. If libreadline (GPLv2+) is installed, it will be used to enhance the experience but if it isn't installed, the program will still run. Should the
License:be "MIT", "GPLv2+", or something else?
- Simple example: the rpm contains a program which is licensed GPLv2+. It links against a library that's licensed Apache. Does the
- OpenSSL is generally considered incompatible with GPL because of the advertising clause however, the "system library" clause of the GPL may provide a way out. What is Fedora's position on compatibility of OpenSSL with GPLv2 and GPLv3?