There are two fields for license in modulemd:

• data.license.module is the license of the modulemd file itself, as well as other source files or tools directly linked to it, unless those declare their own licenses; for SPEC files, the implicit choice is MIT, set by the Fedora Project, however, packagers are free to override it with SPEC comments; in modulemd this is explicit structured data
• data.license.content is what you're asking for -- the list of licenses of the binary content present in the module; unlike in the previous case, this should be filled in automatically during the compose by inspecting the binary RPMs that end up in the module artifact

Looks like we did not understand each other during the workshop. Pavle, are there still some concerns from your side?

That is what I meant during the workshop.

Yeah, the related question live was: Is it legally "safe" to ship GPLv3+ content within modulemd with license.module: MIT? Or what does it mean for me as the consumer of the module? Do we have to have that tag in the end (if one cares about the modulemd file license, he can state that in comments I guess)?

Another level of abstraction, module is set of packages (aka yum repository). What's the license of the actual Fedora repositories? What's the license of the whole Fedora?

Fedora repositories are generated from two things:

• package metadata, defined by SPEC files; SPEC file license is, as previously mentioned, MIT by default -- https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files
• compose configuration and comps files; these are tracked in separate repositories here on Pagure (fedora-comps, pungi-fedora); I'm not sure what terms are these distributed under but you can definitely raise an issue there if it's unclear

modulemd is more than just repodata; it's a build recipe and in that respect I see it more like a SPEC file than repodata (even though it fulfills that role as well). The original input, regardless of whether it's partially generated, is also defined by humans and can be licensed.

Anyway, IANAL. If you believe modulemd files don't deserve a license of their own, raise that question with Fedora Legal.

If you believe modulemd files don't deserve a license of their own, raise that question with Fedora Legal.

Why I should go and raise something with legal? :)

What I wanted to say is that data.license.module: MIT evoked the feeling that the module is MIT -> but in such case you wouldn't be allowed to ship GPLv2+ software inside (I guess, you would have to make the whole module GPLv2+, but IANAL too).

Sorry, I was confused by two things: data.license.module is not license of "module" and I also didn't know that Fedora spec files are by default MIT (I thought that the license should match with the license of the content, aka License field -- but one needs to specify the license in spec file comments to change).

Since you seem to be sure that the status quo is fine, please close this case. Thanks for having a look at this!