| |
@@ -50,6 +50,10 @@
|
| |
|
| |
The `+License:+` field must be filled with the appropriate license Short License identifier(s) from the "Good License" tables on the {fedora-licensing} page. If your license does not appear in the tables, it needs to be sent to legal@lists.fedoraproject.org (note that this list is moderated, only members may directly post). If the license is approved, it will be added to the appropriate table.
|
| |
|
| |
+ As an alternative to the Fedora Short License identifier(s), your package's `+License:+` field may contain a valid https://spdx.org[Software Package Data Exchange] (SPDX) expression using SPDX short names. The expression specification is available https://spdx.org/specifications[here]. The license of licenses is https://spdx.org/license-list[here]. If your package uses licenses not represented in the SPDX list, you should stick with the Fedora Short License identifier(s).
|
| |
+
|
| |
+ NOTE: Do not mix Fedora Short License identifier(s) and expression syntax with SPDX syntax.
|
| |
+
|
| |
=== "Distributable"
|
| |
|
| |
In the past, Fedora (and Red Hat Linux) packages have used "Distributable" in the `+License:+` field. In virtually all of these cases, this was not correct. Fedora no longer permits packages to use "Distributable" as a valid License. If your package contains content which is freely redistributable without restrictions, but does not contain any license other than explicit permission from the content owner/creator, then that package can use "Freely redistributable without restriction" as its `+License:+` identifier.
|
| |
@@ -62,6 +66,8 @@
|
| |
|
| |
Some licenses include the version as part of the Short License Identifier. This is only done when multiple versions of the license differ in significant ways (e.g. one revision is GPLv2 incompatible, while a later version is not). Be careful to ensure that you use the correct Short License Identifier, as shown in the tables on the {fedora-licensing} page.
|
| |
|
| |
+ If using SPDX license expression syntax, be sure to use the correct identifier corresponding to the version(s) of the license that apply to your package.
|
| |
+
|
| |
=== "or later version" licenses
|
| |
|
| |
Some licenses state that either the current version of the license or later versions may be used. It is important to note when a license states this. When a license has an "or later version" clause, we note that by appending a + to the Short License Identifier.
|
| |
@@ -82,9 +88,15 @@
|
| |
License: MPLv1.1 or GPLv2+
|
| |
....
|
| |
|
| |
+ Example with SPDX syntax:
|
| |
+
|
| |
+ ....
|
| |
+ License: MPL-1.1 OR GPL-2.0-or-later
|
| |
+ ....
|
| |
+
|
| |
=== Multiple Licensing Scenarios
|
| |
|
| |
- If your package contains files which are under multiple, distinct, and independent licenses, then the spec must reflect this by using "and" as a separator. Fedora maintainers are highly encouraged to avoid this scenario whenever reasonably possible, by dividing files into subpackages (subpackages can each have their own `+License:+` field).
|
| |
+ If your package contains files which are under multiple, distinct, and independent licenses, then the spec must reflect this by using "and" as a separator (SPDX syntax uses "AND" as a separator). Fedora maintainers are highly encouraged to avoid this scenario whenever reasonably possible, by dividing files into subpackages (subpackages can each have their own `+License:+` field).
|
| |
|
| |
Example:
|
| |
Package bar-utils contains some files under the Python License, some other files under the GNU Lesser General Public License v2 or later, and one file under the BSD License (no advertising). The package spec must have:
|
| |
@@ -129,12 +141,18 @@
|
| |
If you are unlucky enough that your package possesses items multiple, distinct, and independent licenses...AND some of those items are dual licensed, you must note the dual licensed items by wrapping them with parenthesis (). Otherwise, the guidelines for Dual and Multiple Licensing apply.
|
| |
|
| |
Example:
|
| |
- Package baz-utils contains some files under the Python License, some other files under the GNU Lesser General Public License v2 or later, one file under the BSD License, no advertising, and one file which is dual licensed as Mozilla Public License v1.1 and GNU General Public License v2 or later. The package spec must have:
|
| |
+ Package baz-utils contains some files under the Python License, some other files under the GNU Lesser General Public License v2 or later, one file under the BSD 3-clause License, no advertising, and one file which is dual licensed as Mozilla Public License v1.1 and GNU General Public License v2 or later. The package spec must have:
|
| |
|
| |
....
|
| |
License: Python and LGPLv2+ and BSD and (MPLv1.1 or GPLv2+)
|
| |
....
|
| |
|
| |
+ Example with SPDX syntax:
|
| |
+
|
| |
+ ....
|
| |
+ License: Python-2.0 AND LGPL-2.0-or-later AND BSD-3-Clause AND (MPL-1.1 OR GPL-2.0-or-later)
|
| |
+ ....
|
| |
+
|
| |
Since this is a multiple licensing scenario, the package must contain a comment explaining the multiple licensing breakdown. The actual implementation of this is left to the maintainer.
|
| |
|
| |
=== Mixed Source Licensing Scenario
|
| |
@@ -147,6 +165,12 @@
|
| |
License: Python and (BSD with advertising and QPL)
|
| |
....
|
| |
|
| |
+ Example with SPDX syntax:
|
| |
+
|
| |
+ ....
|
| |
+ License: Python-2.0 AND (BSD-4-Clause AND QPL-1.0)
|
| |
+ ....
|
| |
+
|
| |
== Public Domain
|
| |
|
| |
Works which are clearly marked as being in the Public Domain, and for which no evidence is known to contradict this statement, are treated in Fedora as being in the Public Domain, on the grounds that the intentions of the original creator are reflected by such a use, even if due to regional issues, it may not have been possible for the original creator to fully abandon all of their their copyrights on the work and place it fully into the Public Domain. If you believe that a work in Fedora which is marked as being in the Public Domain is actually available under a copyright license, please inform us of this fact with details, and we will immediately investigate the claim.
|
| |
The Software Package Data Exchange (https://spdx.org/) is a Linux
Foundation project with overlap with the Fedora license expression
syntax. Many projects are beginning to add SPDX-Identifier notation
to source files and use SPDX short names. Fedora spec files should
allow this in the License field as well.
Some limitations:
Fedora packagers need to use either the Fedora syntax or the SPDX
syntax; they cannot mix the two.
SPDX is more expressive with regard to GPL, LGPL, and BSD variants
which may require packagers to look at the code in detail again.
For license short names where we have combined all in to one short
name and SPDX breaks it out, we should cross reference the License
tag expression with the source if a packager changes to SPDX syntax.
SPDX offers a list of license exceptions you can put in the
expression using the WITH keyword[1]. Fedora syntax tends to put
that as freeform in the License expression. Where there is an SPDX
identifier, that should be used.
If a current Fedora license expression cannot be translated to SPDX,
it should remain using the Fedora syntax.
"Redistributable" is not a valid SPDX identifier.
It would be nice to offer Fedora packagers the option of using SPDX
syntax or our existing syntax. The SPDX expressions are easier to
validate programatically too.
[1] https://spdx.org/licenses/exceptions-index.html
[2] https://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_within_SPDX_Files