Tag: legal

Fedora Legal SPDX hackfest

Ed. note: The hackfest was rescheduled to 17 May.

Fedora Legal will be conducting a SPDX identifier hackfest on April 26, 2023 during a four hour block. Please join us on Wednesday, May 17, 2023 between 10:00 AM EDT / 1400 UTC / 16:00 CEST and 14:00 EDT / 1800 UTC / 20:00 (CEST) on Google Meet.

Continue reading

Important changes to software license information in Fedora packages (SPDX and more!)

On behalf of all of the folks working on Fedora licensing improvements, I have a few things to announce!

New docs site for licensing and other legal topics

All documentation related to Fedora licensing has moved to a new section in Fedora Docs, which you can find at https://docs.fedoraproject.org/en-US/legal/. Other legal documentation will follow. This follows the overall Fedora goal of moving active user and contributor documentation away from the wiki.

Fedora license information in a structured format

The “good” (allowed) and “bad” (not-allowed) licenses for Fedora are now stored in a repository, using a simple structured file format for each license (it’s TOML). You can find this at https://gitlab.com/fedora/legal/fedora-license-data. This data is then presented in easy tabular format in the documentation, at https://docs.fedoraproject.org/en-US/legal/allowed-licenses/.

Historically, this information was listed in tables on the Fedora Wiki. This was hard to maintain and was not conducive to using the data in other ways. This format will enable automation for license validation and other similar process improvements.

New policy for the License field in packages — SPDX identifiers!

We’re changing the policy for the “License” field in package spec files to use SPDX license identifiers. Historically, Fedora has represented licenses using short abbreviations specific to Fedora. In the meantime, SPDX license identifiers have emerged as a standard, and other projects, vendors, and developers have started using them. Adopting SPDX license identifiers provides greater accuracy as to what license applies, and will make it easier for us to collaborate with other projects.

Updated licensing policies and processes

Fedora licensing policies and processes have been updated to reflect the above changes. In some cases, this forced deeper thought as to how these things are decided and why, which led to various discussion on Fedora mailing lists. In other cases, it prompted better articulation of guidance that was implicitly understood but not necessarily explicitly stated. 

New guidance on “effective license” analysis

Many software packages consist of code with different free and open source licenses. Previous practice often involved  “simplification” of the package license field when the packager believed  that one license subsumed the other — for example, using just “GPL” when the source code includes parts licensed under a BSD-style license as well. Going forward, packagers and reviewers should not make this kind of analysis, and rather use (for example) “GPL-2.0-or-later AND MIT”. This approach is easier for packagers to apply in a consistent way. 

When do these changes take effect?

The resulting changes in practice will be applied to new packages and licenses going forward. It is not necessary to revise existing packages at this time, although we have provided some guidance for package maintainers who want to get started. We’re in the process of planning a path for updating existing packages at a larger scale — stay tuned for more on that!

Thank you everyone!

A huge thanks to some key people who have worked tirelessly to make this happen: David Cantrell, Richard Fontana, Jilayne Lovejoy, Miroslav Suchý. Behind the scenes support was also provided by David Levine, Bryan Sutula, and Beatriz Couto. Thank you as well for the valuable feedback from Fedora community members in various Fedora forums. 

Please have a look at the updated information. If you have questions, please post them to the Fedora Legal mailing list: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/ 

Statement on We Make Fedora

As part of our Code of Conduct, the Fedora Project has pledged to collaborate in a respectful and constructive manner, to make participation in our project and our community a harassment-free experience for everyone, to avoid personal attacks on others, and to avoid inflammatory language and speech that perpetuates discrimination. 

Recently, the website We Make Fedora (WMF) has come to our attention. WMF scrapes and aggregates (via RSS/Atom) the blog feeds from Fedora and Fedora contributor sites. These scraped posts are intermingled on WMF with other posts.

The Fedora Project does not endorse We Make Fedora. The site maintainer is not a member of the Fedora Project community and is unaffiliated with Fedora. Further, WMF has not committed to follow our Code of Conduct and has not made the same pledges contained therein. 

If you have a blog on Fedora Planet which is appearing on WMF, you may want to include the following statement as a blog header:

Suggested Blog Header

We Make Fedora is not affiliated with the Fedora Community or the contributors to the Fedora Linux operating system. If you read this post on We Make Fedora, it might be there without permission. We encourage you to read this content at its source.

Fedora’s default license for content is now CC BY-SA 4.0

The Fedora Project Contributor Agreement (FPCA), which all Fedora contributors sign, exists to make sure that everything in the project is licensed in accordance with our “Freedom” value. The FPCA includes a provision which allows the Council to update the default license for either “code” or “content”:

The Fedora Council may, by public announcement, subsequently designate an additional or alternative default license for a given category of Contribution (a “Later Default License”). A Later Default License shall be chosen from the appropriate categorical sublist of Acceptable Licenses For Fedora.

The Fedora Council has approved a change from from the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license to the Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0) license for material classified as “content”. This message is the official public announcement of that change, which is effective as of today, the 13th of May 2021.

This license applies to content (not code) submitted to Fedora that does not have an explicit license attached. The FPCA is not a copyright assignment, and does not override the explicit license choices of contributors or upstream projects.

Policy proposal: Update default content license to CC BY-SA 4.0

Earlier this month, Matthew Miller suggested the Fedora Council update the default content license from the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license to the Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0) license. This license applies to content (not code) submitted to Fedora that does not have an explicit license attached. It does not override the explicit license choices of contributors or upstream projects.

Continue reading

Copyright © 2024 Fedora Community Blog

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Theme by Anders NorenUp ↑