Last 75 packages are not SPDX compliant. Full boring startistics is here:
https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit?usp=sharing
In recent months, it has been the case that approval of a new SPDX ID has taken months (three months on average). To
prevent SPDX from blocking new packages in Fedora, Richard and I proposed this change to the guidelines:
https://docs.fedoraproject.org/en-US/legal/license-review-process/#_opening_an_spdx_license_list_issue
The submission and approval process for inclusion on the SPDX License List can be lengthy. As a temporary measure to
mitigate delays in the workflow, the Fedora Project will provision a temporary license identifier with the syntax
|LicenseRef-Fedora-Temporary-*| that you may use. Once SPDX assigns the final ID, you have to change this temporary ID
to the final one.
In short: you find a new license -> open an issue on fedora-license-data -> the license is approved (label license
allowed) -> it is assigned a temporary identifier in the form of LicenseRef-Fedora-Temporary-* and at the same time a
request for a new ID is sent to upstream SPDX -> once SPDX decides, we remove LicenseRef-Fedora-Temporary-* and replace
it with the final ID.
The advantage is that LicenseRef-Fedora-Temporary-* is added to the fedora-license-data list, so all tests
(license-validate, rpminspect...) will pass. And when the ID is replaced, failing tests will alert you to the change.
When I talk about tests, I am not talking about current tests, but about the future situation. Because we are
approaching a time when it will be possible to enable gating tests that only allow approved licenses. However, this will
be a separate proposal.
Right now we have 10 licenses that are blocked by upstream SPDX. I assigned
temporary ID to all of them.
Beside these temporary ID we added 7 new licenses to fedora-license-data. And
the backlog is down to 30 open issues!
I also removed the deprecated parts from JSON build artifact. These parts were deprecated for 2 years and I think it is
time to move. For more info see https://gitlab.com/fedora/legal/fedora-license-data/-/issues/387
The list of packages needed to be converted is here:
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final.txt
List by package maintainers is here
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-final-maintainers.txt
Packages that are neither in SPDX nor in Callaway format (highest priority for
now) - 16 packages:
https://pagure.io/copr/license-validate/blob/main/f/neither-nor-remaining-packagers.txt
If your package does not have neither git-log entry nor spec-changelog entry mentioning SPDX and you know your license
tag matches SPDX formula, you can put your package on ignore list
https://pagure.io/copr/license-validate/blob/main/f/ignore-packages.txt
Either pull-request or direct email to me is fine.
Miroslav
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
