Migrate License field to SPDX identifiers (#2222074)

This commit (a) expands on and corrects some errors in the long
comment describing various licenses used in glibc preceding the
License field; and (b) migrates the License field to SPDX identifiers
based on an analysis of glibc-2.39 sources done using the ScanCode
toolkit.

Licenses Allowed in Fedora:
https://docs.fedoraproject.org/en-US/legal/allowed-licenses

Adoption of SPDX in Fedora:
https://docs.fedoraproject.org/en-US/legal/update-existing-packages

Repository of Fedora License Data:
https://gitlab.com/fedora/legal/fedora-license-data

ScanCode toolkit:
https://github.com/nexB/scancode-toolkit
This commit is contained in:
Arjun Shankar 2024-02-28 15:54:50 +01:00
parent 797647f2a8
commit aa075b2434

View File

@ -171,35 +171,61 @@ Version: %{glibcversion}
# - It allows using the Release number without the %%dist tag in the dependency # - It allows using the Release number without the %%dist tag in the dependency
# generator to make the generated requires interchangeable between Rawhide # generator to make the generated requires interchangeable between Rawhide
# and ELN (.elnYY < .fcXX). # and ELN (.elnYY < .fcXX).
%global baserelease 2 %global baserelease 3
Release: %{baserelease}%{?dist} Release: %{baserelease}%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for # Licenses:
# libraries.
# #
# LGPLv2+ with exceptions is used for things that are linked directly # High level license status of the glibc source tree:
# into dynamically linked programs and shared libraries (e.g. crt
# files, lib*_nonshared.a). Historically, this exception also applies
# to parts of libio.
# #
# GPLv2+ with exceptions is used for parts of the Arm unwinder. # * In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries.
# #
# GFDL is used for the documentation. # * LGPLv2+ with exceptions is used for things that are linked directly
# into dynamically linked programs and shared libraries (e.g. crt
# files, lib*_nonshared.a). Historically, this exception also applies
# to parts of libio.
# #
# Some other licenses are used in various places (BSD, Inner-Net, # * LGPLv2 is used in a couple of places (e.g. time/timespec_get.c, by
# ISC, Public Domain). # mistake).
# #
# HSRL and FSFAP are only used in test cases, which currently do not # * GPLv2+ with exceptions is used for parts of the Arm unwinder.
# ship in binary RPMs, so they are not listed here. MIT is used for
# scripts/install-sh, which does not ship, either.
# #
# GPLv3+ is used by manual/texinfo.tex, which we do not use. # * GFDL is used for the documentation.
# #
# LGPLv3+ is used by some Hurd code, which we do not build. # * Some other licenses are used in various places (BSD, Inner-Net,
# ISC, Public Domain, etc.).
# #
# LGPLv2 is used in one place (time/timespec_get.c, by mistake), but # Licenses that make an appearance in the source tree but are not used:
# it is not actually compiled, so it does not matter for libraries. #
License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL # * HSRL and FSFAP are only used in test cases, which currently do not
# ship in binary RPMs, so they are not listed here.
#
# * GPLv3+ is used by manual/texinfo.tex, which we do not use and a test and
# some scripts that we do not ship, and so it is not listed here.
#
# * LGPLv3+ is used by some Hurd code, which we do not build.
#
# * A copyleft license is used in posix/runtests.c, but it is only a test
# case and so the license is not listed here.
#
# * A "PCRE License" is used by PCRE.tests, but it is only a test case and
# so the license is not listed here.
#
# * BSL-1.0 is only used by a test from boost and so the license is not
# listed here.
#
# * Unlicense is used in an OpenRISC 1000 file which we don't support.
#
# SPDX references:
# https://spdx.org/licenses
# https://docs.fedoraproject.org/en-US/legal/allowed-licenses
# https://gitlab.com/fedora/legal/fedora-license-data
#
# SPDX license string based on evaluation of glibc-2.39 sources by
# ScanCode toolkit (https://github.com/nexB/scancode-toolkit),
# and accounting for exceptions listed above:
License: LGPL-2.1-or-later AND SunPro AND LGPL-2.1-or-later WITH GCC-exception-2.0 AND BSD-3-Clause AND GPL-2.0-or-later AND LGPL-2.1-or-later WITH GNU-compiler-exception AND GPL-2.0-only AND ISC AND LicenseRef-Fedora-Public-Domain AND HPND AND CMU-Mach AND LGPL-2.1-only AND LGPL-2.0-or-later AND Unicode-DFS-2015 AND GFDL-1.1-or-later AND GPL-1.0-or-later AND FSFUL AND MIT AND Inner-Net-2.0 AND X11 AND GPL-2.0-or-later WITH GCC-exception-2.0 AND GFDL-1.3-only AND GFDL-1.1-only
URL: http://www.gnu.org/software/glibc/ URL: http://www.gnu.org/software/glibc/
Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.xz Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.xz
@ -2312,6 +2338,13 @@ update_gconv_modules_cache ()
%endif %endif
%changelog %changelog
* Wed Feb 28 2024 Arjun Shankar <arjun@redhat.com> - 2.39-3
- Analyse glibc-2.39 sources for license information
- Migrate License field to SPDX identifiers for
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
https://docs.fedoraproject.org/en-US/legal/update-existing-packages
(#2222074)
* Wed Feb 7 2024 Florian Weimer <fweimer@redhat.com> - 2.39-2 * Wed Feb 7 2024 Florian Weimer <fweimer@redhat.com> - 2.39-2
- Ignore symbolic links to . in sysroot construction - Ignore symbolic links to . in sysroot construction