Open adrelanos opened 3 years ago
CC @mfc
Created https://github.com/QubesOS/qubes-doc/pull/1145 as a stopgap to clarify licensing just now.
Changed:
Qubes is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2.
to:
Qubes OS is a compilation of software packages, each under its own license. The compilation is made available under the GNU General Public License version 2.
Did that for consitency because the title above said Qubes OS
. Since this is legally important, it should be consistent. Otherwise Qubes
and Qubes OS
could be something different, unless defined.
Added:
The source code of Qubes OS (all repositories listed on the @QubesOS account on github) is made available under the same license, unless a file
LICENSE
in the root of the repoistory specifies a different license.
Did that because some repositories have a LICENSE
file. qubes-core-admin's LICENSE file specifies a different license, LGPG v2.1. Most repositories don't have a LICENSE
file.
License clarification on the website is a good stopgap since updating at time of writing 151
repositories would be quite some work, even if just adding a LICENSE
file. Let alone other things mentioned in the original issue post.
shall we apply to this to get help?
There are various issues with Qubes source code licensing declaration.
rpm_spec/package-name.spec
(.in
) is usingLicense: GPL
instead ofLicense: GPLv2+
.GPL
is inot a validlicense Short License identifier
as per Fedora licensing guidelines ("RPM Spec"). Quote https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License:_fielddebian/copyright
must be duplicated to fileCOPYRIGHT
in repository root file. (I'd suggest having a test that makes sure that these files always match.) (Must not be a symlink.)https://www.qubes-os.org/doc/license/ is not defining the copyright for each Qubes source file either. It says nothing about the source code for repositories by Qubes.
No need to take my word for it. You could try e-mailing
licensing@fsf.org
(was helpful for me years ago) for confirmation or see https://reuse.software/ by FSFE.On Debian, for Debian packages the linter tool
lintian --pedantic
is helpful to identify source code licensing / not machine readable issues.[1] Quote GPLv2 license:
(File
/usr/share/common-licenses/GPL-2
on Debian systems.)