On Fri, May 02, 2014 at 12:53:30PM +0100, Richard Hughes wrote:

Hi all,

I hope I'm asking in the right place, if not please disregard this
message. When writing AppStream metadata I'm required to convert the
existing Fedora license tag to an SPDX-compatible string so it can be
made into a hyperlink and be clickable. Most license IDs are either
the same, or map between one and the other with a small fudge factor,
but I'm having problems finding SPDX licences for a few Fedora IDs.

The fedora license ID's that probably should map to something (ideas welcome!):

* Afmparse
* AGPLv3 with exceptions
* AGPLv3+ with exceptions
* libtiff
* mecab-ipadic
* Mup
* OpenPBS
* softSurfer
* Teeworlds
* TORQUEv1.1
* UCD
* Vim
* XSkat
* Baekmuk
* Bitstream Vera
* Crystal Stacker
* Liberation
* MgOpen
* mplus

There are a few things that don't make sense, e.g.
* Public Domain
* Copyright only
* Freely redistributable without restriction
* Redistributable, no modification permitted

If anyone knows of any existing SPDX IDs suitable for any of the
above, I'd be very grateful. Thanks.

I think the problem is that you are dealing with three different
notions of license identifiers, two of which are superficially the
same in that AppStream has decided to use SPDX identifiers for its own
purposes, if I understand correctly. Also (based on what little
documentation on AppStream that I looked at) it is unclear what the
purposes are in the case of AppStream.

My knowledge of SPDX itself is limited, but if you look at:
http://spdx.org/spdx-license-list/matching-guidelines you will see
that SPDX is using license identifiers in an entirely different way
from how Fedora uses RPM metadata license identifiers.

A good example, though not on your list probably because you assume it
is not problematic, is "MIT". For SPDX, this means
http://spdx.org/licenses/MIT#licenseText subject to the points made in
the SPDX matching guidelines. For Fedora, however, "MIT" is supposed
to mean a wide range of different license texts (which SPDX would
surely treat as distinct, non-matching licenses) that were determined
by the Fedora Project to be what I myself might verbosely call "X
Window Project-descended license family licenses, particularly as
distinguished from BSD-family licenses" if I had to call it anything.

So for the ones you list, first of all for most of these there isn't
any SPDX license identifier anyway even if you ignore the issue I just
talked about, since the SPDX list is, at least at present, not meant
to be a comprehensive list of all licenses ever encountered in, say, a
conventional Linux distribution, but rather those that are "commonly
found". In your list, none of those are "commonly found" in that sense
except that the AGPLv3 part of "AGPLv3 with exceptions" is *likely* to
correspond to SPDX AGPL-3.0, but not the "with exceptions" part which
has no SPDX license identifier counterpart. (By contrast there are
some GPLv2 and GPLv3 SPDX license identifiers that include some
commonly-found permissive exceptions.)

So when you say "I'm required to convert the existing Fedora license
tag to an SPDX-compatible string so it can be made into a hyperlink
and be clickable", this is only meaningful if what you mean by "Most
license IDs are either the same, or map between one and the other with
a small fudge factor" is understood with my point about, e.g. the
significant distinction between SPDX "MIT" and Fedora "MIT" in
mind. And what would "MIT" hyperlink to -- the OSI version of the MIT
license? This is what Fedora "MIT" means some of the time but not all
of the time.

- Richard