Spec File License Tags

If your package (or part of your package) is licensed under a license and also applies a permissive exception or additional permission (most commonly seen with licenses in the GPL family), the License tag must reflect this using WITH as a separator. Note that the combination of the license with the exception must be allowed by Fedora.

Example: foo.rpm is built entirely from source code covered by "GPLv2 only" with the exception commonly known as the Classpath Exception, which corresponds to the SPDX exception identifier "Classpath-exception-2.0". The spec file must have:

License: GPL-2.0-only WITH Classpath-exception-2.0

Note that some license-related text accompanying a license or license notice may be one of the following:

In some cases the distinction between the first and third of these possibilities is mostly a matter of community tradition (some statements of interpretation come to be seen as license exceptions if they become well known or get reused by other projects). For help in figuring out which of these situations applies, please create an issue following the License Review Process.

If your package (or part of your package) is licensed under a choice of two (or more) licenses, and each license is allowed for Fedora, the License tag must reflect this by using the OR operator. (Where, as is typical, there is a choice of two licenses, it is common in FOSS to call this "dual licensing", although that term is sometimes used to refer to different concepts.)

Example: foo.rpm is built entirely from source code dual-licensed under a choice of the Mozilla Public License 1.1 and GPLv2-or-later. The spec file must have:

License: MPL-1.1 OR GPL-2.0-or-later

However, if your package is licensed under a choice of two licenses and one is an allowed license and one is a not-allowed license, then the general rule is that the License tag must reflect the allowed license only. In this case you would not use an "OR" operator. In such situations you are encouraged to include a comment explaining how the code is licensed upstream.

See the section below on Perl packages for an exception to this general rule.

The ordering of the elements in an OR expression is arbitrary.

If your package is built from files under multiple distinct licenses, then theLicense tag must reflect this by using the AND operator.

Example: bar-utils.rpm is built from some files under the MIT License, some other files under LGPLv2.0-or-later, and one file under the three-clause BSD license. The spec file must have:

License: MIT AND LGPL-2.0-or-later AND BSD-3-Clause

A single license identifier should only appear once in an "AND" expression regardless of how many distinct source or binary components the corresponding license covers for the relevant binary RPM.

Example: bar.rpm contains three executable utility programs. You’ve determined that two of them are each licensed under GPL version 2 only, while the third is licensed under the MIT license. The spec file would have:

License: GPL-2.0-only AND MIT

It would not be GPL-2.0-only AND GPL-2.0-only AND MIT, even though from an orthodox GPL interpretation standpoint there are two separate GPL-licensed "Programs" in this package.

Example: Same facts as bar.rpm above, but now bar.rpm also contains a fourth program licensed under GPL version 2 or later. Here the spec file would have:

License: GPL-2.0-or-later AND GPL-2.0-only AND MIT

That is, we treat the GPL version 2 or later and the GPL version 2 only parts as distinctly-licensed components, both of which must be reflected in the license expression.

The ordering of the elements in an AND expression is arbitrary.

If your package is built from files under multiple distinct licenses, and some files are licensed under a choice of two (or more) licenses, then the License tag must include the appropriate OR and AND expressions. The OR subexpressions should be placed in parentheses (because SPDX follows the convention of giving AND higher precedence than OR). The license expression must reflect the disjunctive license choice even if one or both of the license identifiers in the OR expression also appear separately in the composite license expression.

Example: baz-utils.rpm is built from some files under the MIT License, some other files under LGPLv2.1 or later, one file under the three-clause BSD license and one file which is dual licensed under MPL 1.1 and GPLv2 or later. The spec file would have:

License: MIT AND LGPL-2.1-or-later AND BSD-3-Clause AND (MPL-1.1 OR GPL-2.0-or-later)

Example: baz.rpm contains three executable utility programs. You’ve determined that one is disjunctively dual-licensed under the choice of GPL version 3 or later or MPL version 1.1; one is licensed under GPL version 3 or later; and one is licensed under MIT. The spec file would be:

License: (GPL-3.0-or-later OR MPL-1.1) AND GPL-3.0-or-later AND MIT

Here we repeat GPL-3.0-or-later because for one binary component it appears as part of an OR subexpression. That is, OR expressions must be treated as though they were a single distinct license.

Some upstream projects bundle code copied from other upstream projects (a practice some communities sometimes call "vendoring"). In certain cases Fedora permits packaging of such projects including the bundled dependencies. In some other cases, a Fedora package may itself bundle dependencies that are not separately packaged in Fedora. In these cases, assuming the bundled dependencies are built or otherwise included in the packaged binary, the License tag must reflect the licenses covering the bundled code.

Example: foo.rpm is built from source code that consists of upstream project source code under the Apache License 2.0 along with several bundled dependencies, some of which are under the MIT license, one of which is (disjunctively) dual-licensed under the Apache License 2.0 and the MIT license, and one of which is under MPL 2.0). The spec file would have:

License: Apache-2.0 AND MIT AND (Apache-2.0 OR MIT) AND MPL-2.0

Since Rust applications are statically linked and contain code from all their dependencies, the License tag for the subpackage containing the built binary must contain the individual licenses of all dependencies in accordance with these guidelines.

Perl 5 is presented upstream as being dual-licensed under the choice of GPL version 1-or-later (corresponding to the SPDX expression GPL-1.0-or-later) and the Artistic License 1.0 (more precisely, the license that corresponds to the SPDX short identifier Artistic-1.0-Perl). Many Perl modules say simply that they are licensed under "the same terms as Perl itself". Fedora treats this as an unambiguous reference to that well known Perl GPL|Artistic dual license.

The version of the Artistic License 1.0 used by Perl is not-allowed in Fedora. However, as an exception to the general rule that OR expressions should not be used if one of the licenses is not-allowed, packages containing Perl code that uses the Perl dual license can opt to use either:

License: GPL-1.0-or-later

or

License: GPL-1.0-or-later OR Artistic-1.0-Perl

Any firmware license needs to be submitted for review under the allowed for firmware criteria and added accordingly to the Fedora license data, unless the license is already listed as an allowed or allowed-firmware license.

Typical licenses designed for firmware may not be elgible for inclusion on the SPDX License List, in which case a LicenseRef- SPDX identifier will be assigned.

For information on transitioning existing packages to the use of SPDX identifiers in the License tag, see Update Existing Packages.

It is very common for portions of FOSS code to be covered by simple, informal public domain dedication language. For example, a source file might contain a comment at the top of the file saying: "This program is in the public domain." These statements do not actually cause the code they cover to enter the public domain; except in certain rare cases, they are more akin to extremely permissive licenses.

Under the Callaway system, Fedora packages used Public Domain in theLicense tag as an umbrella short name to represent all such public domain dedications.

If you find a new package for inclusion in Fedora that has such a statement, then submit it for review.

For more information on specific considerations relating to the transition to SPDX identifiers for existing packages, see Update Existing Packages.