Miscellaneous legal packaging topics
This page provides information on various legal or licensing aspects of Fedora packaging, such as certain non-license criteria for approval of certain kinds of packages or files in Fedora Linux, and certain specific interpretations of licensing issues made by Fedora.
License of Fedora spec files
All original Fedora contributions are governed by the Fedora Project Contributor Agreement (FPCA). For all practical purposes, all Fedora spec files are contributed by FPCA signers. This means that unless a spec file contains an explicit license or license notice stating otherwise, or there is some other evidence to the contrary, the spec file is available under the terms of the MIT license, to the extent it is copyrightable. Where there is no explicit MIT license notice in a spec file, it is understood that there is no requirement to add one (that is to say, the "default" MIT license is equivalent to MIT No Attribution).
Game data or content
Some non-executable data or content exists that is required to make free and open source game engines functional. Such data or content usually comes with the game engine as freely distributable, but not necessarily under a free and open source license allowed by Fedora. An example of this would be open sourced game engines, such as Doom, Heretic, and Descent. These game engines come with freely distributable shareware gamedata files.
In this case, the game data or content files can be packaged and included in Fedora, as long as the files meet the requirements to be otherwise allowed in Fedora, such as allowed-firmware or allowed-content.
Emulators
Some emulators (applications which emulate another platform) are not permitted for inclusion in Fedora Linux. These rules will help you determine if an emulator is acceptable for Fedora.
-
Emulators which depend on firmware or ROM files to function may not be included in Fedora Linux, unless the copyright holder(s) for the firmware/ROM files give clear permission for the firmware/ROM files to be distributed (either under a Fedora allowed license or a Fedora allowed-firmware license). Note: This only covers the situation where an emulator will not run at all without firmware/ROM files. For example, emulators that compile and run, but ship with no game ROMs are not covered by this rule.
-
Emulators must not ship with any ROM files (e.g. games) unless those ROM files are available under a Fedora allowed license and have been built from source code in the Fedora buildsystem.
-
Emulators must not point to any third-party sites which provide firmware or ROM files that are distributed without the clear and explicit permission of their copyright holders.
-
All other Fedora licensing and packaging rules apply to emulators.
Licensing of RSA implementations of MD5
It is common to encounter old RSA reference C implementations of the MD5 message-digest algorithm under a free software license containing an advertising requirement, similar to the better-known advertising clause in old versions of the BSD license. Such advertising clauses have generally been understood to be GPL-incompatible. The RSA license is included in the SPDX License List under the short identifier RSA-MD
. The MD5 reference implementation also appears in RFC 1321, which states that distribution of the RFC document is "unlimited."
In 2000 RSA provided a clarification of "the status of intellectual property rights asserted by [RSA] in the MD2, MD4 and MD5 message-digest algorithms", saying "Implementations of these message-digest algorithms, including implementations derived from the reference C code in RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold without license from RSA for any purpose."
Fedora traditionally interpreted this RSA statement as, in effect, superseding the RSA-MD
license except to the extent that the license required "copyright attribution".
Under present-day policies for populating the spec file License: field, if you encounter RSA code under this license, you do not need to, and probably should not, do any of the following:
-
Record
RSA-MD
(or any other license identifier) in the License: field -
Install a copy of the RSA license in /usr/share/licenses
-
Copy or reference the external 2000 RSA statement
-
Use the Callaway legacy name "Copyright only" in the spec file License: field.
However, unless you have guidance from Fedora Legal suggesting otherwise, you should retain the RSA copyright and license notice as found in the upstream source code.
Elliptic curve cryptography (ECC)
The following ECC curves are currently permitted in Fedora:
Curve 448 |
224 bit curve designed for use with the elliptic curve Diffie–Hellman (ECDH) ke y agreement scheme |
Curve 25519 |
128 bit curve designed for use with the elliptic curve Diffie–Hellman (ECDH) ke y agreement scheme |
secp224r1 |
NIST/SECG curve over a 224 bit prime field |
secp256k1 |
SECG curve over a 256 bit prime field |
secp256r1 / prime256v1 |
X9.62/SECG curve over a 256 bit prime field |
secp384r1 |
NIST/SECG curve over a 384 bit prime field |
secp521r1 |
NIST/SECG curve over a 521 bit prime field |
brainpoolp*r1 |
Family of curves over 160, 192, 224, 256, 320, 384, and 512 bit prime fields (I ETF RFC 5639) |
Want to help? Learn how to contribute to Fedora Docs ›