@ngompa filed Fedora-Council/tickets ticket #471. Discuss here and record votes and decisions in the ticket.
1 Like
FYI, Iâm lifting FE-Legal on RHBZ#1942132 after @catanzaroâs comment in the bug. I do not believe thereâs anything worth blocking on and weâve been waiting for far too long (the package review itself started in 2021!)
1 Like
Iâm sorry that this has been frustrating, @ngompa.
My first thought is that this seems like a responsibility squarely under liaising with Fedora Legal. A Council member who is not employed at Red Hat is not going to be solve this as easily as a Council member who is.
So, instead, I think the ownership should fall to one of the appointed Fedora Council seats, i.e. Project Leader, Operations Architect, Community Architect. Ownership here likely mean liaising with Fedora Legal who can unblock these requests in Bugzilla.
I agree, it makes sense. I would further suggest that it would fall either under Project Leader or Operations Architect roles. Both of those roles have some alignment for âgreasing the wheelsâ, so to speak.
I might have picked different words, but I agree with Neal here. The current situation is really frustrating for packagers. Things are blocked on legal review for months on end, and if we do get responses, they are often not actionable at all - requiring another months-long round-trip-time for another response (if any).
Another example where I waited for six months and only got an actionable response after asking if my suggested workaround is OK for a third time: Permissibility of P-434 based elliptic curve in Fedora - legal - Fedora Mailing-Lists
I can also confirm that the issue that originally caused be to open #408 is still unresolved. The effort to package the Wasmtime WebAssembly runtime has been abandoned long ago because of it, even though all that wouldâve been needed was a simple âyes this is OK, not copyrightableâ or âthis is copyrightable and upstream should choose a license for itâ response ⌠(and all I got was this non-response).
PS: In my old ticket, @mattdm pointed out that getting things moving on FE-Legal stuff would be his responsibility: https://pagure.io/Fedora-Council/tickets/issue/408#comment-809611 - there was apparently some discussion about changing this process, but as far as I can tell, it was decided to change nothing.
1 Like
PS: In my old ticket, @mattdm pointed out that getting things moving on FE-Legal stuff would be his responsibility: Issue #408: Is the FE-Legal tracker bug being monitored at all? - tickets - Pagure.io - there was apparently some discussion about changing this process, but as far as I can tell, it was decided to change nothing.
We actually had some progress on this, not involving blocking on me[1]. But I (and the rest of the Council) do need to take responsibility for making sure that works and stays working.
This shouldnât have taken so long to get a response. Iâm sorry about that. Often, a slow response actually means that something significant is happening in the background, which was the case with this ecc question too. But that shouldnât be indistinguishable from âno one is looking at thisâ.
which is usually a bad idea âŠď¸
Hi, a few comments:
- I personally have never liked how âFE-Legalâ has been used.
- Often the most difficult FE-Legal issues are questions of third-party patent risk. I am not involved in advising Red Hat on such issues directly. Red Hatâs patent team has had some significant personnel changes over the past year. Both the patent SME expert and their manager, the head of IP, left. There is a new head of IP and a new patent SME who is still sort of getting up to speed.
- I am not sure that it is a good idea for patent risk issues to be the basis for an FE-Legal block in the first place (such issues are obviously important and need to be resolved but I think there may be a better way of enabling such issues to be raised and resolved).
- Regarding @decathorpeâs comment on the wasmtime issue, I get that you are angry because you keep bringing this up from time to time but I am not sure what I should have done differently. The questions raised in the bugzilla were (to me) pretty confusing â again going to this not being the best medium for dealing with these kinds of problems even where I feel authorized to do so. You donât care that there is a policy problem with CC0, but I do. I donât consider it an open source license and I feel personally responsible for encouraging its use (particularly in Fedora) several years ago. Ignoring this policy issue has led to some significant problems around standards development and âopen-washingâ. You closed the ticket before I could act further on it.
- In Bugzillas that block on FE-Legal, the legal issue or problem is often not clearly framed. Itâs often more like âI feel there may be a legal problem hereâ. That makes it difficult if not impossible for âFedora Legalâ or the Red Hat legal team to take any action on them.
- I have notified Jilayne and John Whetzel (Red Hatâs new-ish patent lawyer) of Nealâs disposition of RHBZ #1942132. I have no opinion on that but if anyone can lift FE-Legal then I am not sure why we speak of it being âofficially liftedâ in Fedora Legal Resources :: Fedora Docs and maybe we should just remove that from the Fedora legal documentation.
@ref I spoke to @amoloney about this (in her role as Fedora Operations Architect) â letâs schedule a meeting sometime soon to figure this out.
I think @ngompa. has some valid requirements, but they might not be as achievable as we would all like and/or hope. An SLA (Service Level Agreement) is probably too high a bar to meet on ticket turnaround time, but an SLE (Service Level Expectation) should be within reach. Im happy to serve as a point of contact for those who file a âfedora legalâ ticket to reach out to and assist in tracking those requests so the requestor is kept informed of the tickets progress, and triage those tickets appropriately, in consultation with perhaps Richard, Jilayne and John where and when needed.
Iâm missing a wealth of context Im sure, so I look forward to learning more about this process and working with those who are and/or should be involved to come up with a proposal for a meaningful plan of action to address this obviously frustrating gap.
1 Like
(The issue with CC0 perhaps merits a separate breakout discussion. Iâm extremely surprised to see this license no longer accepted for software in Fedora, and I wonder about the scope of the consequences. Does it require removing a huge number of packages? Is there a very strong reason for this explained somewhere?)
This is very surprising.
Fedora Legal should probably at least respond and say this, rather than ignore the packagers?
Ideally only Fedora Legal would lift the FE-Legal tag, but we seem to have consensus that the intended process has completely broken down and can no longer be followed.
In this specific case, the intel-media-sdk package review is blocking hardware acceleration support for non-encumbered codecs. There is no clearly-framed legal concern and not even a hint that there may be a legal problem; instead, it was tagged for legal review to be conservative because of the high-risk nature of packages that implement multimedia codecs. In theory the encumbered codecs are all disabled, so it doesnât even rise to the level of âI feel there may be a legal problem here.â It would certainly be prudent for Fedora Legal to review it to make sure there are no mistakes, because Red Hat has historically been especially concerned about multimedia codec risk, but review is not required if Red Hat does not wish to do so. In any case, this package is too important to block on any longer and removing the FE-Legal tag was reasonable.
Basically it looks like Fedora Legal has completely ghosted the packagers in this and many other scenarios. When Fedora Legal does not respond, Fedora packagers with no legal training who often do not even work for Red Hat wind up making IP risk decisions for Red Hat on their own. This wonât be the last time it happens.
Iâm sorry, but it really sounds like weâre talking about different things here? I donât have a problem with the decision to no longer consider CC0-1.0 to be an acceptable license for code.
The content in question was distributed by the upstream project under no specified license, which was why it was flagged as potentially being copyrighted. Explicitly licensing it as CC0-1.0 was only suggested by somebody else in the upstream project (not me!), and that never even happened - and the project was also informed that CC0-1.0 is no longer considered a good license for code.
So the current status of that project is the same as ~2 years ago - the project still distributes this content without any license terms attached to it. And thereâs not even consensus yet if those interface descriptions even count as âcodeâ or âcontentâ or whether they are copyrightable in the first place âŚ
This is why âCC0-1.0 is no longer considered an acceptable license for codeâ as a response on the BugZilla didnât make any sense to me, as it doesnât even apply to the status quo, and was not at all actionable - neither for me as the packager, nor for the upstream project.
Side note I guess but it may be worth acknowledging finally that there really is no such thing as âFedora Legalâ. Historically, âFedora Legalâ was a sort of moniker that Tom Callaway used, and it was mostly understood (I thought) to be distinct from âRed Hat Legalâ. I think we may have made a mistake in continuing to indulge in the use this term after he left Red Hat and ceased being involved in his historical Fedora Legal work. I believe we have since then used this term (sometimes itâs âthe Fedora Legal teamâ) to refer to an unnamed set of individuals who are sometimes me, sometimes me along with some other people, and sometimes people other than me.
OK, I donât remember everything that occurred but maybe I assumed that not every comment in a Bugzilla has to be actionable. I was probably trying to indicate that if they used CC0, that would be problematic given that we had reclassified CC0 as ânot allowedâ for code.
Yes, this was announced on legal@lists.fp.o and devel@lists.fp.o in July/August 2022 and was (somewhat to my surprise) covered quite a bit in the tech press. It does affect a large number of packages in theory but weâve been dealing with this through the formation of pragmatic exceptions to the rule. The notion of exceptions to general Fedora license policy was something that hadnât really existed prior to last year.
Originally, it referred to âFedora Extrasâ legal evaluation, which was apparently quite necessary in the beginning as Red Hat Linux and Fedora Linux[1] projects merged into the Fedora Project containing Fedora Core (RHL) and Fedora Extras (the old Fedora Linux project).
This is by design. It has been distinct from âRed Hat Legalâ because that function was managed by Tom Callaway because Red Hat Legal didnât want to staff it or care about it, as I recall[2].
The original one was not a Linux distribution, confusingly enough⌠âŠď¸
He gave a talk about this at FOSDEM 2017, which was quite fascinating overall âŠď¸
I guess it doesnât matter at this point, but this is not accurate. The Red Hat Legal team supported the creation of an official Fedora-Legal sort of role, corresponding to the de facto role created historically by spot (maybe youâre talking about really ancient history, though). Given budget constraints it was not feasible for such a role to exist within the legal team but we tried unsuccessfully to get Red Hat Engineering and the Red Hat OSPO to fund the role.
This is way off the core topic, but originally, I was approached by the Fedora leadership and asked to work to address the outstanding legal challenges that were not being dealt with. I went to Red Hatâs Legal team at the time, who provided feedback initially, then expressed that they did not have the staff nor the time to work to address âcommon and obviousâ issues. They then empowered me to make those decisions, and I escalated to the Red Hat Legal team for things that were not âcommon and obviousâ.
Later, Red Hat did investigate making this âaddress Fedora Legal issuesâ work into a full-time role, but decided not to do so.
2 Likes