From Fedora Project Wiki

What should be in the License: tag in Fedora packages brings up a lot of confusion. This FAQ is meant to help answer some of hte questions that arise over and over again.

  • Does the License: tag cover the SRPM or the binary RPM?
  • When a binary RPM is created from sources with different licenses do we list all of the source licenses that went into that binary RPM or do some licenses trump others?
    • Example: foo.c is licensed GPLv2+, bar.c is licensed MIT. They're compiled together into /usr/bin/foobar. Is the License: tag that ships %{_bindir}/foobar "GPLv2+" or "GPLv2+ and MIT"?
  • Does it make a difference whether what is shipped is usable as a single file or as multiple files?
    • Example: A static elf library composed of some files which were licensed under the GPLv2+ and others which were licensed under the "MIT" license. The static library is a single file but a program using functions from the library could end up only using MIt or only using GPLv2+ functions.
    • Example: A python module that contains a module foo/gpl.py that is GPLv2+ and foo/mit.py that is licensed MIT. The two files exist in the same python package but they don't depend on each other. A script could import foo.gpl without import foo.mit and vice-versa. Does the License: tag contain "GPLv2+", "GPLv2+ and MIT" or something else?
  • Does the License: tag anticipate things that the binary RPM links against/deps against?
    • Simple example: the rpm contains a program which is licensed GPLv2+. It links against a library that's licensed Apache. Does the License: tag contain "GPLv2+" or "GPLv3+"?
    • More complex example: the rpm contains a program that is licensed MIT. If libreadline (GPLv2+) is installed, it will be used to enhance the experience but if it isn't installed, the program will still run. Should the License: be "MIT", "GPLv2+", or something else?
  • OpenSSL is generally considered incompatible with GPL because of the advertising clause however, the "system library" clause of the GPL may provide a way out. What is Fedora's position on compatibility of OpenSSL with GPLv2 and GPLv3?