Consider updating license field

[andrewliebenow]

Consider changing ASL 2.0 here:

docker-ce-packaging/rpm/SPECS/docker-ce.spec

Line 10 in 22c4243

License: ASL 2.0

to Apache-2.0.

I'm not sure if Fedora is the source of truth in these matters, or if this would cause breakage downstream, but I think generally people are moving to SPDX.

https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ lists Apache-2.0 as the SPDX identifier and ASL 2.0 as a "Legacy Abbreviation" for Apache License 2.0.

[laurazard]

Thanks for pointing this out! I think that should be fine to do (@thaJeztah can correct me here if not) – if you want, feel free to open a PR correcting this.

[thaJeztah]

Not sure if there was a specific reason, no. I know these specs originate from the https://github.com/moby/moby repository all the way from 2015 (see moby/moby#12073 / moby/moby#12917 ), and probably were never updated since and newer specs copied from those.

The only possible reason would be if older distros didn't support these new values (RHEL tends to be on older versions of the RPM specs than Fedora), although I doubt any of the RPM tools validate this 🤔.

If we change, we should make sure that we do so for all the specs in this repo;
https://github.com/docker/docker-ce-packaging/tree/22c4243647f1fbe49d7bca48f2bbe00d90a3b68b/rpm/SPECS

And probably also update the spec we use for containerd (in the containerd-packaging repository);
https://github.com/docker/containerd-packaging/blob/9a0565bfadc6b5599c65771839ba9fa5440c885e/rpm/containerd.spec#L50

[thaJeztah]

Did a quick search for what I could find. The RedHat guidelines mentions this; https://github.com/redhat-developer/rpm-packaging-guide/blob/221d8a4f99765f13d0c184b16b809ba333a89bb3/source/packaging-software.adoc#L147

The License field is the associated with the source code from the upstream release. The exact format for how to label the License in your SPEC file will vary depending on which specific RPM based distribution guidelines you are following, we will use the notation standards in the Fedora License Guidelines for this document and as such this field will contain the text GPLv3+

Which is referring to the Fedora Licencing Guidelines, and from a quick look was added at least 7 Years ago.

The README on that repo also has a licensing section (but that applies to source files) recommending use of SPDX-License-Identifier:; https://github.com/redhat-developer/rpm-packaging-guide/tree/221d8a4f99765f13d0c184b16b809ba333a89bb3?tab=readme-ov-file#licensing

So based on the above I'm somewhat confident that SPDX identifiers should be OK.

[thaJeztah]

One thing we should also look into; I noticed that we add an explicit %license macro for the Compose plugin docs;

docker-ce-packaging/rpm/SPECS/docker-compose-plugin.spec

Lines 50 to 51 in e47d637

	%license docker-compose-plugin-docs/LICENSE
	%license docker-compose-plugin-docs/NOTICE

But we don't do this for other packages. It's possible that (given the standard naming used) this happens automatically, but perhaps we should look if additional things should be added.

[thaJeztah]

Opened PRs to update;

• [master] rpm: use SPDX identifier for License fields #1135
• [main] rpm: use SPDX identifier for License field containerd-packaging#403