Bug 1713604

 - Not needed:

rm -rf %{buildroot}

>The tests in the package require a X server. Is this possible during a rpmbuild? Is it useful to run these tests?

You could try running them with xvfb-run, not sure it will work.

> The source files related to the ONVIF protocol may be distributed, but not modified. Is this allowed in the source package? Does this need to be stated in the spec file? Does this change the license of the binary (and with that the License field)?

I'm not sure, asking FE-Legal opinion on this

Ugh, this is complicated. I'm going to have to discuss this internally. Please hold on doing anything with this package for the time being.

Can I do anything for this or do I just have to wait?

I sent a mail to Legal to see if they can give a definitive opinion.

> * The source files related to the ONVIF protocol may be distributed, but not modified. 

Can you clarify which files you're talking about? Looking through the GitLab repo, I only see GPL and CC 0 licenses in use.

It is about the files in 3rdparty/wsdl directory. These files are come from different domains/companies and therefore they have different licenses, but in my non-legal view they are similar. I could compile a list of these licenses if that is useful. Following is an example of these licenses from 3rdparty/wsdl/www.onvif.org/ver10/device/wsdl/devicemgmt.wsdl:

> Copyright (c) 2008-2017 by ONVIF: Open Network Video Interface Forum. All rights reserved.
> 
> Recipients of this document may copy, distribute, publish, or display this document so long as this copyright notice, license and disclaimer are retained with all copies of the document. No license is granted to modify this document.
> 
> THIS DOCUMENT IS PROVIDED "AS IS," AND THE CORPORATION AND ITS MEMBERS AND THEIR AFFILIATES, MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THIS DOCUMENT ARE SUITABLE FOR ANY PURPOSE; OR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
> IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT, WHETHER OR NOT (1) THE CORPORATION, MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR (2) SUCH DAMAGES WERE REASONABLY FORESEEABLE, AND ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS DOCUMENT.  THE FOREGOING DISCLAIMER AND LIMITATION ON LIABILITY DO NOT APPLY TO, INVALIDATE, OR LIMIT REPRESENTATIONS AND WARRANTIES MADE BY THE MEMBERS AND THEIR RESPECTIVE AFFILIATES TO THE CORPORATION AND OTHER MEMBERS IN CERTAIN WRITTEN POLICIES OF THE CORPORATION.

Thanks! I'll follow up with Legal and see if I can figure out what the specific issue is.

"Open Source" licenses need the permission to modify the work and create derivative works.  That's why these types of licenses aren't considered "open source".

Just a thought...as you review the specific files and licenses, if these "non-open-source" licenses apply only to documents, could you simply remove the document files from the package?

(In reply to Bryan Sutula from comment #8)
> "Open Source" licenses need the permission to modify the work and create
> derivative works.  That's why these types of licenses aren't considered
> "open source".
> 
> Just a thought...as you review the specific files and licenses, if these
> "non-open-source" licenses apply only to documents, could you simply remove
> the document files from the package?

The WSDL files are used to generate code for parsing and creating ONVIF messages, so they can't be removed from the package.

>The issue here (at least the only one I'm aware of) was that the
>package contains WSDL files that are nominally under a license that
>does not meet Fedora's policy on acceptable licenses.
>
>The default conclusion here should be that the package is not
>acceptable for Fedora. However, if you or anyone else would like to
>provide an explanation of how these files are used in this package,
>that might support a different conclusion. I do not really have the
>bandwidth to look into this myself.
>
>Richard

>The WSDL files are used to generate code for parsing and creating ONVIF 
>messages, so they can't be removed from the package.

Does the WSDL files end up up in the binary package or are they only needed at build time? Try to answer Richard's message on the legal ML.

(In reply to Robert-André Mauchin 🐧 from comment #10) 
> Does the WSDL files end up up in the binary package or are they only needed
> at build time? Try to answer Richard's message on the legal ML.

The WSDL files are the interface specification and they are only used for the RPC interface to the ONVIF camera. This information is required to implement the ONVIF protocol correctly. The function names and structures in the WSDL will be used to generate RPC interface code. The WSDL files itself is not included in the binary, but they are used to generate code that is going into the binary.

This is an automatic check from review-stats script.

This review request ticket hasn't been updated for some time. We're sorry
it is taking so long. If you're still interested in packaging this software
into Fedora repositories, please respond to this comment clearing the
NEEDINFO flag.

You may want to update the specfile and the src.rpm to the latest version
available and to propose a review swap on Fedora devel mailing list to increase
chances to have your package reviewed. If this is your first package and you
need a sponsor, you may want to post some informal reviews. Read more at
https://fedoraproject.org/wiki/How_to_get_sponsored_into_the_packager_group.

Without any reply, this request will shortly be considered abandoned
and will be closed.
Thank you for your patience.

I assume that legal couldn't clear this issue. I will focus on Flathub packaging instead.