 get back on schedule a little bit here. I'm going to go ahead and get started so whenever you're ready. This is a presentation that I gave in about 12 minutes at FOSDA. They gave me 15 minutes to give this presentation, so I went super fast through it, and at the end of it I had questions. The only question I got was, how do you talk that fast? So I'm going to slow it down a little bit, and talk about sort of the past, present, and future of Fedora from a legal perspective, and maybe explain a little bit why whenever you see me I'm drinking. So, every good talk about legal is required to have a disclaimer, and mine is no different. So, I'm not a lawyer. I've worked with lawyers, but I am not one. Nothing in this presentation written or spoken should be considered legal advice. There we go, we got the hard part out of the way. I have worked for a half or 16 years, and I am occasionally allowed to speak on behalf of my employer. However, nothing in this presentation, nor this video recording, reflects Red Hat's opinion, stances, or favorite ice cream flavors. Basically, Red Hat didn't authorize me to say any of this at all, and if you take any of this as gospel, or put it into a press release, or you know, even on Hacker News or whatever, then that's on you, not on me. I'm just claiming it all. Alright, now let's talk about the past. Let's all step back into my legal TARDIS and visit the long, long ago time when dinosaurs ruled the earth. Now, once upon a time when dinosaurs ruled the earth, there was a thing called Red Hat Lennox, and it was good, and this is in Czech, which makes it better, but it was good, and people were happy, and people used it, and they said we love the Red Hat Lennox, but could you just add this one package to it that I found? It would be really great if you just add this one thing, and most of the time it was Q-mail, and we laughed at them, but sometimes it was actually something that we wanted to put in, and we said okay, you know, well maybe we'll give you a space to put these things. We made this thing called Contrib, and we said hey, you can upload your RPMs, whatever you want into that directory, and that would be good, and people can come and get it. And then at one point we looked in the Contrib directory, and there was like, you know, one of those man-eating plants in the corner, and it was like, hey, man, and we're like, what the, what did you put in the Contrib directory? You animals, what have you done, you know? There was like, you know, pieces of a broken car, there were a couple of packages, the man-eating plant, Cthulhu was in there somewhere, and we said, you know, this is not how we build the Lennox. We go into our nice fancy house, and we build the Lennox, and we do it properly, and we do it restrictively, and we put a fence around it so nobody can mess around. We don't want your man-eating plants in your car parts and your garbage in our house. Red Hat Lennox is perfect just as it is, and we don't need any of your add-ons and none of that nonsense. And then some of these people, I don't know who these people are, I've never seen any of them before, they, they said, you know what, we really would love an opportunity to not have it be just done inside the house, to really take this vision of what Fedora could be, and have more input into that process, and so Red Hat was like, all right, fine, I guess. If you guys aren't going to trash it up, like you trashed up Contrib, we'll let you do it. And this is how Fedora was born. So Red Hat kind of led it out there, led a community form around it, let people start doing what they wanted to do, to shape what they wanted to do in Fedora, and they're like, you know, this is going to be great, it's going to be beautiful. And then it came out, Fedora Core 1 looked kind of like that. But, but we had faith that someday it would look like this. But right now, Fedora Core 1, it looks like this. And, and we went back to these people, and we're like, okay, well, you know, we're going to need some community to actually really get involved with this and help us solve a lot of the problems that are making this spiky ugly thing, so it turns into a butterfly. And then somebody, this is lost at the midst of time, nobody quite knows who did this, could have been Mark Webbing, it could have been Cthulhu, we're not sure. Said, you know, there's a lot of stuff that we're not sure if it's okay to go into Fedora or not. So what we're going to do is we're going to let these people put these items into Bugzilla, and we're going to tag them all FE legal. So that anything that goes tagged there, somebody will go through and look at this and the answer to the question, is this okay to go into Fedora or not? Because before, when it was the house, it was Red Hat, and Red Hat knew all the answers to these things, we could just go to the lawyer and say, is this okay? And the lawyer would say get out of my office and we would assume it wasn't okay. And, but now we're community driven, and we have to have a place for the community to drive these sorts of things. And so they created FE legal. But unfortunately, what no one realized until about Fedora Core 3, was that no one was looking at FE legal. It was a giant black hole. People were just throwing issues at Bugzilla, tagging them as FE legal. And they were just sitting there assuming that someone was going to look at them, but no one was looking at them. The lawyer sure as heck weren't looking at them, the lawyers really knew what Bugzilla is. I think Bugzilla, my kill bug was much less be addressed for them. So, you know, Max Speevac came to me and he said, hey, spot, you seem kind of smart, which I have since learned ends badly for me, no matter what it fenders with. But, and he was like, would you help us clear out this bug tree, all these bugs that are filed against FE legal. And I was like, I'm not a lawyer. He's like, yeah, but you seem really smart. I bet you can figure this out. So I was like, all right, fine, I'll figure it out. So I went to the Red Hat legal team, and they were like, what? And I was like, we have a whole bunch of bugs that are filed. People want to know if these things are okay or not. And they're like, we have time for any of that. Community figure it out. And it was like, how are they supposed to know how to answer these questions? They're not lawyers. They're like, look, you know, all you need to do is figure out a basic framework will teach you what's okay and what's not okay. And then you can apply these rules to the thing. And I was like, okay, what are the rules? Like, well, you should figure that out. And it was like, so you want me to apply rules to the packages to determine what can go in and what can't. And you're not going to give me any guidance on this. So like, no, but when you come when you figure out the rules, you come bring into us we'll tell you whether they're good or bad. I was like, all right, fine, fine, fine. All right, I will, I will make some rules. I will carve them on the wall of the fedora tree house, they will be henceforth the rules for legal what is okay, what is not. All right, first rule needs to be free software seem pretty common sense to me that we wanted to be a free software distribution. We didn't want any random weird garbage trash licenses. I was looking at contrib and thinking a lot of this stuff is in here because it's badly licensed. It's not under a license that anyone understands. It has weird clauses about walking your dog under the full moon. And, and that should be sensible enough. So it's like, all right, done. That's my rule needs to be free software. It's not gonna go in. And then we thought about this a little bit. And we realized that people like being able to get on the internet with their fedora. And if all we have is free software, then we don't have any wireless drivers at all. And that's a, it could be a good thing in some cases, but in most cases, people actually want to be able to get on the internet. So we're like, all right, what we do want people to be able to use their wireless drivers. So here's the first exception to the rule is that we need firmware to make free software work. So firmware that empowers free software is okay. We don't like it. We rather have the source code for it. But since that's never, ever going to happen, we're just going to deal with it. And then I thought, well, there's got to be some other rules that we want in there. And then I said, well, you know, we probably, probably should be something that Red Hat can actually distribute. We don't want to be like, pirating software through Red Hat. That seems like a bad plan, since we're all free software advocates on this. And you know, Red Hat is a company and we could get sued if we did something really naughty. And most importantly, Red Hat is an American company. Wait, that's not the right picture for this slide. Red Hat is an American that know that that was the right picture at Fosden. Red Hat is an American company. And there are things that have impact our ability to do certain things like we have to make sure we don't break federal law, we don't break export law, we don't break any international treaties. We don't actually go to war because it's something we distributed. And so compliant with US laws, it's important. And so we have that as an additional rule. Now, I took this to the legal team and I said, well, what do you think about this? And this is kind of the face that they made back at me. This is Chris Blizzard, by the way, a longtime Red Hat or former Fedora. And so he's cool with me using his face in an angry way. And they were like, and they thought about it for a really long time. And they came back and they were like, none of this has anything to do with like specifics of licenses. And I was like, well, yeah, most of the stuff is pretty straightforward, like GPL, BSD, MIT, we've got that covered. It's all these weird corner cases. And they were like, okay, so here's what we're going to do is we're going to let you bring all the weird corner cases to us one at a time. And we'll classify them as we go and we'll add to the list of rules. So we start with this list of rules and it worked pretty good for about 10 minutes. And then someone pointed out, hey, patents might be a problem. Should we be concerned about patents? And I went to the lawyers and I was like, should we be concerned about patents? And they were like, add it to the rule list. So now we've got does not infringe known US patents. And I asked the lawyer, I said, how should I know if something infringes a patent? And they said, you shouldn't. And I'm like, well, then how am I supposed to tell people whether something infringes a known patent? And they're like, well, if it's known, then it's known. And I'm like, so should I search for patents? And they're like, no. And I was like, so when does it cross the line from being known by me? And they're like, well, if somebody would know about it. And I'm like, like, like how like, like in the middle of the night, the ghost of Christmas past comes and goes, patent number US 277. And they were like, no, like if somebody goes running around screaming, there's patents on this, there's patents on this, there's patents on this. And it was like, did people do that? And then they were like, oh, while you're in here, we have a problem with some of the stuff that we found in Contra because you just told us that existed and we're really concerned about it. And I was like, you know, we don't use that anymore. Like, yeah, but we really have a problem with all the fan stuff. And what do you mean fan stuff? And they were like, well, you know, the fan stuff that like the community is built. And I'm like, you mean all of Fedora? And I'm like, no, no, no, no, no, no, no. Like the stuff that's like red hat font and like red hat this and red hat that isn't fringing our trademark. We really aren't cool with that. And I was like, well, can we still call it Fedora? And they're like, yeah, that's cool. And I was like, all right, great. Respect for my hat trademarks. And then they were like, well, you know, maybe it should be more broad than that. And I was like, what do you mean? They're like, well, the law doesn't require that it would be a nice thing if we respected other people's trademarks too. And I was like, okay, cool. All right. Respects all trademarks. So these are the rules. And we set this down. And then they were like, okay, great. And then so I started looking at the broader problem space, we've got our baseline rules for what is okay for Fedora. Obviously, there are millions of exceptions that don't fall into this. But this is a good guidance that if I put this up and say this is what goes in and what doesn't, people will generally understand it. And then I started looking at the packages that we'd inherited from Red Hat. And people were just kind of writing whatever they felt like in the license field. Like if you've ever looked at a packaging spec and you've ever looked at the group field, like some of the packages that Red Hat made had sensible, consistent text in that string. I mean, there's lots of people that just wrote stuff like whatever, or required, that was my favorite group field required required type it in there. But but in the license field, it was sort of ad hoc, like people would write things like distributable. Distributable is my favorite. What does it mean? I don't know it's distributable. Okay, license okay. Or license in package was a fun one. You know, or, or they would be outright honest and were right proprietary in that field. And I was like, oh, that's, that's, that should not be in Fedora. I don't know how that ended up here. So I said, okay, well, what we got to do is we got to standardize on a set of names for the licensing in the packages. So it's consistent. So somebody randomly picks up a package, they have a good idea of what the licensing inside of a package is. This should be an easy problem to solve. No, I start pulling packages apart and discovering that people would, in good faith, mark something as BSD or X for 86 or MIT or any other number of roughly equivalent naming strings. And when I would start pulling it apart, I would discover that there's a lot of other licenses that are in play in here. Sometimes they were compatible. Sometimes they weren't, which made me walk back down to the lawyers and say, hey, what is a license compatible with another license? And then they threw things at me till I left. And what I eventually learned was is no one knows the answer to that question. No one knows whether one license is compatible with another license, other than in cases of like obvious incompatibility, like the Cuddle license, which was written to be explicitly incompatible with GPL. And then some went and interviewed the people and public and had them say, yes, we wrote this explicitly to be incompatible with the GPL. There's no ambiguity about that license whatsoever. But other licenses are less clear. Is this license compatible with that license? Maybe, depends on which lawyer you ask. And then you have guidance from like the Free Software Foundation who will tell you which licenses are compatible with the GPL or not. And they know because they wrote the GPL and they're just smart like that, I guess. But we trust them because they're lawyers, except they're not. But so we started tracking all these licenses. We just started making a list. I just sort of said, oh, okay, I'll just write down every time I find a new licenses. 350 licenses later, we had the longest licensing list of any community in free and open source. We know about more licenses than anyone does. Still, consistently, we know more about licenses than anybody else does. And I just started putting them in a wiki and giving them a unique name. And then every time I saw that again, I just appended that unique name and came up with a basic machine participle syntax for putting in the license field, because that's just a texturing. We should be able to parse that with a machine. And what we discovered is there are 16 BSD variants and 34 variants of the MIT. They're basically all saying the same thing. They just have slight bits of rewording where someone thought one word sounded more authoritative than another, or one legal lawyer changed off the boilerplate for the warranty disclaimer with theirs. It doesn't change that licenses impact or effect on the file, but as far as lawyers concerned, those are different licenses. So now we know what the licenses are in Fedora. And I spent several major Fedora releases going through and auditing every single one of the packages that we had in Fedora and making sure that the licenses were correct on those files and they reflected the sources within them, ficting the obvious glaring points and then getting them through. I slipped a couple of releases to get that fixed. I'm sorry, that was on me, my bad. But we're now in a state today where Fedora is generally correct with the license information in the packages. So it was worth the effort. It was worth the process. And then I got to thinking, well, people give stuff to Fedora. Like, we're not the Linux kernel. We're not taking a ton of code, but we're getting copyright of a word sent to us. We should figure out what to do. And then I went to ask the legal team and I said, well, what should we do in those cases? They're like, no, that's covered. We have a CLA. Now, if you don't know what a CLA is, a CLA is it could stand for contributor license agreement, it could stand for copyright license assignment, it could stand for any of those things, which makes it in its own acronym way confusing. And it was written for lawyers, by lawyers. And so it's written in legalese, which is not English, despite it having words that sort of shape like English. And when I asked two different lawyers on the legal team to tell me what it meant, neither of whom had written the original document because the lawyer who wrote the original document was gone by this point. They both gave me different interpretations of what it meant. And it was at that point that I realized we probably couldn't expect any normal humans to be able to understand what this means either. And I could write a long explanation of what I thought it meant, but it would be better if we had something that people understood. Also, it looked like a copyright assignment agreement. And you could interpret it that way. And it wasn't really Red Hat's intent for it ever to be a copyright assignment agreement, but if you read it in the right light, it looks like that. And as a result, we had a lot of companies that wanted to participate in Fedora that were like, we can't sign this thing, we don't know what it means. So, worked with one of the lawyers at Red Hat, Richard Fontana, to come up with a new text that was written in legalese, but was in the sort of legalese that has the rough equivalency in English, so you can write a short little simple diagram, has minimal boiler plate, just says these are the simplified terms that apply if you contribute something to us. And the goal that we set for the lawyer, because when you're working with the lawyer, you always want to remember to set a goal for them so that they know exactly what they're trying to work towards. And the goal that we set was, we want to make it so that when people give us something, it's under a default free license unless they specify a different license. So if you want to give us something under a different license, you can. And if we like that license, we'll take it. But most of the people who were doing contributions weren't bothering to put a license on it, it was just coming in. And so we wanted to have a default license that was permissive, that was accessible for everybody to use, was sort of universally compatible. And that was when we created the FPCA. Some of you have been here a while might remember when we switched the click through model from the old CLA to the FPCA, you clicked it, you accepted that and all of a sudden anything you gave us from here until eternity was under one of these default licenses unless you specified other. To date, two people that I know of have made contributions with a specified license. The rest of you have been using the default license that we set up. So I figured that means you take a good idea. Now, I kept tackling all these other side projects and working with other communities to help them understand why we weren't letting their stuff into Fedora. And as part of auditing all of the packages, we discovered lots of things inside Fedora that some other communities had known about for a really long time, but had never tried to fix. A big one was there was a big chunk of code in Xorg that was under what was known as the SGI freebie license. And the freebie license was very clearly not open sourced and not free. Like everybody looked at it was an agreement that it was not okay. But X really needed that code. And it would be nice if we didn't hurt back to a pre 3D rendering state for X. So basically everyone just kept using this code. And because SGI was unlikely to manage to find its, you know, its socks in the morning much less soot anybody. Everybody figured it was kind of safe. We all just kept being in blatant violation of this license that it was all good. But we really did want to get this fixed because it was important not to just let, you know, garbage into Fedora. And so much discussions with the upstream, we finally managed to convince them that it was in their best interest. We would do a nice press release to thank them for it to get this relicensing done. And so we finally got the SGI freebie license relicenced to an open source license. Thankfully they had an or later clause in their original license. So all we had to do is release version 1.1 of the freebie license, which said this is now MIT and all the problems went away. And then we started looking at Java code because we went and bought a Java company and all of a sudden people wanted to put a whole bunch more Java than ever before into Fedora. And we started looking at some of the fun stuff that Sun had done. And Sun had a clause in their license that said it's a little longer than I'm simplifying it here, but it basically said that you couldn't use it in a nuclear submarine. Now, why do you want to run Java on a nuclear submarine? It's beyond me to be honest. But there was a clause there and that's a use restriction and that makes it not open to the stars. And so we spent a lot of time talking to Sun and then Oracle about dropping the nuclear clause for most of the things. And Sun finally went through and said, look, you will just stop emailing us. We will do this. And so they dropped the nuclear submarine clause from all their licenses, which made it all nice and open sourcing free. And then there was the artistic case, the train software case where they went and lost it in court over the fact that the judge interpreted the artistic as a contract not a license, which was later overturned on appeal because he was very, very wrong. But at that time we decided you know what, the artistic one license is kind of a crap license. I mean, all respect to Larry, his intent is clear, his wording was poorly chosen. And there were other people that had redone the artistic license in several ways. You had the artistic license improved, I think is one of the wording variants that's out there and then the artistic two license that was out there. Again, same intent, just better wording to close all the holes in it and make it clear. Nobody really needed to be using the artistic one license anymore. So we took the step in Fedora to say, okay, we're going to go through everything that we have Pearl artistic one in Fedora, and we're going to drop all the ones we can't get them to re-license. And so I spent a lot of time emailing various upstream maintainers who said things like you're still using our code. I stopped thinking about that 10 years ago. And convincing and also no, I still want to re-license it. Yes, we had we had about five people who refused to re-license their code, which we were carrying in Fedora and we dropped it. Nobody noticed, which is a good thing. But and then most people were just like, oh, yeah, sure, same license as Pearl is fine. And they would let us add that license, which is Pearl's license is GPL or artistic. So you can choose and we never choose the bad license. So we got all the Pearl modules cleaned up. And we as a byproduct, we cleaned up all of CPAN. And what I've been told by some folks that are still active in the Pearl space is that there's almost nothing artistic only in CPAN as a result of that effort and those other upstreams sort of noticed that we were pushing that and abandoned it, whether they got in the Fedora or not. And then I looked at the TechLive, which was a very bad idea in retrospect, but and then started to work to up identify and remove all the non free components. They had quite a bit of stuff that was not free and not open source inside TechLive. And at first they were like, no, that's open source. That's fine. And I was like, you have an entire category in your distribution where you tag things as other. You know exactly what's in here. What's not okay. It's not like I'm telling you things you're surprised about. You just don't want to clean out your craft. And they were like, maybe. But they did. And they finally have gone through and cleaned out all their craft. And we haven't there's nothing not really left in TechLive anymore. There's stuff that is unholy and disgusting, but but but not non free. Now, I also worked with a lot of smaller projects to help resolve the licensing issues so that they were free software, they would come to us and they'd be like, look, we'd love to get in the fedora someday. And we don't understand, you know, what whether we can do this or not. And we basically say stop writing your own license, which is the best advice I give most upstreams is to stop writing your own license. But we also worked with a lot of font upstreams font authors don't really understand copyrights or anything other than making awesome fonts. And so we've worked with a lot of them to get their licenses that we could ship in fedora because we help them to understand that it is really cool to have lots of people use your fonts and not just have them be on a page that no one ever touches or does. And I was it was I was pretty honest with a lot of the font developers look, people are going to pirate your fonts if they're awesome, wouldn't you rather have them be free and open so that people might send you bug fixes rather than just outright pirate them. And that was a convincing argument for a lot of font developers. We also took all the fedora trademarks and got them in just one package. So it was really easy to rebrand fedora. That was something a lot of people wanted to be able to do to fork the whole fedora distribution. And so I said, fine, we'll just shove everything in one package. And so if you want a fedora logo in your thing, great, just live in that one package, you can depend on it. And so that actually helped to make, you know, the rally rebranding is possible much later. Although that was never my intent. I really didn't want to help any of you awful people. I'm just kidding. But so that brings us to the present. So let's talk about some of the legal issues that we've addressed recently. So let's let's talk about cryptography for a little bit. Cryptography is the art of attempting to keep people out of your stuff. So we've got some locks. Now a big thing in the modern era once people discovered that old school cryptography was terribly insecure and really easy to break into was to get all this ECC stuff enabled, ECC being a lifted curve cryptography. And so we worked very closely with the Red Hat legal team to figure out how we could get all this into Fedora. And it took, it took 10 years to get all the core curves into Fedora, get them cleared through legal because of the immense fud and patent noise around the space. And so today we have all the curves in NSA Suite B plus those additional curves that are there. So basically all the ECC curves that you care about for anything, we ship today. So we're in a much better state now than we were 10 years ago around ECC. So that's all cleaned up. That's all resolved. As far as I know, there's nobody who has a curve that they want to turn on, that we haven't turned on. Now let's talk about music. Yeah, everybody's groaning because we know this. But but MP3 has been a big thing. Like, you know, some people like to play MP3s. I don't, I don't know what that is. But you know, it's a it's a little little unknown music format that occasionally people support. But today in Fedora, we have full functionality on MP3. Good rins to naughty patents, I say. All of them have expired at this point and we can have a celebration. Ding dong, the MP3 patents are dead party later. This is due not so much to me, but really to Christian Scholar and the Red Hat known desktop team. We did a lot of solid work in the process as the patents were expiring, figuring out when we would be able to enable various aspects of the functionality decoding first, then full encoding. I think it was a little bit of a surprise when the consortium announced that anybody can use it now. It's all done because that almost never happens. They usually try and milk that out for a year or two after the patents have expired and just be like, yeah, you can keep paying this, it's cool. But we also have MP2 available as well. So if you're really interested in even more obscure formats then we can help you out with that. All right, let's talk about fonts. Now free type implements font rendering in most places anyway. I mean, if you're using like weird things that don't you use free type and do funky font rendering that's on you. The bytecode patents expired in 2010 which allowed us to do a lot of the stuff that used to be in the free type free world package in Fedora and get a significant improvement in font rendering. You can look at the before and after pictures and it's it's pretty scary. Now we're still dealing with clear type patents. Microsoft holds these patents and basically sum it up. They prevent LCD subfixable funsonality which means that you aren't still using a CRT for some reason and there's a significant functionality that can improve the rendering of your fonts. The last clear type patent that Microsoft holds that we know of being clear I don't go searching for patents. Expires in July of 2019. So if we're waiting for patents then it's going to be a couple more years but we're close. So the home stretches within reach. To do the pattern with the mining guy? It does. Near future, I hope. S3TC expires October 2nd. I have a calendar alert. I'm so thrilled when this goes off maybe like because because then we could put stuff like like we don't have any hacks for steam anymore and that'll be amazing. So so we're so close. Epic one video. We're close. We're close. Maybe MPEG 2 in 2018. Maybe. Maybe. G729 audio which is used by a lot of the worst over IP stuff is clear now. The patents have all gone away and the upstream basically did the same thing in MP3.7. They said, you know, we don't think any patents still apply on this and it's royalty free now as far as we're concerned. So we have the up clear to turn it on. I just need to make the commits. And now I'm going to do the far future. Welcome to the world. All right, XFAT. 2024. I hope you folks don't really want to use any USP keys that are pre-imagined anytime soon. Of course, unless the new Microsoft that loves open source provides a patent grant for VOS. Except on their website where they say they explicitly don't. H264 rough guess 2027. It's going to be a while. DVD playback. Yeah, I'm just kidding. That's not even patent encumbered. That's DMCA encumbered. We're going to have to get some real government change and, you know, to make that happen. And I don't see that happening. I can go back to the dumpster fire if you all want. SPDX. Now I have a session on SPDX tomorrow if you really want to go deep into this. But the high level is that SPDX is a standard that the Linux Foundation came up with to standardize how licensing are reported. And it's not it's what happens when lawyers and supply chain experts have a baby and you get SPDX and it's not necessarily a bad thing. It's just ugly. And I'm sorry. I love the work you do. You do great work. SPDX people Linux Foundation people. You know, I love you. You know, I respect you. Look in the camera. But it's not. It's not as simple as what we've put together in Fedora. It's going to involve a lot of work for us to do it. There's two aspects of SPDX. One is the license identifiers, which are actually pretty clean and pretty beautiful. They're a little different from what we use, but different is OK. This is the license identifier that the software installer in GNOME uses when you pull up an app data file. It tells you they are licensed in SPDX identifier, not Fedora identifier because it's not a Fedora thing. It's a much more independent thing. So it's more logical for them to adopt that standard. And the SPDX people have been working to add the licenses that we added the Fedora license list to their list. So they should map up. The biggest difference is that we take all the BSD and the MIT variants that are function identical and we call them BSD and MIT. Every single one of those has a unique SPDX identifier. So if we were to switch to that naming scheme entirely, we would have to go through and audit every single appearance of the BSD or MIT source file and determine which one of those variants it is and relabel with that name. It's not impossible, but I don't see people falling over themselves to volunteer for that task. So SPDX is a broader standard. It involves injecting XML on a per source file basis that tracks the license of every single source file in a package so that a package can check that out and look at this XML file and determine all the sources that went into it, and which is really good if you're trying to be extremely focused on your export control and shipping what you ship. And for a lot of proprietary companies to use open source, that's really important. For us in Fedora, we probably don't care about it at that level. Also, I really feel strongly that's where upstream should be delivering these files and not us. There is a potential for a liability concern. If we ship an incorrect SPDX file and claim that something is under a license, it's not at that level. And I'd much rather have that liability fall over on the upstream and have them say, this is what we think for licenses on these files. Would you like to know more? Tomorrow, as a PDX, we go deep. And that's that's sort of the legal state of affairs on this. I will happily take questions in a little bit of time I have left, but keep in mind that I reserve the right to answer no comment or I have no idea. Yes. So I know back to the elliptic curve thing. I know for a while there were some issues with the default standard library in Go having a larger list of elliptic curves identifiers than we supported. Has that been all fixed up? More we fixed that up. The go implementation. Now when we added that last curve, we were able to flip back to their default. We were having to flip it off the default and a lot of Go code was hard coding that default rather than just calling the default variable. So that's all fixed. We now have that implementation and there's no more go problems that I'm aware of with that. Awesome. Nick. Do you have any idea when the Apple AAC all I can say on AAC is that we're aware of it and that it's an ongoing process. Right. What would you suggest for other open source projects who are following this with interest? I think the obvious example for other open source projects that are following this with interest are don't write your own license. If you know patents are in the space, do your due diligence and disclose them and do your best to get a grant put on them so that people aren't aren't having to worry about the conflict between copyright and patents. Try to choose a license that matches the rest of your community space. If you choose a very interesting open source license that is incompatible with everyone else, then you're going to have a bad day. And just make sure that you have a history of who contributed what when so that if you ever have to re-license the path forward is obvious. It may not be simple, but it is better to have an obvious path forward than to be like people gave us stuff and we don't know who or when or how. And again, GitHub is sort of and GitHub have remedied a lot of that because you can see the history of who gave what when and determine who has copyright on the work. But it's still better to have that in some way. If you don't use source control, at least have a history of who contributed. Yes. I'm almost surprised that I'm over the issue. Have you ever experienced or heard about a case where political contributions for minors have become a problem? No, I think that there's established a case law that they can hold copyright on things. In the U.S. Because of granting a license, right? That you actually have the legal authority for that? So technically, the Fedora terms say that you have to be 13 to have an account. But we don't ever ask for anybody's age. So if anyone is under the age of 13, then they should inform me now. All right, good. Yeah, it gets a little complicated as to when minors can agree to contracts and licenses. And it probably is something that's not terribly binding, but it's never been an issue. So if we ever discovered that a very young child had given us a lot of stuff, we would probably go to the effort of reaching out to their parents to secure the permission to have copyright on the court. Yes. North Korea has something interesting. Will be the best way that we can contribute to that? That is that is an epic troll and I respect that. Yeah, no, our export regulations specifically say that we have never sent anything to North Korea and they will never send anything back. A couple of the MP3 patents because there were so many of them when I said alarms for them, they would just pop and I'd be like, oh, I don't have a day. But but but in general, I have a pretty good idea of what's coming up because I run into these on a regular enough basis, like S3TC. I know exactly when that's going to expire. So yes. The unified branding I think you mentioned, do you happen to be under the name of that? Fedora release and Fedora logos. Fedora logos. Yeah, that's what you look at. How much work was there was was the whole open H.264 thing we've got going and what are the chances of being able to use that kind of solution from other licensing things again? You know, you probably have a better answer to this one. But I think that that was sort of a unique situation where someone was able to use their existing licensing to come up with a very clever work around for a problem that they saw. And they I think that nobody involved with the impact distortion of our H.264 really doesn't want people to use MPEG 4 and H.264. I think it's just that the money is so good with the licensing for it that it took someone like a Cisco to be able to figure out a work around for that. It's possible that were there other equally popular technologies that it would be in another company's best interest to do a sort of work around. But I honestly can't think of a case off the top of my head where I think it would be likely to crop up. Let's think of it in a particular way. Yeah, and again, it's not something that I would say that we want to be like offering up to other people. But if it was H.264 support in the browser with HTML5 is just a really, really necessary piece to make it work. There aren't a whole lot of other cases like that. And I'm aware of it. H.E.B.0, the weird thing. They're just not as popular. So I have one last question and then I'm out of time. Who's my last question? One more. Somebody, anybody? Are we done? OK, we're done. Thank you all.