On Tue, 2006-12-05 at 12:24 -0700, Stephen John Smoogen wrote: > > Ok then I would say the first thing that needs to be done is a > > document that goes over how a license audit is done. Nothing fancy, > > but a list of > > > > A) Download src package > > B) Look at spec file > > C) Look at sourcecode and make sure license is listed in it. > > D) Look for any dubious licensed code (say file A says its under MIT > > and file B says its under Apache and file C says its MyLicense 1.5). > > Use the following egrep expressions to help in doing this: > > E) Write up a summary of package viewpoints, and send to XYZ for confirmation. > > F) Upon getting confirmation, and if you have more questions send to > > joe_foo@xxxxxxx > > G) Profit. Its more of a process of: A) Download SRPM B) rpm -ivh foo.src.rpm C) rpmbuild -bp path/to/foo.spec D) Note License in foo.spec E) Manually look through all source code in BUILD/foo F) Note actual licensing where it differs from License G) Ensure that license(s) is/are FSF or OSI approved H) If license(s) is/are approved individually, go to H2. Otherwise, go to I. H2) If licenses > 1, ensure they're compatible. If not, flag package in violation. I) If license(s) is not approved: I2) Is the license explicitly marked as bad by FSF, if not goto I3. I3) Ask FSF to review license. > Sorry I hit send versus "Save Now". The reason for this is to try and > make sure you are not the sole blocking point on it in case you get an > offer to buy Aurora Linux for Googlebucks from you... or the snow in > Illinois traps you in an iceblock for 10,000 years. > > You may still be the person that reviews the finished package > viewpoints and sends them to legal etc.. but it makes sure that if you > cash out, the job can be done by someone else. In the unlikely future where I cash out on Linux/SPARC, hopefully the above is a good start. ~spot _______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board _______________________________________________ fedora-advisory-board-readonly mailing list fedora-advisory-board-readonly@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board-readonly
