Re: New package license review proposal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 16, 2010 at 2:46 PM, Tom "spot" Callaway
<tcallawa@xxxxxxxxxx> wrote:
> On 01/16/2010 05:37 PM, Jason L Tibbitts III wrote:
>> I figured I'd start with this list and broaden to devel@ if people think
>> it's a good idea.
>>
>> In doing (very) many package reviews, I've found one of the most
>> time-consuming things to be doing a proper license review.  Even
>> something simple with, say, an LGPLv2+ notice can get complicated when a
>> single GPLv2 file sneaks in.  It's complicated enough that I suspect in
>> many cases license review just isn't being done.  Plus the complexities
>> of licensing coupled with the complexities of our packaging guidelines
>> really poses a high barrier for anyone wanting to do proper license
>> reviews.
>>
>> So I'm proposing that we separate the roles of the package reviewer from
>> the license reviewer, allowing someone who wants to concentrate on
>> licensing do participate in the review process without having to deal
>> with the complexities of the packaging guidelines (or even building the
>> software).  This isn't intended to preclude someone from taking a new
>> request and doing both packaging and licensing review, but simply to
>> allow folks to go through the existing reviews and indicate that they've
>> been checked for licensing issues so that someone could later go through
>> and review the packaging without having to struggle over the licensing.
>>
>> I propose to handle this with a simple entry in the whiteboard and a
>> comment by the reviewer.  I can add a report under
>> http://fedoraproject.org/PackageReviewStatus listing tickets which need
>> license review, and am prepared to write a utility to facilitate things
>> as much as possible.  When a license question comes up, FE-Legal would
>> be blocked just as it is now.  (Apologies to spot.)  I would ask for
>> help from others to document the license review process as much as
>> possible.
>>
>> I think in the end that with a dedicated team of folks doing license
>> checks, we can get the review process moving a bit quicker and cut down
>> on incidences of unwanted things leaking into the distro that have to be
>> cleaned up later.
>
> Seems reasonable. We might be able to do a FAD to train some people on
> looking at licenses to jump start this process.
>
> We might also consider deploying something like FOSSology (which I've
> had on my todo list for ages). Not as a replacement for this, but as an
> additional helper tool.
>
> http://fossology.org/

Something like fossology seems like it would save everyone involved a
ton of time and pain; frankly, potentially enough that it would remove
most of the objections Jason has highlighted.

Luis
_______________________________________________
legal mailing list
legal@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/legal


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux