On Sat, Jan 16, 2010 at 2:46 PM, Tom "spot" Callaway <tcallawa@xxxxxxxxxx> wrote: > On 01/16/2010 05:37 PM, Jason L Tibbitts III wrote: >> I figured I'd start with this list and broaden to devel@ if people think >> it's a good idea. >> >> In doing (very) many package reviews, I've found one of the most >> time-consuming things to be doing a proper license review. Even >> something simple with, say, an LGPLv2+ notice can get complicated when a >> single GPLv2 file sneaks in. It's complicated enough that I suspect in >> many cases license review just isn't being done. Plus the complexities >> of licensing coupled with the complexities of our packaging guidelines >> really poses a high barrier for anyone wanting to do proper license >> reviews. >> >> So I'm proposing that we separate the roles of the package reviewer from >> the license reviewer, allowing someone who wants to concentrate on >> licensing do participate in the review process without having to deal >> with the complexities of the packaging guidelines (or even building the >> software). This isn't intended to preclude someone from taking a new >> request and doing both packaging and licensing review, but simply to >> allow folks to go through the existing reviews and indicate that they've >> been checked for licensing issues so that someone could later go through >> and review the packaging without having to struggle over the licensing. >> >> I propose to handle this with a simple entry in the whiteboard and a >> comment by the reviewer. I can add a report under >> http://fedoraproject.org/PackageReviewStatus listing tickets which need >> license review, and am prepared to write a utility to facilitate things >> as much as possible. When a license question comes up, FE-Legal would >> be blocked just as it is now. (Apologies to spot.) I would ask for >> help from others to document the license review process as much as >> possible. >> >> I think in the end that with a dedicated team of folks doing license >> checks, we can get the review process moving a bit quicker and cut down >> on incidences of unwanted things leaking into the distro that have to be >> cleaned up later. > > Seems reasonable. We might be able to do a FAD to train some people on > looking at licenses to jump start this process. > > We might also consider deploying something like FOSSology (which I've > had on my todo list for ages). Not as a replacement for this, but as an > additional helper tool. > > http://fossology.org/ Something like fossology seems like it would save everyone involved a ton of time and pain; frankly, potentially enough that it would remove most of the objections Jason has highlighted. Luis _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/legal
