On Fri, 24 Jul 2020, Jason Tibbitts wrote:
Are any of the following acceptable? 1) Trust the packager to do a license review, with no reviewer verification.
Definitely need a second opinion IMHO (IANAL).
2) Trust the output of an automated tool which attempts to detect project licenses (such as askalono).
My understanding is that such tools are pretty accurate when a license is positively identified, and this can be a reasonable 2nd opinion. When the tool fails to find or confirm a license, then manual search may be required.
3) Trust the license tag from a project hosting service such as github? (I understand that the answer may depend on the hosting service.)
Ask a real lawyer. I would be inclined to not trust the service, but it might count as "due diligence". _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
