Re: Determining minimum package review requirements relating to licenses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday, 24 July 2020 14:40:15 CEST Stuart D Gathman wrote:
> On Fri, 24 Jul 2020, Jason Tibbitts wrote:
> 
> 
> > Are any of the following acceptable?
> >
> >
> >
> > 1) Trust the packager to do a license review, with no reviewer
> > 
> >   verification.
> 
> 
> Definitely need a second opinion IMHO (IANAL).
> 
> 
> > 2) Trust the output of an automated tool which attempts to detect
> > 
> >   project licenses (such as askalono).
> 
> 
> My understanding is that such tools are pretty accurate when a license
> is positively identified, and this can be a reasonable 2nd opinion.
> When the tool fails to find or confirm a license, then manual search may be
> required.
> 
> 
> > 3) Trust the license tag from a project hosting service such as github?
> > 
> >   (I understand that the answer may depend on the hosting service.)
> 
> 
> Ask a real lawyer.  I would be inclined to not trust the service, but
> it might count as "due diligence".

I want to precise that the tool used (askalono) does not work with Github 
"license field" but works by analysing all the files and look for licence 
texts and SPDX tag.



_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux