On Friday, 24 July 2020 09:16:19 CEST Jason Tibbitts wrote: > One of the various reasons for having package reviews is having a human > verify that the packager's choice of License: tag is valid. The > Packaging Committee is was faced with a request > (https://pagure.io/packaging-committee/issue/1007) that has us > questioning just how much license review is required. > > Are any of the following acceptable? > > 1) Trust the packager to do a license review, with no reviewer > verification. > > 2) Trust the output of an automated tool which attempts to detect > project licenses (such as askalono). > > 3) Trust the license tag from a project hosting service such as github? > (I understand that the answer may depend on the hosting service.) > > Depending on what is acceptable, we may be able to reduce bureaucracy a > bit. I know that back when I did package reviews, the license review > was often the most difficult part. > > - J< Hi again, Can I get a definitive opinion from legal on this? So far I have 64 new dependencies ready to be included in Fedora for over 1,000 packages I have so far checked (650 remaining). The packages have both been autodetected by askalono and manually checked the LICENSE files. I'd like to be able to package them before F33 branching hopefully. Thanks, Robert-André _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
