On 5/17/22 14:35, David Cantrell wrote:
I think a better thing to do would be to use a scanner like
scancode[1] to
check the source tree in question and then construct a License expression for
the spec file from its results. In many cases it will be the same as what we
have in the spec file, just with different identifiers. But we would be using
the opportunity to both move to new license identifiers and audit the
information at the same time. Note that scancode isn't perfect, but it would
be used as a workflow tool here as the contributor audits the licensing
information in a package.
I realize this is a lot of work. It would be best done in hackfest type
sessions with work divided up in the subsets of packages. It would be a good
opportunity for new contributors to learn how things are structured and send
PRs to existing packages.
[1] https://github.com/nexB/scancode-licensedb
In addition to that, in an ideal world the results of this
scan-and-analyze operation would not live *in* Fedora, but would be
pushed upstream so that the canonical distribution of the software has
the proper SPDX expression for its license(s). There are various
community efforts under way to attack the problem in this fashion
(ClearlyDefined[1] being one of them), and pushing the results of the
license analysis as far 'left' as possible benefits everyone.
[1] https://clearlydefined.io/about
--
Kevin P. Fleming
He/Him/His
Principal Program Manager, RHEL
Red Hat US/Eastern Time Zone
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
