On Tue, May 17, 2022 at 03:30:43PM -0400, Kevin P. Fleming wrote: > On 5/17/22 14:35, David Cantrell wrote: > > I think a better thing to do would be to use a scanner like scancode[1] > > to > > check the source tree in question and then construct a License expression for > > the spec file from its results. In many cases it will be the same as what we > > have in the spec file, just with different identifiers. But we would be using > > the opportunity to both move to new license identifiers and audit the > > information at the same time. Note that scancode isn't perfect, but it would > > be used as a workflow tool here as the contributor audits the licensing > > information in a package. > > > > I realize this is a lot of work. It would be best done in hackfest type > > sessions with work divided up in the subsets of packages. It would be a good > > opportunity for new contributors to learn how things are structured and send > > PRs to existing packages. > > > > [1] https://github.com/nexB/scancode-licensedb > > In addition to that, in an ideal world the results of this scan-and-analyze > operation would not live *in* Fedora, but would be pushed upstream so that > the canonical distribution of the software has the proper SPDX expression > for its license(s). There are various community efforts under way to attack > the problem in this fashion (ClearlyDefined[1] being one of them), and > pushing the results of the license analysis as far 'left' as possible > benefits everyone. > > [1] https://clearlydefined.io/about Agreed. For the purposes of Fedora, it benefits us to correctly report the current state of licensing. To your point, encouraging package maintainers to work with upstream projects to resolve any license confusion or ambiguity helps a lot too. Thanks, -- David Cantrell <dcantrell@xxxxxxxxxx> Red Hat, Inc. | Boston, MA | EST5EDT _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
