On Mon, Aug 1, 2022 at 4:28 AM Kevin Kofler via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Daniel P. Berrangé wrote: > > I do expect Fedora reviewers to do more than just look at a handful of > > source files though. For any package review, the header of every source > > file should checked. Random sampling is not sufficient to identify the > > exceptions which do occur often, and are not usually mentioned in the > > top level LICENSE file. If there's no header present, then it is > > implicitly under the global license, and it is fine to trust that for > > the purposes of Fedora license tag. > > I wish you good luck opening every single of the 167383 files in QtWebEngine > (checked with 5.15.8, but that is the order of magnitude for all versions) > to check the license header, if there is any to begin with. (Some of the > bundled libraries are of the "let's just drop in one license file that > applies to everything" kind, and it is named differently in each.) I'm going to say this outright: it is not reasonable to expect volunteer packagers to do this. The License tag is not intended to be exhaustive, merely informative. I would much prefer we continue our existing practice of simplifying license expressions because it also reduces the significant burden of the license audit for packagers and actually keeps us from making *more* mistakes. If people want more exhaustive licensing data, complain to upstream instead and have *them* ship licensing documents. The other option, of course, is that Red Hat chooses to hire people specifically to supplement packagers and do out-of-band audits and correct licensing information for the entire package collection. I do not expect that will happen, though. There is not enough benefit to doing it. The only positive to doing this would be to stop packagers who use bundling as a means to avoid properly categorizing and identifying dependencies from avoiding the license audit part. But I have a feeling those packagers will continue to do that anyway. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
