Re: SPDX Change update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dne 09. 11. 22 v 17:00 Fabio Valentini napsal(a):
On Wed, Nov 9, 2022 at 2:52 PM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:
Dne 09. 11. 22 v 13:58 Neal Gompa napsal(a):

What do we do if the SPDX tag is the same as the existing license
tag (eg ISC) though? Do we just add a dummy change/commit entry that
mentions SPDX to confirm we've reviewed it?

Don't bother. Eventually, we'll re-process all spec files and identify
what to do next anyway.

Actually... if you add there the dummy changelog entry, it makes my work easier.
Which data source are you using to check changelog contents?

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-spec-changelog.sh

https://pagure.io/copr/license-validate/blob/main/f/print-spec-changelog.py


For packages that use rpmautospec, you'll need to check changelog
contents in the SRPM, not the unprocessed spec file.
And if you're querying changelogs from RPMs or SRPMs, adding a dummy
changelog entry also won't do anything unless a new build is done in
either case.

Yes. Because I do not open the spec file in dist-git checkout then the %changelog is empty, but next script checks dist-git log

https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-distgit-changelog.sh

which is the source for %autochangelog The result is the same at the end.

Also note that for Rust packages, conversion to SPDX has been an
ongoing process since rust2rpm made SPDX expressions the default with
version 22, and the conversion itself was usually just a side product
of updating packages to a newer version, and in these cases, the
changelog doesn't mention SPDX at all.

If you want to include Rust packages which have switched to SPDX in
your analysis, you can grep spec files for the string "# Generated by
rust2rpm 22" or "# Generated by rust2rpm 23" (since spec files
generated by rust2rpm v22+ use SPDX).

Good idea. On the other hand, even when you are using SPDX identifier it does not mean that it is approved in fedora-license-data.

I validated all licenses in rust-* packages and 1003 packages out of 2000 packages do not validate. The list of rust packages with invalid license is here:

https://pagure.io/copr/license-validate/blob/main/f/rust-notvalid.txt

I checked just few of them and it seems that they been generated by older rust2rpm. I will appreciate if you can check them.

Miroslav
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux