On Sun, Jan 29, 2023 at 11:41 AM Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > Tip: do you want to audit licenses in your tarball? Unpack the tarball and try: > > dnf install askalono-cli > > askalono crawl /path/to/directory Regarding askalono: I had not heard of it prior to getting involved in this whole Fedora initiative around the Callaway->SPDX migration and the revamped legal documentation. Since then I've used it quite a bit, mostly for some non-Fedora-related work. askalono is a easy-to-use tool which is good to reach for in some situations, but one should be aware of its limitations and primitiveness. It can't recognize or understand: * license notices/license texts that are comments in source files (it specifically looks only for files that are named LICENSE or COPYING or some obvious variant on those) * license notices/license texts in README files * license files that contain multiple license texts (or it will only recognize the first of them) * nonstandard/archaic/legacy licenses (which covers most of the licenses being reviewed in issues in fedora-license-data) I've found it useful for quick analysis of packages coming out of ecosystems featuring projects known to have (1) highly standardized approaches to layout of license information, (2) generally simple license makeup, and (3) cultural preferences for a highly limited set of licenses (for example, Rust crates that don't bundle legacy C code, Golang modules, Node.js npm packages). For things that don't have such simple characteristics (such as a lot of relatively old, historically complex Fedora packages) it is probably not going to be too useful for its "crawl" functionality. And for the task of trying to identify previously-overlooked or abstracted-away licenses in Fedora packages it is basically not useful at all. So: a good tool to have in the toolbox, but its limitations should be understood, and I don't think it can really be recommended as an audit tool by itself, given its limitations, even for the kinds of packages it is relatively useful for. Richard _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
