I guess it should be possible to make packit (or the-new-hotness?) run licensecheck on the new sources and include that in the PR comment too, perhaps also with a list of packages that depend on the one being updated as an "impact check"?
It is almost impossible to do the check with old Callaway system. This is actually why I joined the group working on SPDX migration - I wanted automatically determine in Copr if the license is allowed. I found that it is actually easier and faster to migrate all the Fedora packages to SPDX and then use standard SPDX tooling rather than write NIH tool that would work with Callaway system.
When we finish the migration of Fedora to SPDX we plan to adapt tooling that will warn maintainer when new source has suspicious text that may be license that is not mention in License tag. But this circa two years ahead. If somebody wants to contribute let me know.
-- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue