On Tue, Jan 23, 2007 at 03:16:24PM -0600, Tom 'spot' Callaway wrote: > > I can do this by myself. Of course, if I do, then the results of this > audit will probably be ready sometime in 2013. Sadly, this is not a > process that can be easily scripted (at least, not to my knowledge), and > just requires knowledgable people looking at the package source code and > identifying the licensing. > > Sound like fun? Well, no. But it is something that we do need volunteers > to help with. So, if you're interested in taking on this challenge, let > me know. The more people we can get to help in this task, the quicker it > will be completed. We have about 2550 source packages to check. That's supposed to be done during review, isn't it? How could an audit catch more issues than caught during reviews? Maybe in the early day some packages weren't audited (like the one coming from core at some point), but a full rereview would seem to be more relevant than only a license audit. If I recall well this is on the way, but scheduled after the core packages review. Maybe it could be better if maintainers asked spontaneously for a rereview when they think that their package has potential license issues. For example, I think that it is a loss of time if somebody audit the license of the packages I maintain or I reviewed. I am not saying that I see everything and never make mistake, it may be possible that there are problematic files in those packages, but I think that re-auditing them is doing something twice without a guarantee that it will be done netter. I know for sure that there was some non-free code in the cernlib some time ago which weren't noticed during review, but an audit wouldn't have been likely to catch this issue either. -- Pat -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
