https://bugzilla.redhat.com/show_bug.cgi?id=2115901 --- Comment #5 from Aleksei Bavshin <alebastr89@xxxxxxxxx> --- > Do they need to be listed as bundled even if none of them actually end up installed in the filesystem anywhere and are only used to build? Yes. If something is compiled and included into the packaged binary, it should affect both the binary license and the list of bundled packages. The reason for the former should be obvious, and the latter is mostly a means of detecting code duplication from the repository metadata. Corresponding guidelines with a deeper explanations: https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling (which also asks to identify the version of a bundled library, if possible) https://docs.fedoraproject.org/en-US/legal/license-field/ And since I haven't checked the docs above in a while, I forgot to ask to rm -rf already unbundles external libs in %prep. This way we can guarantee that the bundled sources are not used. > Added. Looks good to me. I'm assuming you are already aware that the Software app can find and view the metainfo from the installed package, even when it's still not available in the repositories (and most importantly in the `appstream-data` package, which is what G-S actually consumes). If not, might be good to check. Nit: I always assumed that the "project_license" should include the project license without the (bundled) dependencies ("The license given in the project_license tag should be the ‘main’ license of the project"[1]). I might be interpreting this wrong, so feel free to ask legal@ or just leave it as is. [1]: https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#tag-project_license -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2115901 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
