https://bugzilla.redhat.com/show_bug.cgi?id=2165399 --- Comment #26 from Carl George 🤠 <carl@xxxxxxxxxx> --- The licenses and bundled libraries are still not fully addressed. - There is no license breakdown comment to indicate which files are under which license. - The bundled blake2 library is (CC0-1.0 or OpenSSL or Apache-2.0), but that combination is not included in the License field. Per the guidelines conjunctive license expressions need to be placed in parenthesis [0], and the License field must reflect the all of the bundled licenses [1]. - The license files for bundled libraries need to be shipped with the final package. - rnnoise (plugins/obs-filters/rnnoise) appears to be a bundled library, but there is no bundled provides for it, nor any attempt to debundled it and build against the system rnnoise library. - simde, json11, and uthash are bundled (and properly indicated), but exists as a system libraries. Does upstream provide a way to build against the system libraries? - deps/glad/include/KHR/khrplatform.h is identified by licensecheck as being under the Khronos license. I don't see this on the Fedora allowed license list [2]. It does look quite similar to the MIT license. I did find another package that took the liberty of using the MIT identifier for Khronos licensed code, but I'm skeptical that is appropriate. This probably justifies filing an issue with Fedora legal to get approval for the license and to get it added to the approved list. - There are numerous other directories in deps, plugins, and libobs/util (libobs/graphics/libnsgif, plugins/obs-qsv11/libmfx, plugins/obs-outputs/librtmp, and deps/jansson to name a few) that look like they might be bundled libraries, but aren't provided as bundled or have steps taken to debundle. Please look again at the output of licensecheck and ensure that you are indicating all the necessary licenses and bundled provides. [0] https://docs.fedoraproject.org/en-US/legal/license-field/#_combined_disjunctive_and_conjunctive_license_expressions [1] https://docs.fedoraproject.org/en-US/legal/license-field/#_bundled_or_vendored_dependencies [2] https://docs.fedoraproject.org/en-US/legal/allowed-licenses/ -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2165399 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
