https://bugzilla.redhat.com/show_bug.cgi?id=2238438 --- Comment #3 from Carl George 🤠 <carl@xxxxxxxxxx> --- > [! > b]: If the package is under multiple licenses, the licensing breakdown > must be documented in the spec. This is not currently a requirement in either the in either the review guidelines [0] or the license guidelines [1]. If fedora-review still says that it is, that that's a bug with fedora-review. Previously it was a requirement, but it was dropped over a year ago [2]. When it was a requirement, the implementation of the breakdown was "left to the maintainer" [3]. A common solution was to defer to an upstream breakdown in the license file, which k5test already has [4]. This shouldn't be a blocker, but I went ahead and added an extra comment in the spec file for good measure. > a) Consider also marking the file K5TEST-License.txt as a license file. Fixed with a patch and sent upstream [5]. > Perhaps check with legal due to export restriction notice and/or file a bug upstream. This is the same restriction that krb5 has [6], which is already allowed. > b) The text in the licenses does not correspond to either the ISC or MIT licenses, though is similar to them. LICENSE.txt matches the SPDX ISC license text [7], verified manually and by two separate tools (licensecheck and askalono). K5TEST-LICENSE.txt does have some differences from the reference SPDX MIT license text [8], but LICENSE.txt is clear that that file in question, k5test/realm.py, falls under the MIT license. Spec URL: https://download.copr.fedorainfracloud.org/results/carlwgeorge/reviews/fedora-rawhide-x86_64/06398555-python-k5test/python-k5test.spec SRPM URL: https://download.copr.fedorainfracloud.org/results/carlwgeorge/reviews/fedora-rawhide-x86_64/06398555-python-k5test/python-k5test-0.10.3-1.fc40.src.rpm [0] https://docs.fedoraproject.org/en-US/packaging-guidelines/ReviewGuidelines/ [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ [2] https://pagure.io/packaging-committee/c/a14aeb9e1fac236423c0d151768973a0f7c6ed80 [3] https://pagure.io/packaging-committee/blob/5c515daae464e324793b3b6b96d22bfd1bcf0858/f/guidelines/modules/ROOT/pages/LicensingGuidelines.adoc#_165-166 [4] https://github.com/pythongssapi/k5test/blob/v0.10.3/LICENSE.txt [5] https://github.com/pythongssapi/k5test/pull/26 [6] https://github.com/krb5/krb5/blob/krb5-1.21.2-final/NOTICE#L1155-L1184 [7] https://spdx.org/licenses/ISC.html [8] https://spdx.org/licenses/MIT.html -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2238438 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202238438%23c3 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
