Fedora Extras License Audit
Patrice Dumas
pertusus at free.fr
Tue Jan 23 21:57:03 UTC 2007
On Tue, Jan 23, 2007 at 03:16:24PM -0600, Tom 'spot' Callaway wrote:
>
> I can do this by myself. Of course, if I do, then the results of this
> audit will probably be ready sometime in 2013. Sadly, this is not a
> process that can be easily scripted (at least, not to my knowledge), and
> just requires knowledgable people looking at the package source code and
> identifying the licensing.
>
> Sound like fun? Well, no. But it is something that we do need volunteers
> to help with. So, if you're interested in taking on this challenge, let
> me know. The more people we can get to help in this task, the quicker it
> will be completed. We have about 2550 source packages to check.
That's supposed to be done during review, isn't it? How could an audit
catch more issues than caught during reviews? Maybe in the early day some
packages weren't audited (like the one coming from core at some point),
but a full rereview would seem to be more relevant than only a license
audit. If I recall well this is on the way, but scheduled after the
core packages review.
Maybe it could be better if maintainers asked spontaneously for a
rereview when they think that their package has potential license
issues. For example, I think that it is a loss of time if somebody
audit the license of the packages I maintain or I reviewed. I am
not saying that I see everything and never make mistake, it may be
possible that there are problematic files in those packages, but I
think that re-auditing them is doing something twice without a
guarantee that it will be done netter. I know for sure that there
was some non-free code in the cernlib some time ago which weren't
noticed during review, but an audit wouldn't have been likely to
catch this issue either.
--
Pat
More information about the fedora-extras-list
mailing list