[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Extras License Audit



On Tue, Jan 23, 2007 at 03:16:24PM -0600, Tom 'spot' Callaway wrote:
> 
> I can do this by myself. Of course, if I do, then the results of this
> audit will probably be ready sometime in 2013. Sadly, this is not a
> process that can be easily scripted (at least, not to my knowledge), and
> just requires knowledgable people looking at the package source code and
> identifying the licensing.
> 
> Sound like fun? Well, no. But it is something that we do need volunteers
> to help with. So, if you're interested in taking on this challenge, let
> me know. The more people we can get to help in this task, the quicker it
> will be completed. We have about 2550 source packages to check.

That's supposed to be done during review, isn't it? How could an audit 
catch more issues than caught during reviews? Maybe in the early day some 
packages weren't audited (like the one coming from core at some point), 
but a full rereview would seem to be more relevant than only a license 
audit. If I recall well this is on the way, but scheduled after the 
core packages review.

Maybe it could be better if maintainers asked spontaneously for a
rereview when they think that their package has potential license
issues. For example, I think that it is a loss of time if somebody 
audit the license of the packages I maintain or I reviewed. I am 
not saying that I see everything and never make mistake, it may be 
possible that there are problematic files in those packages, but I 
think that re-auditing them is doing something twice without a 
guarantee that it will be done netter. I know for sure that there 
was some non-free code in the cernlib some time ago which weren't 
noticed during review, but an audit wouldn't have been likely to 
catch this issue either.

--
Pat


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]