On Fri, 2023-09-15 at 16:02 +0200, Frantisek Lachman wrote: > Thanks Dan and Daniel for the responses. You both are right. For our > defence, this is always setup by an existing Fedora user (=human). > > I can't speak of rel-eng (and honestly don't know) how problematic > this "physical removal" on request is. > We can at least promote the licence check more > and provide instructions on what to do if something does not fulfil the rules. > (E.g. as a part of the issue Ankur created and mentioned > (https://github.com/packit/packit/issues/2035)) > > Does anyone have any realistic solution (or an improvement) to this > for Packit itself? > > We can also stop uploading the source to the lookaside cache (or make > it configurable), > but the benefit of such automation is significantly reduced.
To be honest it seems a little unfair to 'pick on' Packit about this. practically speaking, we do not somehow enforce that every packager does a thorough license review of every new upstream version of everything they package before uploading it to the lookaside. We do not really have any protections against packagers running scratch builds with unredistributable content. Ultimately, we are trusting packagers to do this right. Packit is intended for folks/teams who are both upstream maintainers and downstream packagers. Such folks should already be aware of the licensing of the upstream and able to address any issues with it. They likely already pull new releases of their project downstream as a matter of course. Automating it doesn't really seem like it's exposing us to any radical increase in potential licensing problems. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
