One of the various reasons for having package reviews is having a human verify that the packager's choice of License: tag is valid. The Packaging Committee is was faced with a request (https://pagure.io/packaging-committee/issue/1007) that has us questioning just how much license review is required.
Are any of the following acceptable? 1) Trust the packager to do a license review, with no reviewer verification. 2) Trust the output of an automated tool which attempts to detect project licenses (such as askalono). 3) Trust the license tag from a project hosting service such as github? (I understand that the answer may depend on the hosting service.) Depending on what is acceptable, we may be able to reduce bureaucracy a bit. I know that back when I did package reviews, the license review was often the most difficult part. - J< _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
