Bug#829667: License headers
Sandro Mani
manisandro at gmail.com
Tue Jul 5 12:15:26 UTC 2016
On 05.07.2016 12:56, Jonas Smedegaard wrote:
> Quoting Sandro Mani (2016-07-05 11:43:22)
>> Hi Jonathan
> My name is Jonas (but not offended at all - not to worry :-) )
Uh, no idea how I managed this confusion?! Sorry!
>
>
>> For reviews, we have a tool (fedora-review) which runs licensecheck
>> recursively in the source tree. Fedora-review then prints out the
>> detected licenses in the license headers of the files and the
>> reviewer/packager is asked to compare these licenses with the actual
>> license declared by the project resp. in the package metadata (i.e.
>> the spec file).
>>
>> So I suppose that typically people expect that each source file
>> contains a license header (from my point of view this also makes sense
>> if individual files are reused outside of the project). But it is not
>> a review-blocking issue, our guidelines simply ask us to raise the
>> issue upstream.
> I disagree with your statement that "people expect that each source file
> contains a license header".
>
> Im my understanding, people (in the FLOSS community at large) expect
> license statements to be explicit and included with the released project
> (rather than abbreviated or rerefenced from an online resource), and
> preferrably embedded in each source file. CPAN projects generally, and
> the App::Licensecheck project specifically, embeds licensing statements
> in each source file, just not at the top which you seem to impose as a
> general expectation.
>
> Thanks for elaborating on how Fedora uses licensecheck for quality
> assurance. I appreciate your contacting upstreams to ensure that
> licensing statements are unambiguous and embedded in each file where
> copyright is claimed. But instead of suggesting upstreams to conform to
> the more strict principle of putting licensing statements at the top of
> each file, I recommend that instead Fedora considers adjusting its
> quality assureance process to scan whole files instead of only the
> header.
Well, I suppose it is licensecheck itself which only scans the headers?
It is not a Fedora policy of any sort to only scan the headers of the
files, but we are actually relying on the licensecheck script to detect
the license of the various files in the source tarball. And in this
particular case:
$ licensecheck App-Licensecheck-v3.0.1/bin/licensecheck
App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm
App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN
App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN
(But I don't want to be annyoing or anything, just following our
guidelines ;) )
More information about the pkg-perl-maintainers
mailing list