Charles Plessy <ple...@debian.org> writes: >>I suggest to use 'lrc' in the pipeline. I already do this for many >>packages, and I just add >> >>- >>https://salsa.debian.org/debian/licenserecon/raw/main/debian/licenserecon.yml > > Looks good! > >>Yes, false positives happens, and it doesn't always handle Autotools >>projects with a lot of generated files with complex licenses well. > > Here we are in the context of entirely new packages, so we can explore > the idea that packages need either to be licenserecon-clean, or to > include a note why they can't, in order to get a review. For instance, > the form to request a review (issue, MR, or service counter, I am not > sure yet), could contain a checklist item about this.
You can add exceptions, similar to lintian overrides, for known false positives: https://salsa.debian.org/debian/gssproxy/-/blob/master/debian/lrc.excludes?ref_type=heads https://salsa.debian.org/go-team/packages/golang-github-sigstore-protobuf-specs/-/blob/debian/sid/debian/lrc.config?ref_type=heads I use it for a bunch of packages, although I have to admit that on complex false positives I tend to disable it rather than trying to figure out how to write the exception file and/or file bug reports (bugs which tends to more often tend to be in licensecheck rather than licenserecon). It would be nice to add this to the standard Salsa CI pipeline: https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/395 The difference of having a 'include' statement in debian/salsa-ci.yml is not that different from adding some 'variables:' to enable a lrc-job, so it is not critical to add it to the standard pipeline. Maybe if more people start to use it we gain more confidence in it as a useful tool, and later on add it to the standard pipeline. /Simon
signature.asc
Description: PGP signature
