Dne 27. 02. 26 v 11:57 dop. Milan Crha napsal(a):
None of the files you references show those 43 packages, in a usable
way, not to play hide and seek.
I see it there. But you are right, it is important that **you** are able to see
it. I will try to do better.
I do not care of the statistics, I care of the packages to be done. You
said it's 43, thus I expected you mean those without SPDX, as it at
least sounds like that, but when I open the above file, where I expect
those 43 packages, it shows 3365 lines and it seems like it's one line
per package.
The best point to start is
https://github.com/fedora-copr/license-validate/blob/main/packages-without-spdx-final-maintainers.txt
If you see your name there then you need to act and check the package beside
your name.
Then you can open
https://github.com/fedora-copr/license-validate/blob/main/packages-without-spdx-final.txt
where is more information. The package can be in following states:
* contains LicenseRef-Callaway, needs to be manually converted
In this case the package is technically converted to SPDX, but the ID "LicenseRef-Callaway-*" is temporary. And not
allowed. You should identify the correct license and replace this ID.
E.g . when package contains LicenseRef-Callaway-BSD you should idenitfy correct variant and replace it with
BSD-3-Clause, or BSD-3-Clause-Attribution, or any other.
We still have about 1600 of these packages.
The 3 other cases bellow are the one that are not in SPDX form and we have 43
of them as I mentioned in $SUBJ
* can be trivially converted to FOO
You can replace the license with suggested ID as there is 1:1 mapping. Only package gnulib has this case, but
subpackages of gnulib are not trivial case, so it has not been done yet.
* <empty string>
In this case the package was valid using the old Callaway schema (that was very fuzzy defined), but there is no known
conversion to SPDX (using license-fedora2spdx).
This is very similar to the first case, but we did not assign the temporary IDs
for these cases.
* not valid neither as Callaway nor as SPDX, please check
This is either a typo in the ID. And then it is easy to fix. Or it contains new license. Sometimes I see a valid SPDX
ID, but that ID is not on the list of licenses allowed in Fedora. In such case you should follow
https://docs.fedoraproject.org/en-US/legal/identify/ and if you doubt then you can submit it for review
https://docs.fedoraproject.org/en-US/legal/license-review-process/
* valid as old and new and no changelog entry, please check
I have just removed these lines. They are not so important for now. This means that the license is valid in both old and
new format. So technically it is fine. But at the same time it is suspicious. Because e.g., MIT goes into this category.
But Callaway MIT ID can stay as MIT ID in new format, but also it can be MIT-CMU, or HPND, or dozen other variant in the
new format. So it is better to check if the license is actually correct.
I have just removed these as we will re-review the content one day anyway, when
we start utilizing license scanners.
I hope this clarifies it a bit.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
