Bug#829667: License headers

Tue, 05 Jul 2016 02:45:28 -0700 

Hi Jonathan
For reviews, we have a tool (fedora-review) which runs licensecheck recursively in the source tree. Fedora-review then prints out the detected licenses in the license headers of the files and the reviewer/packager is asked to compare these licenses with the actual license declared by the project resp. in the package metadata (i.e. the spec file). 


So I suppose that typically people expect that each source file contains 
a license header (from my point of view this also makes sense if 
individual files are reused outside of the project). But it is not a 
review-blocking issue, our guidelines simply ask us to raise the issue 
upstream.


Thanks

Sandro


On 05.07.2016 11:40, Jonas Smedegaard wrote:

Hi Sandro,

Thanks for the bugreport, and thanks a lot for packaging licensecheck
for Fedora - moving it to CPAN was done *exactly* to ease redistribution
also outside of Debian :-D

Comments below the quote...

Quoting Sandro Mani (2016-07-05 09:24:31)

Package: licensecheck
Version: 3.0.1

The following issue was raised during review of the Fedora package [1]:

      These source files are without license headers:
      App-Licensecheck-v3.0.1/bin/licensecheck
      App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm
      Please, ask to upstream to confirm the
      licensing of code and/or content/s, and ask to add license headers
      
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Clarification


COPYRIGHT states clearly that bin/licensecheck and lib/App/Licensecheck.pm are 
GPL-3.0, but it would not harm to add license headers also?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1352667#c5

The issue you raise here puzzles me, however: What licensing information
more specifically do you (or others in Fedora) believe is missing from
those three files?

Is it perhaps that you/they feel that licensing statements in a _header_
comment are somehow superior to statements embedded in POD (commonly
placed near the bottom for Perl modules)?

NB! Please beware that license scanners - both licensecheck and (it
seems, but I am only guessing) rpmlint - can be only advisory, and if in
doubt you should read the actual code yourself.


Regards,

  - Jonas

























					Reply via email to