On 05.07.2016 12:56, Jonas Smedegaard wrote:
Quoting Sandro Mani (2016-07-05 11:43:22)
Hi Jonathan
My name is Jonas (but not offended at all - not to worry :-) )
Uh, no idea how I managed this confusion?! Sorry!
For reviews, we have a tool (fedora-review) which runs licensecheck
recursively in the source tree. Fedora-review then prints out the
detected licenses in the license headers of the files and the
reviewer/packager is asked to compare these licenses with the actual
license declared by the project resp. in the package metadata (i.e.
the spec file).
So I suppose that typically people expect that each source file
contains a license header (from my point of view this also makes sense
if individual files are reused outside of the project). But it is not
a review-blocking issue, our guidelines simply ask us to raise the
issue upstream.
I disagree with your statement that "people expect that each source file
contains a license header".
Im my understanding, people (in the FLOSS community at large) expect
license statements to be explicit and included with the released project
(rather than abbreviated or rerefenced from an online resource), and
preferrably embedded in each source file. CPAN projects generally, and
the App::Licensecheck project specifically, embeds licensing statements
in each source file, just not at the top which you seem to impose as a
general expectation.
Thanks for elaborating on how Fedora uses licensecheck for quality
assurance. I appreciate your contacting upstreams to ensure that
licensing statements are unambiguous and embedded in each file where
copyright is claimed. But instead of suggesting upstreams to conform to
the more strict principle of putting licensing statements at the top of
each file, I recommend that instead Fedora considers adjusting its
quality assureance process to scan whole files instead of only the
header.
Well, I suppose it is licensecheck itself which only scans the headers?
It is not a Fedora policy of any sort to only scan the headers of the
files, but we are actually relying on the licensecheck script to detect
the license of the various files in the source tarball. And in this
particular case:
$ licensecheck App-Licensecheck-v3.0.1/bin/licensecheck
App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm
App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN
App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN
(But I don't want to be annyoing or anything, just following our
guidelines ;) )
