[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [fab] Re: Licensing audit for Fedora Extras



On Tue, 2006-12-05 at 12:24 -0700, Stephen John Smoogen wrote:

> > Ok then I would say the first thing that needs to be done is a
> > document that goes over how a license audit is done. Nothing fancy,
> > but a list of
> >
> > A) Download src package
> > B) Look at spec file
> > C) Look at sourcecode and make sure license is listed in it.
> > D) Look for any dubious licensed code (say file A says its under MIT
> > and file B says its under Apache and file C says its MyLicense 1.5).
> > Use the following egrep expressions to help in doing this:
> > E) Write up a summary of package viewpoints, and send to XYZ for confirmation.
> > F) Upon getting confirmation, and if you have more questions send to
> > joe_foo fsf org
> > G) Profit.

Its more of a process of:

A) Download SRPM
B) rpm -ivh foo.src.rpm
C) rpmbuild -bp path/to/foo.spec
D) Note License in foo.spec
E) Manually look through all source code in BUILD/foo
F) Note actual licensing where it differs from License
G) Ensure that license(s) is/are FSF or OSI approved
H) If license(s) is/are approved individually, go to H2. Otherwise, go
to I.
H2) If licenses > 1, ensure they're compatible. If not, flag package in
violation.
I) If license(s) is not approved:
I2) Is the license explicitly marked as bad by FSF, if not goto I3.
I3) Ask FSF to review license.

> Sorry I hit send versus "Save Now". The reason for this is to try and
> make sure you are not the sole blocking point on it in case you get an
> offer to buy Aurora Linux for Googlebucks from you... or the snow in
> Illinois traps you in an iceblock for 10,000 years.
> 
> You may still be the person that reviews the finished package
> viewpoints and sends them to legal etc.. but it makes sure that if you
> cash out, the job can be done by someone else.

In the unlikely future where I cash out on Linux/SPARC, hopefully the
above is a good start.

~spot



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]