Dne 15. 09. 23 v 13:18 Ankur Sinha napsal(a):
I guess it should be possible to make packit (or the-new-hotness?)
run
licensecheck on the new sources and include that in the PR comment too,
perhaps also with a list of packages that depend on the one being
updated as an "impact check"?
It is almost impossible to do the check with old Callaway system. This is actually why I
joined the group working on
SPDX migration - I wanted automatically determine in Copr if the license is allowed. I
found that it is actually easier
and faster to migrate all the Fedora packages to SPDX and then use standard SPDX tooling
rather than write NIH tool that
would work with Callaway system.
When we finish the migration of Fedora to SPDX we plan to adapt tooling that will warn
maintainer when new source has
suspicious text that may be license that is not mention in License tag. But this circa two
years ahead. If somebody
wants to contribute let me know.
--
Miroslav Suchy, RHCA
Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys