On Tue, 2020-01-28 at 09:03 +0000, Richard W.M. Jones wrote:
If you want to go even further with this idea, then it could even be
possible we allow packages into Fedora without any review. They
would
start in the outermost stream in a "there be dragons" repository that
only the foolhardy would enable, but as their quality improved they
would *automatically* migrate into the mainstream.
We would need to at least have license review. Though automation can
help with licensing, there are weird things sometimes that only a human
could detect, like this[0]:
https://github.com/szymach/c-pchart/issues/35
I do think we could automate a lot of the other elements of review
though, and I agree that it would be helpful.
Having a bot at least check for the obvious licence problems would
still be helpful, but a bot that approves a package license still needs
to be double checked by a human, in my opinion. The bot would be
helpful in catching negatives (no license, or unacceptable license,
etc.)
[0] Thanks to Remi for catching it in
https://bugzilla.redhat.com/show_bug.cgi?id=1425275 - I hadn't even
noticed it myself!