https://bugzilla.redhat.com/show_bug.cgi?id=1713767
--- Comment #18 from Björn Persson bjorn@xn--rombobjrn-67a.se --- (In reply to Richard W.M. Jones from comment #15)
It's been on my to-do list for a long time to set up letsencrypt on http://libguestfs.org but I haven't got around to it yet. However in this case the key is available from your favourite GPG keyserver:
It's nice that the key is on the keyservers but that's not an authoritative source. A keyring on an HTTPS server under the control of the authors allows anyone to determine with a high degree of confidence that that is the correct key. Anyway, that's not a blocker.
(In reply to Richard W.M. Jones from comment #16)
The license does refer to the binary, not the source:
https://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License:_field
and I believe LGPLv2+ is correct for the binary lib*.so.* file, even though it uses a BSD-licensed header file as part of the build.
You may be right. I was thinking this was a "mixed source licensing scenario" but it's not entirely clear to me which license combinations that applies to: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuideline...