Greetings,
I am doing my first Fedora package review [1], for litehtml library. The source tree
contains some bundled items that, in violation of original licenses, do not include a copy
of the relevant licenses. There are two problem items:
1. gumbo-parser is included in source form and only contains link to the correct license
in source files and repository README, but license text itself is not included like the
license, Apache Software License 2.0, demands.
2. tools/xxd.exe is included as a (Windows) binary used during the build. It does not
have any mention of licensing. Supposedly, it comes from Vim [2] and uses the Vim License
[3], which also demands including copy of the license.
Neither of these are actually required for anything. Fedora already has the gumbo-parser
package that can be used, while the Windows binary is obviously useless, but the
vim-common package contains a usable xxd binary.
Since neither 1 or 2 is needed for anything, they can be removed in %prep section of the
specfile. However, they still end up in the srpm. The fedora-review tool does not see this
as a problem: "Note: Checking patched sources after %prep for licenses."
Is it really so that srpms are allowed have content that violates licenses, as long as
%prep removes them? I am not able to find any explicit confirmation for this
interpretation the the Licensing Guidelines [4]. Actually, the guidelines are generally do
not make a clear distinction between srpms and binary rpms.
Perhaps somebody on this list understands this topic and can explain how this situation
should be handled?
Regards,
Otto
[1]:
https://bugzilla.redhat.com/show_bug.cgi?id=1939875
[2]:
https://github.com/vim/vim/tree/master/src/xxd
[3]:
https://github.com/vim/vim/blob/master/LICENSE
[4]:
https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidel...
If you think the relevant files are not allowed to be included in srpm, remove the file
and regenerate tarball, see: