I am doing my first Fedora package review , for litehtml library. The
source tree contains some bundled items that, in violation of original
licenses, do not include a copy of the relevant licenses. There are two
1. gumbo-parser is included in source form and only contains link to the
correct license in source files and repository README, but license text
itself is not included like the license, Apache Software License 2.0,
2. tools/xxd.exe is included as a (Windows) binary used during the
build. It does not have any mention of licensing. Supposedly, it comes
from Vim  and uses the Vim License , which also demands including
copy of the license.
Neither of these are actually required for anything. Fedora already has
the gumbo-parser package that can be used, while the Windows binary is
obviously useless, but the vim-common package contains a usable xxd binary.
Since neither 1 or 2 is needed for anything, they can be removed in
%prep section of the specfile. However, they still end up in the srpm.
The fedora-review tool does not see this as a problem: "Note: Checking
patched sources after %prep for licenses."
Is it really so that srpms are allowed have content that violates
licenses, as long as %prep removes them? I am not able to find any
explicit confirmation for this interpretation the the Licensing
Guidelines . Actually, the guidelines are generally do not make a
clear distinction between srpms and binary rpms.
Perhaps somebody on this list understands this topic and can explain how
this situation should be handled?