[opensuse-factory] legal-auto on vacation?
Hi all, I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer? [1]: https://build.opensuse.org/request/show/512497 -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 07/08/2017 12:09, Aleksa Sarai wrote:
Hi all,
I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer?
I think that they've been on holiday for a few months, libmlt has been waiting for them for about 40 to 50 days, the worst of it is that people keep on submitting changes, I messed up and revoked by mistake when another fix was submitted after the first 20 odd days and created a new request sr#510071 which is 25 days old now and this weekend I declined a minor spec file fix and a nice fellow maintainer then overrode my maintainer and bug owner rights in the project and rudely accepted it. I've now put a review on the package and hopefully nobody will abuse that. The worse part is that it's a fix for a shotcut bug. Dave P -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer?
I think that they've been on holiday for a few months, libmlt has been waiting for them for about 40 to 50 days,
Given that the members of legal-auto are bots (aside from babelworx), my email was meant in jest. More importantly, I think it's a bug where the bot doesn't get the notification for a new SR (or it does, it dies for some reason, and then doesn't get re-run). The sister SR for the one I linked[1] *did* get reviewed by licensedigger. [1]: https://build.opensuse.org/request/show/512231 -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/07/2017 12:48 PM, Aleksa Sarai wrote:
I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer?
I think that they've been on holiday for a few months, libmlt has been waiting for them for about 40 to 50 days,
Given that the members of legal-auto are bots (aside from babelworx), my email was meant in jest. More importantly, I think it's a bug where the bot doesn't get the notification for a new SR (or it does, it dies for some reason, and then doesn't get re-run). The sister SR for the one I linked[1] *did* get reviewed by licensedigger.
The bot is fine. If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer?
I think that they've been on holiday for a few months, libmlt has been waiting for them for about 40 to 50 days,
Given that the members of legal-auto are bots (aside from babelworx), my email was meant in jest. More importantly, I think it's a bug where the bot doesn't get the notification for a new SR (or it does, it dies for some reason, and then doesn't get re-run). The sister SR for the one I linked[1] *did* get reviewed by licensedigger.
The bot is fine. If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
Cool, I'll watch that later. But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue? -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/07/2017 01:12 PM, Aleksa Sarai wrote:
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Gesendet: Montag, 07. August 2017 um 13:14 Uhr Von: "Stephan Kulow"
An: "Aleksa Sarai" , opensuse-factory@opensuse.org Betreff: Re: [opensuse-factory] legal-auto on vacation? On 08/07/2017 01:12 PM, Aleksa Sarai wrote:
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/07/2017 01:21 PM, Axel Braun wrote:
Gesendet: Montag, 07. August 2017 um 13:14 Uhr Von: "Stephan Kulow"
An: "Aleksa Sarai" , opensuse-factory@opensuse.org Betreff: Re: [opensuse-factory] legal-auto on vacation? On 08/07/2017 01:12 PM, Aleksa Sarai wrote:
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday 2017-08-07 13:21, Stephan Kulow wrote:
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
tl;dw: updates now also get some legal scrutiny. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
tl;dw: updates now also get some legal scrutiny.
What I'd be interested in is, as a developer of a project, how should I make the legal team's life easier? I personally already review all of my dependencies' licenses, and am quite familiar with free software licensing, so it seems a waste for that energy to be duplicated for every update. [ The project that I linked originally is one that I authored. ] -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Aleksa Sarai
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
tl;dw: updates now also get some legal scrutiny.
What I'd be interested in is, as a developer of a project, how should I make the legal team's life easier? I personally already review all of my dependencies' licenses, and am quite familiar with free software licensing, so it seems a waste for that energy to be duplicated for every update.
[ The project that I linked originally is one that I authored. ]
how would you relieve the possibile liability? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 7 August 2017 at 14:29, Aleksa Sarai
But my original point still stands, what is a submitter meant to do if submission is stuck on legal-auto? Twiddle my thumbs? Ping someone from legal? Create a new request that supercedes the old one to retrigger the bot? If "the bot is fine", does that mean there was some issue with my SR? If so, how do I find out said issue?
There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
tl;dw: updates now also get some legal scrutiny.
What I'd be interested in is, as a developer of a project, how should I make the legal team's life easier? I personally already review all of my dependencies' licenses, and am quite familiar with free software licensing, so it seems a waste for that energy to be duplicated for every update.
[ The project that I linked originally is one that I authored. ]
I was just asking coolo about this (and he reviewed it while I watched) The main risks which our legal tooling is concerned about with umoci seems to be a rather large proliferation of different licenses across the package Apache-2.0, CC-BY-SA, BSD-3-Clause, MIT, BSD-2-Clause are all clearly referenced in files across the package, but only Apache-2.0 is cited in the specfile Such things are not trivial to review when our legal team need to make sure everything in the package is compatible with each other But then, the thing is written in go, there's a ton of bundled magical nonsense in there, I think that's the nature of the beast.. rewrite the thing in a saner language with less bundled deps? ;) (I jest...mostly) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 7 August 2017 at 15:24, Richard Brown
On 7 August 2017 at 14:29, Aleksa Sarai
wrote: > But my original point still stands, what is a submitter meant to do if > submission is stuck on legal-auto? Twiddle my thumbs? Ping someone > from > legal? Create a new request that supercedes the old one to retrigger > the > bot? If "the bot is fine", does that mean there was some issue with my > SR? If so, how do I find out said issue? > There is some issue with your SR that requires manual review by lawyers. And indeed those have vacations too.
This should not apply to existing packages that just get updated, no?
If you wonder how it works, check my talk on osc17: https://www.youtube.com/watch?v=5DAjSwKcVzI
tl;dw: updates now also get some legal scrutiny.
What I'd be interested in is, as a developer of a project, how should I make the legal team's life easier? I personally already review all of my dependencies' licenses, and am quite familiar with free software licensing, so it seems a waste for that energy to be duplicated for every update.
[ The project that I linked originally is one that I authored. ]
I was just asking coolo about this (and he reviewed it while I watched)
The main risks which our legal tooling is concerned about with umoci seems to be a rather large proliferation of different licenses across the package
Apache-2.0, CC-BY-SA, BSD-3-Clause, MIT, BSD-2-Clause are all clearly referenced in files across the package, but only Apache-2.0 is cited in the specfile
Such things are not trivial to review when our legal team need to make sure everything in the package is compatible with each other
But then, the thing is written in go, there's a ton of bundled magical nonsense in there, I think that's the nature of the beast.. rewrite the thing in a saner language with less bundled deps? ;) (I jest...mostly)
Generally speaking though, I'm concerned about the length it takes openSUSE packages to pass legal review and I will be formally discussing it within SUSE, first with our legal team and then with higher management. As lots of the above are on vacation for summer, no one should expect fast movement here, but you can all trust that I will do everything I can to help get the pressures eased here. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
What I'd be interested in is, as a developer of a project, how should I make the legal team's life easier? I personally already review all of my dependencies' licenses, and am quite familiar with free software licensing, so it seems a waste for that energy to be duplicated for every update.
[ The project that I linked originally is one that I authored. ]
I was just asking coolo about this (and he reviewed it while I watched)
I didn't mean to prod you directly on this package, "everyone is on vacation" is a totally fine way of spelling "shoo". :P As an aside, is it possible for the legal-auto bots to post a message if they decide that it needs manual legal review? Just to make it less confusing for someone like me that didn't know that legal-auto doesn't tell a submitter if a package needs manual review.
The main risks which our legal tooling is concerned about with umoci seems to be a rather large proliferation of different licenses across the package
Apache-2.0, CC-BY-SA, BSD-3-Clause, MIT, BSD-2-Clause are all clearly referenced in files across the package, but only Apache-2.0 is cited in the specfile
Would you prefer if I reference all of them in the spec-file? The CC-BY-SA stuff (which is what I assume the fuss would be about) is for documentation that isn't shipped in umoci (it's included automatically by the vendoring scripts I use).
But then, the thing is written in go, there's a ton of bundled magical nonsense in there, I think that's the nature of the beast.. rewrite the thing in a saner language with less bundled deps? ;) (I jest...mostly)
The other option I was considering was Rust, and that makes the licensing situation several fold more complicated (not to mention that we still don't know how to package the damn thing). ;) -- Aleksa Sarai Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Gesendet: Montag, 07. August 2017 um 12:48 Uhr Von: "Aleksa Sarai"
An: "Dave Plater" , opensuse-factory@opensuse.org Betreff: Re: [opensuse-factory] legal-auto on vacation? I just checked and this SR[1] to Factory has been open for quite a while, and is blocked (AFAICS) on legal-auto. Is legal-auto on vacation on a yacht? Should I have paid for a retainer?
I think that they've been on holiday for a few months, libmlt has been waiting for them for about 40 to 50 days,
Given that the members of legal-auto are bots (aside from babelworx), my email was meant in jest. More importantly, I think it's a bug where the bot doesn't get the notification for a new SR (or it does, it dies for some reason, and then doesn't get re-run). The sister SR for the one I linked[1] *did* get reviewed by licensedigger.
Lucky you.....i dont count days anymore - SR just states 'more than a month ago' open with legal Cheers Axel -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (7)
-
Aleksa Sarai
-
Axel Braun
-
Dave Plater
-
Jan Engelhardt
-
Patrick Shanahan
-
Richard Brown
-
Stephan Kulow