On Fri, 2019-11-29 at 09:05 +0100, Stephan Kulow wrote:
Am 28.11.19 um 15:41 schrieb Axel Braun:
Hello factory maintainers,
is there a possibility to speed up legal review for new packages in the factory queue?
Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review....
It's no secret that our legal review process is defunct - and it's not only blocking new packages, but also rather harmless package updates.
Basically the process relies on SUSE's lawyers and there is - plainly put - no capacity in the SUSE legal team left to review package licenses. Fixing that is not easy - nor is changing our legal review process.
Can't we release the burden somehow? For example, one could automate fossology scans in OBS. At the least, that would make it more obvious whether or licensing aspects change in updates. And for new packages, it would provide a better starting point for a legal review than just a bunch of sources code files. We could also form an "OSS review team" that might, for new packages, create a first assessment (e.g. based on fossology output) which would provide information for the legal team in a way that simplifies and speeds up their review work. Also, for new packages, we could require the packagers to provide a preliminary license assessment (e.g. list of licenses used, license texts if missing in source tree, etc.). We can't replace the lawyers, but by streamlining the technical part of the assessments, we might be able help them with the legal part. Of course, this would require efforts and take time which we can't spend on other things. But it might be worth it. Regards, Martin