[opensuse-factory] Backlog in legal review
Hello factory maintainers, is there a possibility to speed up legal review for new packages in the factory queue? Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review.... Thanks Axel -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 28.11.19 um 15:41 schrieb Axel Braun:
Hello factory maintainers,
is there a possibility to speed up legal review for new packages in the factory queue?
Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review....
It's no secret that our legal review process is defunct - and it's not only blocking new packages, but also rather harmless package updates. Basically the process relies on SUSE's lawyers and there is - plainly put - no capacity in the SUSE legal team left to review package licenses. Fixing that is not easy - nor is changing our legal review process. So light as many candles as you can - happy advent :) Greetings, Stephan -- Lighten up, just enjoy life, smile more, laugh more, and don't get so worked up about things. Kenneth Branagh -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 2019-11-29 at 09:05 +0100, Stephan Kulow wrote:
Am 28.11.19 um 15:41 schrieb Axel Braun:
Hello factory maintainers,
is there a possibility to speed up legal review for new packages in the factory queue?
Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review....
It's no secret that our legal review process is defunct - and it's not only blocking new packages, but also rather harmless package updates.
Basically the process relies on SUSE's lawyers and there is - plainly put - no capacity in the SUSE legal team left to review package licenses. Fixing that is not easy - nor is changing our legal review process.
Can't we release the burden somehow? For example, one could automate fossology scans in OBS. At the least, that would make it more obvious whether or licensing aspects change in updates. And for new packages, it would provide a better starting point for a legal review than just a bunch of sources code files. We could also form an "OSS review team" that might, for new packages, create a first assessment (e.g. based on fossology output) which would provide information for the legal team in a way that simplifies and speeds up their review work. Also, for new packages, we could require the packagers to provide a preliminary license assessment (e.g. list of licenses used, license texts if missing in source tree, etc.). We can't replace the lawyers, but by streamlining the technical part of the assessments, we might be able help them with the legal part. Of course, this would require efforts and take time which we can't spend on other things. But it might be worth it. Regards, Martin
Le vendredi 29 novembre 2019 à 13:17 +0000, Martin Wilck a écrit :
On Fri, 2019-11-29 at 09:05 +0100, Stephan Kulow wrote:
Am 28.11.19 um 15:41 schrieb Axel Braun:
Hello factory maintainers,
is there a possibility to speed up legal review for new packages in the factory queue?
Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review....
It's no secret that our legal review process is defunct - and it's not only blocking new packages, but also rather harmless package updates.
Basically the process relies on SUSE's lawyers and there is - plainly put - no capacity in the SUSE legal team left to review package licenses. Fixing that is not easy - nor is changing our legal review process.
Can't we release the burden somehow? For example, one could automate fossology scans in OBS. At the least, that would make it more obvious whether or licensing aspects change in updates. And for new packages, it would provide a better starting point for a legal review than just a bunch of sources code files.
We could also form an "OSS review team" that might, for new packages, create a first assessment (e.g. based on fossology output) which would provide information for the legal team in a way that simplifies and speeds up their review work. Also, for new packages, we could require the packagers to provide a preliminary license assessment (e.g. list of licenses used, license texts if missing in source tree, etc.).
We can't replace the lawyers, but by streamlining the technical part of the assessments, we might be able help them with the legal part.
Of course, this would require efforts and take time which we can't spend on other things. But it might be worth it.
You mean, like this: https://github.com/openSUSE/cavil ? There is already a lot in place, but some part has to be done by a human. -- Frederic Crozat Release Manager SUSE Linux Enterprise SUSE
On Fri, 2019-11-29 at 13:23 +0000, Frederic Crozat wrote:
We could also form an "OSS review team" that might, for new packages, create a first assessment (e.g. based on fossology output) which would provide information for the legal team in a way that simplifies and speeds up their review work. Also, for new packages, we could require the packagers to provide a preliminary license assessment (e.g. list of licenses used, license texts if missing in source tree, etc.).
We can't replace the lawyers, but by streamlining the technical part of the assessments, we might be able help them with the legal part.
Of course, this would require efforts and take time which we can't spend on other things. But it might be worth it.
You mean, like this: https://github.com/openSUSE/cavil ?
There is already a lot in place, but some part has to be done by a human.
Wow, another hidden openSUSE gem :-) The tooling is there, then. I guess it would up to the legal team to state if, and what, support from the technical community would possibly help them. If there's nothing, the only remedy would be hiring more lawyers, I suppose. Martin
Hello on Friday evening! On Nov 29 13:50 Martin Wilck wrote (intentionally distorting too short excerpt):
the only remedy would be hiring more lawyers
and more managers "to rule them all" ;-) https://en.wikipedia.org/wiki/One_Ring Everything was better back then where a single piece was sufficient ;-) Kind Regards Johannes Meixner -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 - 90409 Nuernberg - Germany (HRB 36809, AG Nuernberg) GF: Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 2019-11-29 at 16:23 +0100, Johannes Meixner wrote:
Everything was better back then where a single piece was sufficient ;-)
Seems that these days, the easiest way to make money with FLOSS is to found a law firm that advises companies over copyleft "risk". Sad, but that's how it is. Martin
participants (5)
-
Axel Braun -
Frederic Crozat -
Johannes Meixner -
Martin Wilck -
Stephan Kulow