Mailinglist Archive: opensuse-factory (649 mails)

< Previous Next >
Re: Aw: Re: [opensuse-factory] legal-auto on vacation?
  • From: Richard Brown <RBrownCCB@xxxxxxxxxxxx>
  • Date: Mon, 7 Aug 2017 15:26:02 +0200
  • Message-id: <>
On 7 August 2017 at 15:24, Richard Brown <RBrownCCB@xxxxxxxxxxxx> wrote:
On 7 August 2017 at 14:29, Aleksa Sarai <asarai@xxxxxxx> wrote:
But my original point still stands, what is a submitter meant to do if
submission is stuck on legal-auto? Twiddle my thumbs? Ping someone
legal? Create a new request that supercedes the old one to retrigger
bot? If "the bot is fine", does that mean there was some issue with my
SR? If so, how do I find out said issue?

There is some issue with your SR that requires manual review by
And indeed those have vacations too.

This should not apply to existing packages that just get updated, no?

If you wonder how it works, check my talk on osc17:

tl;dw: updates now also get some legal scrutiny.

What I'd be interested in is, as a developer of a project, how should I make
the legal team's life easier? I personally already review all of my
dependencies' licenses, and am quite familiar with free software licensing,
so it seems a waste for that energy to be duplicated for every update.

[ The project that I linked originally is one that I authored. ]

I was just asking coolo about this (and he reviewed it while I watched)

The main risks which our legal tooling is concerned about with umoci
seems to be a rather large proliferation of different licenses across
the package

Apache-2.0, CC-BY-SA, BSD-3-Clause, MIT, BSD-2-Clause are all clearly
referenced in files across the package, but only Apache-2.0 is cited
in the specfile

Such things are not trivial to review when our legal team need to make
sure everything in the package is compatible with each other

But then, the thing is written in go, there's a ton of bundled magical
nonsense in there, I think that's the nature of the beast.. rewrite
the thing in a saner language with less bundled deps? ;) (I

Generally speaking though, I'm concerned about the length it takes
openSUSE packages to pass legal review and I will be formally
discussing it within SUSE, first with our legal team and then with
higher management.

As lots of the above are on vacation for summer, no one should expect
fast movement here, but you can all trust that I will do everything I
can to help get the pressures eased here.
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >