Mailinglist Archive: opensuse-factory (649 mails)

< Previous Next >
Re: Aw: Re: [opensuse-factory] legal-auto on vacation?
What I'd be interested in is, as a developer of a project, how should I make
the legal team's life easier? I personally already review all of my
dependencies' licenses, and am quite familiar with free software licensing,
so it seems a waste for that energy to be duplicated for every update.

[ The project that I linked originally is one that I authored. ]

I was just asking coolo about this (and he reviewed it while I watched)

I didn't mean to prod you directly on this package, "everyone is on vacation" is a totally fine way of spelling "shoo". :P

As an aside, is it possible for the legal-auto bots to post a message if they decide that it needs manual legal review? Just to make it less confusing for someone like me that didn't know that legal-auto doesn't tell a submitter if a package needs manual review.

The main risks which our legal tooling is concerned about with umoci
seems to be a rather large proliferation of different licenses across
the package

Apache-2.0, CC-BY-SA, BSD-3-Clause, MIT, BSD-2-Clause are all clearly
referenced in files across the package, but only Apache-2.0 is cited
in the specfile

Would you prefer if I reference all of them in the spec-file? The CC-BY-SA stuff (which is what I assume the fuss would be about) is for documentation that isn't shipped in umoci (it's included automatically by the vendoring scripts I use).

But then, the thing is written in go, there's a ton of bundled magical
nonsense in there, I think that's the nature of the beast.. rewrite
the thing in a saner language with less bundled deps? ;) (I
jest...mostly)

The other option I was considering was Rust, and that makes the licensing situation several fold more complicated (not to mention that we still don't know how to package the damn thing). ;)

--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >