On Fri, 2019-11-29 at 13:23 +0000, Frederic Crozat wrote:
We could also form an "OSS review team" that might, for new packages, create a first assessment (e.g. based on fossology output) which would provide information for the legal team in a way that simplifies and speeds up their review work. Also, for new packages, we could require the packagers to provide a preliminary license assessment (e.g. list of licenses used, license texts if missing in source tree, etc.).
We can't replace the lawyers, but by streamlining the technical part of the assessments, we might be able help them with the legal part.
Of course, this would require efforts and take time which we can't spend on other things. But it might be worth it.
You mean, like this: https://github.com/openSUSE/cavil ?
There is already a lot in place, but some part has to be done by a human.
Wow, another hidden openSUSE gem :-) The tooling is there, then. I guess it would up to the legal team to state if, and what, support from the technical community would possibly help them. If there's nothing, the only remedy would be hiring more lawyers, I suppose. Martin