17 Feb
2017
17 Feb
'17
11:49
On Thu, 2017-02-16 at 11:23 +0100, Peter Simons wrote:
It would be great of a tool could detect those cases, i.e. by scanning all distributed files for well-known license texts in order to *guess* a SPDX identifier. Now, whenever that guess is different from the one declared in the spec file, that should raise a red flag (maybe in the form of a comment on the submit request). It would be particularly nice to have such a tool were available for packagers to run locally before they even submit the request.
I generally use 'licensecheck' (from the 'devscripts' package) to help me get someinformation of what I might all find.. this has worked out reasonably well for me so far. Cheers Dominique