Dne 09. 11. 22 v 17:00 Fabio Valentini napsal(a):
On Wed, Nov 9, 2022 at 2:52 PM Miroslav Suchý <msu...@redhat.com> wrote:
Dne 09. 11. 22 v 13:58 Neal Gompa napsal(a):
What do we do if the SPDX tag is the same as the existing license
tag (eg ISC) though? Do we just add a dummy change/commit entry that
mentions SPDX to confirm we've reviewed it?
Don't bother. Eventually, we'll re-process all spec files and identify
what to do next anyway.
Actually... if you add there the dummy changelog entry, it makes my work easier.
Which data source are you using to check changelog contents?
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-spec-changelog.sh
https://pagure.io/copr/license-validate/blob/main/f/print-spec-changelog.py
For packages that use rpmautospec, you'll need to check changelog
contents in the SRPM, not the unprocessed spec file.
And if you're querying changelogs from RPMs or SRPMs, adding a dummy
changelog entry also won't do anything unless a new build is done in
either case.
Yes. Because I do not open the spec file in dist-git checkout then the %changelog is empty, but next script checks
dist-git log
https://pagure.io/copr/license-validate/blob/main/f/packages-without-spdx-in-distgit-changelog.sh
which is the source for %autochangelog The result is the same at the end.
Also note that for Rust packages, conversion to SPDX has been an
ongoing process since rust2rpm made SPDX expressions the default with
version 22, and the conversion itself was usually just a side product
of updating packages to a newer version, and in these cases, the
changelog doesn't mention SPDX at all.
If you want to include Rust packages which have switched to SPDX in
your analysis, you can grep spec files for the string "# Generated by
rust2rpm 22" or "# Generated by rust2rpm 23" (since spec files
generated by rust2rpm v22+ use SPDX).
Good idea. On the other hand, even when you are using SPDX identifier it does not mean that it is approved in
fedora-license-data.
I validated all licenses in rust-* packages and 1003 packages out of 2000 packages do not validate. The list of rust
packages with invalid license is here:
https://pagure.io/copr/license-validate/blob/main/f/rust-notvalid.txt
I checked just few of them and it seems that they been generated by older
rust2rpm. I will appreciate if you can check them.
Miroslav
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
