https://bugzilla.redhat.com/show_bug.cgi?id=2304820
Felix Schwarz <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|[email protected] |[email protected] Flags| |fedora-review? --- Comment #8 from Felix Schwarz <[email protected]> --- The package itself looks fine, the only problematic thing the license file (as indicated also above by Fedora review): > License file LICENSE is not marked as %license This is mostly a formal point but I think it would be good if you could raise the issue upstream so they can fix it for everyone. Relevant parts from the Fedora packaging guidelines: https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/#_license_text > If the source package does not include the text of the license(s), the > packager should contact upstream and encourage them to correct this mistake. > > In cases where the upstream has chosen a license that requires that a copy of > the license text be distributed along with the binaries and/or source code, > but does not provide a copy of the license text (in the source tree, or in > some rare cases, anywhere), the packager should do their best to point out > this confusion to upstream. From my point of view the ASL requires shipping the license text: > 4. Redistribution. You may reproduce and distribute copies of the > Work or Derivative Works thereof in any medium, with or without > modifications, and in Source or Object form, provided that You > meet the following conditions: > > (a) You must give any other recipients of the Work or > Derivative Works a copy of this License; and Can you please open an upstream issue for this? I believe the proper fix should look like this: setup( ... license_files = ('LICENSE',), ... ) If upstream does not provide a timely response, at least add a comment pointing to the upstream issue. Your approach of retrieving the license from the github repo seems to be covered by the guidelines: > However, in situations where upstream is unresponsive, unable, or unwilling > to provide proper full license text as part of the source code, and the > indicated license requires that the full license text be included, Fedora > Packagers must either: > - Include a copy of what they believe the license text is intended to be, as > part of the Fedora package in %license, in order to remain in compliance. > [...] Packagers who choose to do this should ensure that they have exhausted > all attempts to work with upstream to include the license text as part of the > source code, or at least, to confirm the full license text explicitly with > the upstream, as this minimizes the risk on the packager. Packagers may also > take copies of license texts from reliable and canonical sources (such as the > original license text from the license steward, Fedora licenses page, the FSF > licenses page, or the OSI license list), whenever possible. Currently you just use the latest version from the "main" branch (https://raw.githubusercontent.com/python/typeshed/main/LICENSE). Maybe it is safer to use the contents for a specific commit id? E.g. https://raw.githubusercontent.com/python/typeshed/a4e3cfefacbfa6d1b519b36fc67362cb3a199022/LICENSE Then you MUST ensure, the license file shows up in the final RPM. You can either add `license_files = ...` in %prep (my preferrence) or list it via %license in %files. Depending on the approach, I recommend that you use "-L" or "-l" for %pyproject_buildrequires (see https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_build_macros) Also I believe just using "%{pypi_source}" is deprecated. Please use "%{pypi_source types-colorama}". Other than that, the package looks good for approval. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2304820 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202304820%23c8 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
