Bug#829667: License headers
Quoting Sandro Mani (2016-07-05 23:22:25) > > > On 05.07.2016 21:35, Jonas Smedegaard wrote: > > > > Quite interesting - assuming you did in fact check the --help option. > > > > What does "licensecheck --version | head -n 1" say? > Never mind, I was using licensecheck from devscripts-2.16.5. So all > good, thanks for your responsiveness! No problem. Happy the mystery got solved :-) Please do not hesitate to report any other issues you stumble across, or suggestions for improvements. And good luck with your package! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#829667: License headers
On 05.07.2016 21:35, Jonas Smedegaard wrote: Quite interesting - assuming you did in fact check the --help option. What does "licensecheck --version | head -n 1" say? Never mind, I was using licensecheck from devscripts-2.16.5. So all good, thanks for your responsiveness!
Bug#829667: License headers
Quoting Sandro Mani (2016-07-05 15:14:35) > > > On 05.07.2016 15:09, Jonas Smedegaard wrote: > > Quoting Sandro Mani (2016-07-05 14:15:26) > >> On 05.07.2016 12:56, Jonas Smedegaard wrote: > >>> Thanks for elaborating on how Fedora uses licensecheck for quality > >>> assurance. I appreciate your contacting upstreams to ensure that > >>> licensing statements are unambiguous and embedded in each file > >>> where copyright is claimed. But instead of suggesting upstreams > >>> to conform to the more strict principle of putting licensing > >>> statements at the top of each file, I recommend that instead > >>> Fedora considers adjusting its quality assureance process to scan > >>> whole files instead of only the header. > >> Well, I suppose it is licensecheck itself which only scans the > >> headers? [...] > > If you do "licensecheck --help" you will see that there are options > > to either check the whole file (--lines 0) or bottom in addition to > > top (--tail N). > > > > I recommend to scan the whole file. > > > Hmm, > > $ licensecheck -r --lines 0 App-Licensecheck-v3.0.1 > App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN > App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN > [...] Quite interesting - assuming you did in fact check the --help option. What does "licensecheck --version | head -n 1" say? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#829667: License headers
On 05.07.2016 15:09, Jonas Smedegaard wrote: Quoting Sandro Mani (2016-07-05 14:15:26) On 05.07.2016 12:56, Jonas Smedegaard wrote: Thanks for elaborating on how Fedora uses licensecheck for quality assurance. I appreciate your contacting upstreams to ensure that licensing statements are unambiguous and embedded in each file where copyright is claimed. But instead of suggesting upstreams to conform to the more strict principle of putting licensing statements at the top of each file, I recommend that instead Fedora considers adjusting its quality assureance process to scan whole files instead of only the header. Well, I suppose it is licensecheck itself which only scans the headers? It is not a Fedora policy of any sort to only scan the headers of the files, but we are actually relying on the licensecheck script to detect the license of the various files in the source tarball. And in this particular case: $ licensecheck App-Licensecheck-v3.0.1/bin/licensecheck App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN (But I don't want to be annyoing or anything, just following our guidelines ;) ) You are not annoying, not at all! If you do "licensecheck --help" you will see that there are options to either check the whole file (--lines 0) or bottom in addition to top (--tail N). I recommend to scan the whole file. Hmm, $ licensecheck -r --lines 0 App-Licensecheck-v3.0.1 App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN [...]
Bug#829667: License headers
On 05.07.2016 12:56, Jonas Smedegaard wrote: Quoting Sandro Mani (2016-07-05 11:43:22) Hi Jonathan My name is Jonas (but not offended at all - not to worry :-) ) Uh, no idea how I managed this confusion?! Sorry! For reviews, we have a tool (fedora-review) which runs licensecheck recursively in the source tree. Fedora-review then prints out the detected licenses in the license headers of the files and the reviewer/packager is asked to compare these licenses with the actual license declared by the project resp. in the package metadata (i.e. the spec file). So I suppose that typically people expect that each source file contains a license header (from my point of view this also makes sense if individual files are reused outside of the project). But it is not a review-blocking issue, our guidelines simply ask us to raise the issue upstream. I disagree with your statement that "people expect that each source file contains a license header". Im my understanding, people (in the FLOSS community at large) expect license statements to be explicit and included with the released project (rather than abbreviated or rerefenced from an online resource), and preferrably embedded in each source file. CPAN projects generally, and the App::Licensecheck project specifically, embeds licensing statements in each source file, just not at the top which you seem to impose as a general expectation. Thanks for elaborating on how Fedora uses licensecheck for quality assurance. I appreciate your contacting upstreams to ensure that licensing statements are unambiguous and embedded in each file where copyright is claimed. But instead of suggesting upstreams to conform to the more strict principle of putting licensing statements at the top of each file, I recommend that instead Fedora considers adjusting its quality assureance process to scan whole files instead of only the header. Well, I suppose it is licensecheck itself which only scans the headers? It is not a Fedora policy of any sort to only scan the headers of the files, but we are actually relying on the licensecheck script to detect the license of the various files in the source tarball. And in this particular case: $ licensecheck App-Licensecheck-v3.0.1/bin/licensecheck App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm App-Licensecheck-v3.0.1/bin/licensecheck: UNKNOWN App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm: UNKNOWN (But I don't want to be annyoing or anything, just following our guidelines ;) )
Bug#829667: License headers
Quoting Sandro Mani (2016-07-05 11:43:22) > Hi Jonathan My name is Jonas (but not offended at all - not to worry :-) ) > For reviews, we have a tool (fedora-review) which runs licensecheck > recursively in the source tree. Fedora-review then prints out the > detected licenses in the license headers of the files and the > reviewer/packager is asked to compare these licenses with the actual > license declared by the project resp. in the package metadata (i.e. > the spec file). > > So I suppose that typically people expect that each source file > contains a license header (from my point of view this also makes sense > if individual files are reused outside of the project). But it is not > a review-blocking issue, our guidelines simply ask us to raise the > issue upstream. I disagree with your statement that "people expect that each source file contains a license header". Im my understanding, people (in the FLOSS community at large) expect license statements to be explicit and included with the released project (rather than abbreviated or rerefenced from an online resource), and preferrably embedded in each source file. CPAN projects generally, and the App::Licensecheck project specifically, embeds licensing statements in each source file, just not at the top which you seem to impose as a general expectation. Thanks for elaborating on how Fedora uses licensecheck for quality assurance. I appreciate your contacting upstreams to ensure that licensing statements are unambiguous and embedded in each file where copyright is claimed. But instead of suggesting upstreams to conform to the more strict principle of putting licensing statements at the top of each file, I recommend that instead Fedora considers adjusting its quality assureance process to scan whole files instead of only the header. If your point is a different one than I reflect on here, then please do elaborate. Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#829667: License headers
Hi Jonathan For reviews, we have a tool (fedora-review) which runs licensecheck recursively in the source tree. Fedora-review then prints out the detected licenses in the license headers of the files and the reviewer/packager is asked to compare these licenses with the actual license declared by the project resp. in the package metadata (i.e. the spec file). So I suppose that typically people expect that each source file contains a license header (from my point of view this also makes sense if individual files are reused outside of the project). But it is not a review-blocking issue, our guidelines simply ask us to raise the issue upstream. Thanks Sandro On 05.07.2016 11:40, Jonas Smedegaard wrote: Hi Sandro, Thanks for the bugreport, and thanks a lot for packaging licensecheck for Fedora - moving it to CPAN was done *exactly* to ease redistribution also outside of Debian :-D Comments below the quote... Quoting Sandro Mani (2016-07-05 09:24:31) Package: licensecheck Version: 3.0.1 The following issue was raised during review of the Fedora package [1]: These source files are without license headers: App-Licensecheck-v3.0.1/bin/licensecheck App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm Please, ask to upstream to confirm the licensing of code and/or content/s, and ask to add license headers https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Clarification COPYRIGHT states clearly that bin/licensecheck and lib/App/Licensecheck.pm are GPL-3.0, but it would not harm to add license headers also? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1352667#c5 The issue you raise here puzzles me, however: What licensing information more specifically do you (or others in Fedora) believe is missing from those three files? Is it perhaps that you/they feel that licensing statements in a _header_ comment are somehow superior to statements embedded in POD (commonly placed near the bottom for Perl modules)? NB! Please beware that license scanners - both licensecheck and (it seems, but I am only guessing) rpmlint - can be only advisory, and if in doubt you should read the actual code yourself. Regards, - Jonas
Bug#829667: License headers
Hi Sandro, Thanks for the bugreport, and thanks a lot for packaging licensecheck for Fedora - moving it to CPAN was done *exactly* to ease redistribution also outside of Debian :-D Comments below the quote... Quoting Sandro Mani (2016-07-05 09:24:31) > Package: licensecheck > Version: 3.0.1 > > The following issue was raised during review of the Fedora package [1]: > > These source files are without license headers: > App-Licensecheck-v3.0.1/bin/licensecheck > App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm > Please, ask to upstream to confirm the > licensing of code and/or content/s, and ask to add license headers > > https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Clarification > > > COPYRIGHT states clearly that bin/licensecheck and lib/App/Licensecheck.pm > are GPL-3.0, but it would not harm to add license headers also? > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1352667#c5 The issue you raise here puzzles me, however: What licensing information more specifically do you (or others in Fedora) believe is missing from those three files? Is it perhaps that you/they feel that licensing statements in a _header_ comment are somehow superior to statements embedded in POD (commonly placed near the bottom for Perl modules)? NB! Please beware that license scanners - both licensecheck and (it seems, but I am only guessing) rpmlint - can be only advisory, and if in doubt you should read the actual code yourself. Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#829667: License headers
Package: licensecheck Version: 3.0.1 The following issue was raised during review of the Fedora package [1]: These source files are without license headers: App-Licensecheck-v3.0.1/bin/licensecheck App-Licensecheck-v3.0.1/lib/App/Licensecheck.pm Please, ask to upstream to confirm the licensing of code and/or content/s, and ask to add license headers https://fedoraproject.org/wiki/Packaging:LicensingGuidelines?rd=Packaging/LicensingGuidelines#License_Clarification COPYRIGHT states clearly that bin/licensecheck and lib/App/Licensecheck.pm are GPL-3.0, but it would not harm to add license headers also? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1352667#c5