Re: SPDX Statistics - Book Smugglers edition
Dne 21. 03. 24 v 19:47 kloc...@fedoraproject.org napsal(a): Those trivial substs probably would cover +90% of all packages in time in my estimation. See https://docs.google.com/spreadsheets/d/1QVMEzXWML-6_Mrlln02axFAaRKCQ8zE807rpCjus-8s/edit#gid=0 The "trivial" conversion is possible for 4996 license tags (you do not want to count packages, you need to count License tags). Out of 11k. That is 45%. For the remaining 55% you have to actually check the text of the license. Or use license scanner. Currently in Fedora is 23ish k packages so to review with greater care ~2.5k lets say 30-50/day as afk/warming-up task each day should take for single person top few weeks .. not years. And because it would be done by single person I'm sure that he/she will be improving that task during that applying better and better methodology ans sometimes tools. In that approach I'm 100% sure that quality of that review will far greater than with spreading that task to all possible maintainers. Issue only is that this can be done OLNY by proven packager because submission PRs/discussing/etc will eat order of magnitude more time to someone without such permission. Do I understand it correctly that you are willing to help? I will help you get the proven packager status and onboard you to current state and availale tooling. -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Book Smugglers edition
> On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko > > While I agree with some of what you're saying here, the problem is > that it is, in fact, *not trivial* in many cases. > Migrating the License tag from Callaway to SPDX identifiers is only > the "easy" part of the transition. > Re-reviewing package contents and re-classifying licenses is the > non-trivial part, and that definitely can't be scripted. Re-reviewing is another story/task. What I wrote was about substing obvious cases. Those trivial substs probably would cover +90% of all packages in time in my estimation. Currently in Fedora is 23ish k packages so to review with greater care ~2.5k lets say 30-50/day as afk/warming-up task each day should take for single person top few weeks .. not years. And because it would be done by single person I'm sure that he/she will be improving that task during that applying better and better methodology ans sometimes tools. In that approach I'm 100% sure that quality of that review will far greater than with spreading that task to all possible maintainers. Issue only is that this can be done OLNY by proven packager because submission PRs/discussing/etc will eat order of magnitude more time to someone without such permission. Licenses are changing all the time so always will be non-empty set of spec files with incorrect Licence: field(s) assignment. This is like with collecting mushrooms in the forest. Fist group collects "all what was possible to find" and went after all home with full buckets. Than second one after few days is doing the same .. and so on kloczek -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Book Smugglers edition
Dne 20. 03. 24 v 15:20 Fabio Valentini napsal(a): Migrating the License tag from Callaway to SPDX identifiers is only the "easy" part of the transition. Re-reviewing package contents and re-classifying licenses is the non-trivial part, and that definitely can't be scripted. *nod* 1) Trivial example: how would you convert "BSD" string? 2) During past few months I have seen lots of packages that changed their license to something else and only scancode reports revealed that to them. 3) Lots of license had long discussion if they should be allowed and how. E.g KDE uses LicenseRef-KDE-Accepted-LGPL which is valide SPDX id, but is not allowed in Fedora and you have to use "|LGPL-2.1-only OR LGPL-3.0-only"| |4) And you probably missed that every 14 days I include something like "5-10 new license were identified and added (to SPDX list and to fedora-license-data). For lots of months. That is huge work that AFAIK no one before ever done. Across whole IT world. | -- Miroslav Suchy, RHCA Red Hat, Manager, Packit and CPT, #brno, #fedora-buildsys -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Book Smugglers edition
On Wed, Mar 20, 2024 at 2:53 PM Tomasz Kłoczko wrote: > > On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý wrote: >> >> Hot news: >> >> The last phase has been announce >> https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will >> proceed when approved with FESCO. > > > I think that generally you are wasting your man/hours posting such statistics. > The same time could be used better by going with a few grep. sort, sed > oneliers to co update and align all packages License: fields and commit all > those changes across all per packages repos in a few minutes. > Some of the proven packagers with RW access to all packages repos can apply > necessary changes in a few tenths of minutes. > Subject of SPDX migrations are already IIRC active since July 2022 (soon it > will be two years anniversary). > All those changes should not be applied relying on each package maintainers > because that change is from Trival™️ class. While I agree with some of what you're saying here, the problem is that it is, in fact, *not trivial* in many cases. Migrating the License tag from Callaway to SPDX identifiers is only the "easy" part of the transition. Re-reviewing package contents and re-classifying licenses is the non-trivial part, and that definitely can't be scripted. Fabio -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SPDX Statistics - Book Smugglers edition
On Sat, 16 Mar 2024 at 10:03, Miroslav Suchý wrote: > Hot news: > The last phase has been announce > https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 and we will > proceed when approved with FESCO. > I think that generally you are wasting your man/hours posting such statistics. The same time could be used better by going with a few grep. sort, sed oneliers to co update and align all packages License: fields and commit all those changes across all per packages repos in a few minutes. Some of the proven packagers with RW access to all packages repos can apply necessary changes in a few tenths of minutes. Subject of SPDX migrations are already IIRC active since July 2022 (soon it will be two years anniversary). All those changes should not be applied relying on each package maintainers because that change is from Trival™️ class. kloczek -- Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH -- ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
