On 2/6/24 02:06, Miroslav Suchý wrote: Right, thanks for that. But the branch I posted has had some work unbundling a number of items. But mainly I was looking for confirmation that I do need to list all of the licenses of all of the third_party code. I think https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidel... could be clearer on this point. -- Orion Poplawski he/him/his - surely the least important thing about me IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion(a)nwra.com Boulder, CO 80301 https://www.nwra.com/

On 2/7/24 8:22 AM, Richard Fontana wrote: To be clear - this page was updated when we adopted SPDX identifiers and refers to the page that Richard mentions below for more details. but yes, we are due for a review/refresh of all the licensing documentation now that some time has passed. On Richard and my to-do list!

Hi, On Thu, 2024-02-08 at 10:43 +0100, Dominik 'Rathann' Mierzejewski wrote: Note that might both miss any sources embedded through build- dependencies and might have too many sources if you are using license tags for the binaries in each sub-packages since it bundles all sources for all binaries in all sub-packages. Using some elfutils tools you could get a more exact list using something like: $ dnf install <sub-package> $ dnf builddep <sub-package> $ dnf debuginfo-install <sub-package> $ for i in `rpm -ql <sub-package>`; \ do eu-elfclassify --elf --file $i; \ if [ $? -eq 0 ]; then eu-srcfiles --exec $i; fi; done | sort -u \ | xargs licensecheck --shortname-scheme spdx | cut -f2- -d: \ | sort -u | sed -z -e 's/\n / AND /g' (A newer, not yet released, version of eu-srcfiles should also be able to create a zip file of all the sources gotten through debuginfod.fedoraproject.org, so you don't need to install the builddep and debuginfo locally.) Cheers, Mark