[Fedora-legal-list] New package license review proposal

[Jason L Tibbitts III]

I figured I'd start with this list and broaden to devel@ if people think
it's a good idea.

In doing (very) many package reviews, I've found one of the most
time-consuming things to be doing a proper license review.  Even
something simple with, say, an LGPLv2+ notice can get complicated when a
single GPLv2 file sneaks in.  It's complicated enough that I suspect in
many cases license review just isn't being done.  Plus the complexities
of licensing coupled with the complexities of our packaging guidelines
really poses a high barrier for anyone wanting to do proper license
reviews.

So I'm proposing that we separate the roles of the package reviewer from
the license reviewer, allowing someone who wants to concentrate on
licensing do participate in the review process without having to deal
with the complexities of the packaging guidelines (or even building the
software).  This isn't intended to preclude someone from taking a new
request and doing both packaging and licensing review, but simply to
allow folks to go through the existing reviews and indicate that they've
been checked for licensing issues so that someone could later go through
and review the packaging without having to struggle over the licensing.

I propose to handle this with a simple entry in the whiteboard and a
comment by the reviewer.  I can add a report under
http://fedoraproject.org/PackageReviewStatus listing tickets which need
license review, and am prepared to write a utility to facilitate things
as much as possible.  When a license question comes up, FE-Legal would
be blocked just as it is now.  (Apologies to spot.)  I would ask for
help from others to document the license review process as much as
possible.

I think in the end that with a dedicated team of folks doing license
checks, we can get the review process moving a bit quicker and cut down
on incidences of unwanted things leaking into the distro that have to be
cleaned up later.

 - J<