On Tue, Jan 28, 2020 at 2:39 PM Randy Barlow
<bowlofeggs(a)fedoraproject.org> wrote:
On Tue, 2020-01-28 at 09:03 +0000, Richard W.M. Jones wrote:
> If you want to go even further with this idea, then it could even be
> possible we allow packages into Fedora without any review. They
> would
> start in the outermost stream in a "there be dragons" repository that
> only the foolhardy would enable, but as their quality improved they
> would *automatically* migrate into the mainstream.
We would need to at least have license review. Though automation can
help with licensing, there are weird things sometimes that only a human
could detect, like this[0]:
https://github.com/szymach/c-pchart/issues/35
I do think we could automate a lot of the other elements of review
though, and I agree that it would be helpful.
Having a bot at least check for the obvious licence problems would
still be helpful, but a bot that approves a package license still needs
to be double checked by a human, in my opinion. The bot would be
helpful in catching negatives (no license, or unacceptable license,
etc.)
This is something that I'm working on trying to bring over from the
openSUSE community to Fedora. They've written a web app[1] that
actually does this and they wired it into the contribution processes
built into their build system so that they can get these done
reasonably well and have a good understanding of the license makeup of
their distribution of packages.
There's a few things left and I'm hoping to try to spin up a test
instance running on Fedora to see how it works.
[1]:
https://github.com/openSUSE/cavil
--
真実はいつも一つ!/ Always, there's only one truth!