[Fedora-legal-list] Determining minimum package review requirements relating to licenses

One of the various reasons for having package reviews is having a human verify that the packager's choice of License: tag is valid. The Packaging Committee is was faced with a request (https://pagure.io/packaging-committee/issue/1007) that has us questioning just how much license review is required. Are any of the following acceptable? 1) Trust the packager to do a license review, with no reviewer verification. 2) Trust the output of an automated tool which attempts to detect project licenses (such as askalono). 3) Trust the license tag from a project hosting service such as github? (I understand that the answer may depend on the hosting service.) Depending on what is acceptable, we may be able to reduce bureaucracy a bit. I know that back when I did package reviews, the license review was often the most difficult part. - J<