https://bugzilla.redhat.com/show_bug.cgi?id=2246777 --- Comment #1 from Fedora Review Service <fedora-review-bot(a)fedoraproject.org&gt; --- Copr build: https://copr.fedorainfracloud.org/coprs/build/6577364 (failed) Build log: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-... Please make sure the package builds successfully at least for Fedora Rawhide. - If the build failed for unrelated reasons (e.g. temporary network unavailability), please ignore it. - If the build failed because of missing BuildRequires, please make sure they are listed in the "Depends On" field --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...

https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Ben Beasley <code(a)musicinmybrain.net&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |code(a)musicinmybrain.net --- Comment #3 from Ben Beasley <code(a)musicinmybrain.net&gt; --- At a glance: - Everything that remains after %prep is indeed MIT, as advertised. Everything in the original source archive appears to have a license that is allowable in Fedora, but: - The full license status of packages/python/plotly/plotly/package_data/plotly.min.js can’t be properly reviewed since it bundles and minifies dependencies without preserving their identities or license information. - There is a typo, %pypproject_check_import I know this has implications for python-plotly, but I am thinking we might not even be able to distribute plotly.min.js in source RPMs, let alone in binary RPMs, since it discards all the license information for its bundled dependencies, including mandatory license texts (e.g. for MIT and BSD family licenses). It contains a comment /*! For license information please see plotly.min.js.LICENSE.txt */, but no such file exists in the distribution. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...

https://bugzilla.redhat.com/show_bug.cgi?id=2246777 --- Comment #5 from Ben Beasley <code(a)musicinmybrain.net&gt; --- (In reply to Sandro from comment #4) It ships them in the source RPM. If something in the source archive violates packaging guidelines (like a precompiled executable), it’s enough to remove it in %prep. If there’s something that means we can’t redistribute a file from the source archive, we need to remove it before uploading to the lookaside cache so it doesn’t appear either in the lookaside cache or in the .src.rpm packages. The top-level LICENSE.txt is just the “overall” MIT license; it doesn’t have anything about the JavaScript dependencies. The others seem to pertain to the “Jupyter Extension for Plotly.py,” jupyterlab-plotly, https://github.com/plotly/plotly.py/tree/master/packages/javascript/jupyt.... They do have some information about bundled dependencies and their licenses, but they lack the required license texts, and I’m not sure if they are complete. In any case, they don’t cover the massive dependency tree of https://github.com/plotly/plotly.js/, which is where the plotly.min.js bundle seems to come from. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...

https://bugzilla.redhat.com/show_bug.cgi?id=2246777 --- Comment #7 from Ben Beasley <code(a)musicinmybrain.net&gt; --- (In reply to Sandro from comment #6) That sounds about right. For this package in isolation, if you wanted to use the GitHub archive in order get the tests, you could also add a comment above the Source (or add a script as an additional source) corresponding to the steps in %prep, then upload the result to dist-git for use as Source0. See, for example, https://src.fedoraproject.org/rpms/python-pybv/blob/45578ffeb0905a0b3d78a.... -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...

https://bugzilla.redhat.com/show_bug.cgi?id=2246777 --- Comment #9 from Ben Beasley <code(a)musicinmybrain.net&gt; --- (In reply to Sandro from comment #8) I guess it could be made explicit, but like the spec file itself, it’s MIT-licensed by default under the FPCA[1]. This is mentioned for spec files in [2]. [1] https://docs.fedoraproject.org/en-US/legal/fpca/ [2] https://docs.fedoraproject.org/en-US/legal/license-approval/#_allowed_lic... -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246777 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...