Licenses at file level should match package license before accepting new package into main

Registered by Kate Stewart

The licenses at the file level inside a package do not always match the declared license of that package. Before a package is accepted into main, the licenses and copyrights should be reviewed and ensured compatible with the declared intention of the package license. New packages should not be accepted into main until this check is made. There are emerging open source tools that will do this sort of scanning discovery that can be used to reduce the manual effort.

Blueprint information

Status:
Started
Approver:
Robbie Williamson
Priority:
High
Drafter:
Kate Stewart
Direction:
Approved
Assignee:
Kate Stewart
Definition:
Approved
Series goal:
Accepted for natty
Implementation:
Started
Milestone target:
milestone icon ubuntu-11.04
Started by
Kate Stewart

Related branches

Sprints

Whiteboard

see spec for prior discussion.

Work Items:
[amanda-brock] Canonical Legal (Amanda) says she will get IS server resources: DONE
Setup FOSSology on server and document how to set one up for others: INPROGRESS
[kate.stewart] with knitzche to document how to use FOSSolgy to check source: TODO
[zack-debian ] Follow up on availability of Debian FOSSology server.: TODO
[zack-debian] Follow up with Lars/Martin on active participation in SPDX by Debian: DONE
[kate.stewart] join mail list and follow up with Lars on DEP-5 and SPDX technical disconnects that prevent interoperability: TODO
[kate.stewart] Package up ninka and make available: TODO
[knitzsche] Kyle to publish getlicense scripts, and instructions on how to use: TODO

(?)

Work Items