I recall reading an article or email on LWN a few weeks ago concerning
a distribution's policy for re-auditing licenses for packages and I
wanted to determine what we should use as our policy. As it stands, we
obviously audit the license for each new package that goes into master -
but when should we re-audit the license of a package? I think a
reasonable suggestion would be on every feature update, since every
feature has the potential to bring in code with a different license. As
a caveat, maintainers should also be vigilant for notices of licensing
changes in the changelogs regardless of the type of release.
Any thoughts on this?
Max