On 09/07/18 10:10, Max Rees wrote:
I recall reading an article or email on LWN a few weeks ago
a distribution's policy for re-auditing licenses for packages and I
wanted to determine what we should use as our policy. As it stands, we
obviously audit the license for each new package that goes into master -
but when should we re-audit the license of a package? I think a
reasonable suggestion would be on every feature update, since every
feature has the potential to bring in code with a different license. As
a caveat, maintainers should also be vigilant for notices of licensing
changes in the changelogs regardless of the type of release.
Any thoughts on this?
Re-auditing on every bump is going to be too much hassle, but keep an
eye on the changelogs for every bump.
Re-auditing on every *feature* bump / major release seems like a good idea.
A. Wilcox (awilfox)
Project Lead, Adélie Linux