Closed msmeissn closed 1 year ago
The spec file analysis has always been merely advisory in Cavil. Automatic rejection would not work, since we do have cases that intentionally don't contain spec files, spec files with a different name than the package, or that do contain metadata in a format that we cannot yet parse (like what used to be the case for dockerfiles).
Not long ago, for example, we've had cloud foundry related legal review requests that were merely submitted as raw tarballs without any package metadata. The really unfortunate part here is that we've chosen Error-
as naming prefix for such reports, it should really have been Unknown-
, since it only means that we could not extract an expected primary license from package metadata.
If you want to see some examples for recent cases you can search https://legaldb.suse.de/reviews/recent for Error
. One of the first problematic ones would be 000package-groups
.
hmm, seems hard to solve. lets close again
we have occasionaly the case where users submit packages with unintended suffix, like:
5 ibs#289721 a month ago qt6-base.SUSE_SLE-15-SP4_GA Error-9:Z9pY
These "spec file not found" cases should probably lead to a decline, or at least some more attention?