It's rather hard for packagers to find the matching legal review for
their OBS/IBS request. A comment with link should help make legal
information more widely accessible.
This API endpoint is currently accepting the GET and POST methods, but
the POST method will be deprecated soon. After looking at the logs from
build.opensuse.org, I noticed that the `licensedigger` user is heavily
relying on this endpoint with the POST method. Using the GET method is
also fine as noted by the W3C[1] in "URIs, Addressability, and the use
of HTTP GET and POST", under the section "5.2 Ephemeral Limitations":
> **URIs cannot be longer than 256 characters**
> This was a limitation in some server implementations, and while
servers continue to have limitations to prevent denial-of-service
attacks, they are generally at least 4000 characters, and they evolve as
the legitimate uses of application developers evolve.
According to the logs, all calls to the /search/request/id API endpoint
coming from this code, with the query string included, are well under
4000 characters long.
[1]: https://www.w3.org/2001/tag/doc/whenToUseGet-20030922#ephemeral
The query_sources function is only used for product scan, which is not
relevant for request review. Fixing it to improve performance on live
patch reviews.
The churn rate of openSUSE:Factory is too high for legal to catch up
these days, so we turn the default. Legal reviews for Factory are no longer
blocking, but if we need the same package for another project or
product, the lawyers had some time to look at it.
And if we find a package not acceptable, we'll delete it from Factory
later on. This may get painful, but the current legal situation is
painful too.
isc api /source/home:osalvador:branches:Devel:Kernel:SLE12-SP2-LTSS:Submit/?view=info
shows
<sourceinfo package="SLE-SERVER_12-SP2-LTSS_x86_64" rev="3" vrev="113" srcmd5="8b9a4eef8f161a41c96b89c7163091a9" lsrcmd5="55f550c22886d610c2e386c727f30817" verifymd5="66e022e70e6e94f85f494918960fc0cb">
<error>bad build configuration, no build type defined or detected</error>
<linked project="SUSE:Channels" package="SLE-SERVER_12-SP2-LTSS_x86_64"/>
</sourceinfo>
Distinct copyrights were left as I do not wish to track down commit
history to ensure it properly documents the copyright holders. Also left
non-GPLv2 licenses and left bs_copy untouched as a mirror from OBS.
Already have a mix of with and without headers and even OBS does not place
on majority of files. If SUSE lawyers have an issue it will come up in
legal review for Factory.
