Potentially this should be done by rpminspect. It already has a license module, but that focuses on checking the source package's License tag, it does not currently do anything (AFAICS on a quick scan, anyway) to check that each binary package includes license files or depends on a package that does.

@dcantrell wdyt? Is this something you've looked at at all?

Entirely reasonable, with some boundaries. I would not say rpminspect is a tool that could read or interpret license files. No tool really does that well. But the license inspection could be expanded to, say:

• Check that the spec file includes at least one %license file.
• Check the built packages for the inclusion of the files named in %license

That is on top of validating the License tag value as an SPDX expression compliant with our curated list of accepted licenses in fedora-license-data.

I think it's acceptable for a binary package not to carry the license files itself if it depends on another package that has the license files, e.g. if 'foo-core' has the license files and 'foo-extras' requires 'foo-core', 'foo-extras' doesn't also have to include the license files. See the guidelines. So we need to allow for that case.

That is doable as well. I guess I meant to say "ensure" all %license files in the spec file are accounted for in the built subpackages of this SRPM".

If this is something you'd like to see in rpminspect, please file an RFE over on the project's github page. I have not moved rpminspect over to codeberg yet, but that's coming once I am on PTO.

I've filed one.

This issue has been migrated to Fedora Forge:
https://forge.fedoraproject.org/quality/tickets/issues/856

Please continue any further discussion there.