On Mon, 15 Aug 2016 at 18:17:52 +0200, Stefano Zacchiroli wrote: > The problem we're having here is clearly about *tooling*. If we had a > good toolchain to compile and audit machine-readable debian/copyright > files without sweating, nobody would complain.
I have three slightly devil's-advocate responses to that: * If we had a good toolchain to compile and audit this stuff, people and companies who want to know the copyright holders could just use that to inspect the upstream source code and cut out the middle-man. * Our copyright files are only correct inasmuch as upstream's copyright attribution is correct. I would guess that a large majority of patch submitters, even implementors of somewhat major features that are certainly copyrightable, don't actually add a copyright notice to the files they touched. I certainly don't do that 100% consistently for my own contributions; I'm careful to preserve *other people's* copyright notices and license grants if I incorporate someone else's code into a project, but I think I can confidently say that not all upstreams are even that conscientious. * I will continue to complain as long as my "source" packages are expected to contain 87kB monsters like <https://sources.debian.net/src/adwaita-icon-theme/3.20-3/debian/copyright/>, which is fairly clearly not anyone's preferred form for modification, and if we're being honest probably not really anyone's preferred form for consumption either. (That file is actually generated, by the slightly less offensive 11kB <https://sources.debian.net/src/adwaita-icon-theme/3.20-3/debian/copyright.pl/>, because I really didn't want to insert the CC licenses by hand; but Policy and ftp-master practice require the generated file to be part of the source upload. See also <https://bugs.debian.org/768292>.) Regards, S
