Noah Slater <nsla...@tumbolia.org> writes: > Having said that, I am thinking that fully documenting the license of > each file provides a handy way to ensure that developers are thoroughly > checking the package for licensing problems.
Did you mean "copyright" here? No one is disputing the need to document the license of every file that goes into forming the contents of the binary package. I have a serious conceptual problem with requiring work in order to ensure that people are doing some other piece of work that's only partly related. The actual *requirement* here is that packages be audited for license problems. For me at least, copying and pasting copyright notices to create a collective notice for packages that track separate copyright for all contributors takes at least three times longer than just checking each file for unexpected licensing. I can more easily do the audit without doing that work. I'm really not enthused at the idea of having to do a bunch of copy and paste work just to prove to someone that I've looked at every file. It feels like the sort of make-work assignment that I had to tolerate in grade school. One nice thing about being an adult is that I don't have to put up with that sort of thing any more. :) > It is not inconceivable that we could add a lintian check which does > some fuzzy guesswork to see if it can spot any probably missed files > based on parsing the debian/copyright file. It could also prove handy to > the FTP masters who wish to check the quality of work. In all of the packages for which I've implemented the new copyright format, which is more than a dozen now, I've always used a catch-all stanza with the main package license. I have a hard time imagining when I ever *wouldn't* do that. This means that such a Lintian check is going to be pretty worthless in practice, unless I'm missing some approach that's more than just making sure each file in the source tree has a matching stanza in copyright. > Sure thing. My point was that not checking every file seems like sloppy > work to me, for a distribution that places such an emphasis on > licensing, and can lead to many problems. I have been the unfortunate > victim of my own laziness in this regard, so at least I am speaking from > guilty experience. I'm finding it a bit frustrating that your wording here seems to treat copying and pasting all the copyright files as if it's synonymous with checking every file and seems to assume that people who don't do the copying and pasting aren't checking every file. They truly are not the same thing. > Regardless of format, caveat a machine readable format being available > to lintian for some rudimentary checks, a requirement for developers to > document the licensing checks in debian/copyright could (not would) go a > long way towards preventing DFSG problems in future uploads. We already *do* require that developers document the results of the *license* audit. I don't think anyone is disputing that (although it's painfully tedious for large packages, and it would be really nice if the people who are deeply concerned that Debian always do this would volunteer to help the Iceweasel, Linux kernel, KDE, and X maintainers, among others, with doing this work). -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
