On Sun, Aug 28, 2011 at 12:24:55AM +0100, Ximin Luo wrote: > You missed my point. Verbatim text in copyright may be mechanically > extractable, but not easily verifiable. It's hard in the general case to > verify that a license block called "MPL" actually contains the full > correct MPL text, both for machines and humans.
First, this is only hard for humans, not hard for machines; it's *trivial* to convert a block of license text into a case-insensitive, whitespace-smashing normalized form for comparison. And any DEP5 parser is going to strip out the ' .' lines as well. Second, an important feature of the DEP5 format is the use of standard keywords for common licenses. If you have a DEP5 debian/copyright where you declare it's under the MPL, and the text of the license is not the MPL, *that's a bug*, and one that can be reliably and automatically detected by software. No software does this today, because no one has taken the time to write it yet, but it's a problem that can be solved by writing the code once. In the meantime, *users* can reasonably assume that if the package declares the code to be under 'License: MPL-1.1', this is the license that applies, without any need for long, by-hand comparison of license texts. > To re-quote myself - one might see that a package points to MPL.txt [or a > license paragraph with the MPL header], then assume it's the MPL, but then > <strong>why have that file [or text] there in the first place, if you're not > going to read all of it</strong>? Because not everyone who cares to know what rights they have to the software knows what the MPL is (or has its terms memorized) in the first place! -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
