Package: debian-policy
Version: 3.9.8.0
Severity: normal
Debian has been switching all project URLs to use https, and the Format
URI for the current copyright-format document is actually a redirect.
Various tools that check either that URLs are canonical or that URLs use
https where possible complain about the default Format URI in the current
1.0 standard.
We probably should just make a 1.1 standard with various other proposed
fixes, but in the meantime, I propose the attached patch as a stopgap
for the next release. This just documents that either URI is valid and
both refer to the same format.
It's not strictly correct to do this as a revision of the 1.0 standard,
but since it's backwards-compatible, I don't think it should pose any
practical problems.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
debian-policy depends on no packages.
debian-policy recommends no packages.
Versions of packages debian-policy suggests:
pn doc-base <none>
-- no debconf information
diff --git a/copyright-format/copyright-format-1.0.xml
b/copyright-format/copyright-format-1.0.xml
index 8b72e10..d9a7081 100644
--- a/copyright-format/copyright-format-1.0.xml
+++ b/copyright-format/copyright-format-1.0.xml
@@ -260,7 +260,7 @@
<section id="example-header-paragraph">
<title>Example header paragraph</title>
-<programlisting>Format:
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+<programlisting>Format:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: SOFTware
Upstream-Contact: John Doe <john....@example.com>
Source: http://www.example.com/software/project</programlisting>
@@ -414,7 +414,16 @@ License: MPL-1.1
<para>
Single-line: URI of the format specification. The field that
should be used for the current version of this document is:
+<programlisting>Format:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/</programlisting>
+ </para>
+ <para>
+ The original version of this specification used the non-https
+ version of this URL as its URI, namely:
<programlisting>Format:
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/</programlisting>
+ Both versions are valid and refer to the same specification, and
+ parsers should interpret both as referencing the same format. The
+ https URI is preferred due to Debian's general move towards using
+ https for all project URLs.
</para>
</section>
