On Thu, Dec 26, 2019 at 04:30:58PM +0100, Thorsten Alteholz wrote: > > > On Thu, 26 Dec 2019, Roberto C. Sánchez wrote: > > So, what does the FTP team consider that we, as the wider community > > of Debian Developers, can do to help? > > What about being more careful when creating the debian/copyright for a > package? > I know it is boring, but writing a REJECT-mail is not much fun as well. > Seeing a copy&paste error once is ok, but seeing that in a bunch of > packages, makes me wonder. > Don't neglect fonts, pictures, sound files. > I agree that this is a terribly boring thing to do when packaging new software. I cannot imagine how much more boring it would be for the person performing the verification on the FTP team.
> When there is a REJECT and the maintainer used a tool like licensecheck, > file a bug and let the tools become better. One interesting thing about this is that I have often wondered if it would be beneficial to have checks on debian/copyright during the life of a package. Checking only once when a package first enters the Debian archive seems to leave open the rather likely possibility that some change in a future upstream release changes or adds some component license that should be documented in debian/copyright. I try to be diligent in this regard and even at times have found that I overlook things. In any event, a tool that can scan a source tree and produce a base debian/copyright file that I as a maintianer could edit would be a marvelous thing. Would be possible to make the licensecheck tool dual use in that way? The FTP team could use it when validating and developers could use it for creating the initial debian/copyright. Then it might also serve as the basis for a lintian check (when the quality is sufficiently high), or some other process whereby ongoing checks of debian/copyright could be performed. > (I tested some commercial tools a while ago and they were extremely bad in > detecting correct licenses.) > > Make the machine-readable copyright file mandatory. > It is much easier to "parse" than just a bunch of copyright information. > Yes. Regards, -Roberto -- Roberto C. Sánchez
