Jonas Smedegaard <d...@jones.dk> writes: > Quoting Stephan Lachnit (2022-02-08 16:02:20)
>> I would like to request to take the next available DEP number (17 as of >> today). It is about using the SPDX specification as an alternative to >> the machine-readable debian/copyright (previously DEP-5). An initial >> discussion was started on debian-devel [1], and since there have been >> no large objections I would like to formalize it. > Sorry that I initially missed it - I have now shared my objection to the > idea at that thread: > https://lists.debian.org/164433477648.2636895.16922257999934052...@auryn.jones.dk The point, as I understand it, of the SPDX specification is to be even more machine-readable, which implies to me that we could generate the current debian/copyright format from it, and possibly vice versa. I think the best way to move forward with compatibility with SPDX may be to improve our side so that we can consume that format and capture all of the same information (think JSON and YAML interoperability), which would allow us to use tools from their ecosystem while still producing the same output files that people are used to today. This is a hindsight is 20/20 sort of thing, and I was among the people who resisted doing the right thing at the time (mea culpa), but we kind of shot ourselves in the foot with the current debian/copyright format. No one uses our RFC-2822-style thing except us, and no one has tools for it, so people are understandably quite reluctant to adopt it. In hindsight, it really should have been (a restricted subset of) YAML or something else that everyone else knows how to use; if it had been, I'm not sure we'd be in a situation where the rest of the industry is going in a different direction. But that's where we're at, and I think we're at significant risk of ending up in a dead end and thus not being able to take advantage of a ton of licensing work that's being done upstream but is in a format that we don't use, requiring us to tediously recreate that work instead. My goal in this discussion is to avoid that. I don't really care that much about what the canonical output format is because, if done properly, I think we should be able to generate multiple output formats from the same data with minimum effort. My hope is that we can reuse standard data in a format that upstreams will start supplying, thus reducing the amount of Debian-specific work we need to do. To make that concrete, I want to ship structured copyright and license information with all of my upstream packages. I'm currently doing that in Debian's format, but Debian's format is not useful to anyone other than Debian. I plan on switching to SPDX or REUSE or something similar because then someone else has a hope of being able to consume that data. The thought of then having to do additional work when packaging to cater to Debian is very unappealing; I want to be able to fully automate generating the debian/copyright file from the data that I'm already maintaining upstream. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
