Re: http:// vs. https:// in machine readable copyright file
Simon Kainz <simon@familiekainz.at> writes:
> Hello - minor issue for sure, but still :
> Following [0], i should put
> Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
> in my machine readable copyright file.
> Currently duck reports that the url specified is also available via
> https (which is true), so should i inform about this, or should i ignore
> this specific url in the copyright file, as it is defined as http in the
> Policy? Or should the policy be adjusted and the url be cahnged to
> https://
> Please share your thoughts about this.
This is a weird and minorly annoying issue, and I'm not sure what the best
resolution all around is.
The intent is that the Format header contain an arbitrary URI which
uniquely represents one semantic standard (in other words, typos will be
fixed without changing it, but any substantitively new standard will get a
different URI). Beyond that, it's not necessarily intended for use as a
URL; it's just a unique identifier for the file. This is common in the
XML world (see DTDs, for instance).
Given that, we were reluctant to change the identifier to https because
that's actually a new Format, even though nothing has changed. (We would
certainly switch to https for a 1.1 standard.)
However, the URI is *also* a valid URL that you can visit in a web
browser, and in that case it should be https for the same reason that all
URLs should be https.
Maybe we should just do the semantically "wrong" thing and suggest people
switch to using https even though that's not a "different" standard.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: