[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

On Thu, Mar 19, 2009 at 11:02:48PM -0700, Daniel Moerner wrote:
> On Thu, Mar 19, 2009 at 10:19 PM, Mike O'Connor <stew@debian.org> wrote:
> > To me, it seems like since one has to go through all of the source files
> > anyway, creating a list of copyright holders while you are doing it is a
> > trivial task.  I don't see why making this list takes any time at all
> > really.  Unless you are not actually looking at the code you upload,
> > which would worry me for other reasons as well.
> I agree. The thing that I like about creating packages with the
> wiki.d.o specification is that it forces you to actually examine the
> copyrights of all the parts of a new package, instead of just use a
> lazy link to /usr/share/common-licenses/foo. This is especially
> important for packages that have many different hidden scripts or
> architecture-independent libraries that might have different licenses.
> With the kind of copyright file generated by dh_make, it seems like
> new maintainers often ignore the risk of a package with a tainted,
> unredistributable license problem.
> In shorter words: I think something should be done about the copyright
> file to encourage developers to actually perform an audit of the
> license status of files in their packages before they upload. The
> current copyright template doesn't really encourage this; I like the
> machine-parseable system because it makes it easy to organize such an
> audit.

Try doing that on iceweasel or xulrunner. Hint: there are about 30000
files and a real lot of copyright holders.

It's already a PITA with webkit, which is about 3000 files and quite a
lot of copyright holders (the copyright file, which I'm pretty sure is
not accurate is 809 lines and growing at each new release).

On top of listing copyright holders, I must say listing the individual
files for each license in the copyright file is also a major PITA. While
wildcards can be used, a huge mix of license like webkit is makes it
really painful to update. OTOH, I really don't care what files are under
what licence. I *do* know that there is a mix of BSD-2, BSD-3 and LGPL
code, plus some extra libraries embedded, and that any addition to
webkit is licensed under BSD or LGPL because upstream does enforce that
(except, obviously, embedded libraries, but we already have to check if
any is added to avoid duplication and build against the system one
whenever possible)


Reply to: