[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

Mike Hommey wrote:
On Thu, Mar 19, 2009 at 11:02:48PM -0700, Daniel Moerner wrote:
On Thu, Mar 19, 2009 at 10:19 PM, Mike O'Connor <stew@debian.org> wrote:
To me, it seems like since one has to go through all of the source files
anyway, creating a list of copyright holders while you are doing it is a
trivial task.  I don't see why making this list takes any time at all
really.  Unless you are not actually looking at the code you upload,
which would worry me for other reasons as well.
I agree. The thing that I like about creating packages with the
wiki.d.o specification is that it forces you to actually examine the
copyrights of all the parts of a new package, instead of just use a
lazy link to /usr/share/common-licenses/foo. This is especially
important for packages that have many different hidden scripts or
architecture-independent libraries that might have different licenses.
With the kind of copyright file generated by dh_make, it seems like
new maintainers often ignore the risk of a package with a tainted,
unredistributable license problem.

In shorter words: I think something should be done about the copyright
file to encourage developers to actually perform an audit of the
license status of files in their packages before they upload. The
current copyright template doesn't really encourage this; I like the
machine-parseable system because it makes it easy to organize such an

Try doing that on iceweasel or xulrunner. Hint: there are about 30000
files and a real lot of copyright holders.

It's already a PITA with webkit, which is about 3000 files and quite a
lot of copyright holders (the copyright file, which I'm pretty sure is
not accurate is 809 lines and growing at each new release).

On top of listing copyright holders, I must say listing the individual
files for each license in the copyright file is also a major PITA.

Given that copyrights are usually in a standard format, such as

  Copyright (\([cC]\)|©) Year[-Year] Name Email

It shouldn't be too hard to write a tool to scan the whole source tree and spit out a completely generated summary of copyright holders. If this could be added to an existing tool, such as licensecheck, this would save everyone from reimplementing it in their package (I was considering doing this).

Of course, this does depend on the files being completely up-to-date, otherwise this is useless. As an upstream, I would say that while I do make an effort to keep these up to date, not every contributor does an so information will be missing. This is ultimately all stored in the git commits, so trawling though the repo might be needed to actually make an accurate header in each file.


Reply to: