Re: Sponsorship requirements and copyright files

[Romain Beauxis <toots@rastageeks.org>]

Le Friday 20 March 2009 14:18:22 Mike Hommey, vous avez écrit :
> > This idea of a public reviewing page for NEWly uploaded packages really
> > looked appealing to me.
>
> On the other hand, when you look at projets such as Mozilla or Webkit,
> there are people already doing that upstream, or ensuring things are done
> properly at commit time. Why should we duplicate that effort, especially
> considering how much work it represents for teams that are already
> undermanned.

I don't mean duplicate work.

To me, the essence of copyright reviewing remains in the level of trust that 
you put in the guys that did the job. If you think your upstream is doing 
this seriously, then it could be fine.

But, more generaly, when dealing with trust, the only suitable way to pretend 
that you are seriously adressing an issue is to have a process which is 
openly reviewable. You do not pretend that each interested collaborator is 
going review it any time, but you publicaly challenge anyone to check your 
work.

At least that is how I understand "we will not hide our issues".

Why shouldn't this work also for copyright reviewing in debian packages ? If 
you think of it, when people commit a patch to a project, it is acked by some 
guys and then considered as reviewed. That is also how it works in my work 
(research) when we publish papers.

Why couldn't it exists a public page for reviewing copyright, for which 
interested developpers could send a signed ACK claiming they have reviewed 
the copyright file and that it is ok for them (or not...), including the 
ftpmasters themselves.

This could of course be mitigated by some degree of trust, like considering 
that ftpmasters are more reliable in checking details for a particular 
uncommon license. 

But for the vast majority of packages, this would be sufficent to decide on 
the acceptation or not of a NEW package.


Romain