[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

Noah Slater <nslater@tumbolia.org> writes:

> Having said that, I am thinking that fully documenting the license of
> each file provides a handy way to ensure that developers are thoroughly
> checking the package for licensing problems.

Did you mean "copyright" here?  No one is disputing the need to document
the license of every file that goes into forming the contents of the
binary package.

I have a serious conceptual problem with requiring work in order to ensure
that people are doing some other piece of work that's only partly related.
The actual *requirement* here is that packages be audited for license
problems.  For me at least, copying and pasting copyright notices to
create a collective notice for packages that track separate copyright for
all contributors takes at least three times longer than just checking each
file for unexpected licensing.  I can more easily do the audit without
doing that work.

I'm really not enthused at the idea of having to do a bunch of copy and
paste work just to prove to someone that I've looked at every file.  It
feels like the sort of make-work assignment that I had to tolerate in
grade school.  One nice thing about being an adult is that I don't have to
put up with that sort of thing any more.  :)

> It is not inconceivable that we could add a lintian check which does
> some fuzzy guesswork to see if it can spot any probably missed files
> based on parsing the debian/copyright file. It could also prove handy to
> the FTP masters who wish to check the quality of work.

In all of the packages for which I've implemented the new copyright
format, which is more than a dozen now, I've always used a catch-all
stanza with the main package license.  I have a hard time imagining when I
ever *wouldn't* do that.  This means that such a Lintian check is going to
be pretty worthless in practice, unless I'm missing some approach that's
more than just making sure each file in the source tree has a matching
stanza in copyright.

> Sure thing. My point was that not checking every file seems like sloppy
> work to me, for a distribution that places such an emphasis on
> licensing, and can lead to many problems.  I have been the unfortunate
> victim of my own laziness in this regard, so at least I am speaking from
> guilty experience.

I'm finding it a bit frustrating that your wording here seems to treat
copying and pasting all the copyright files as if it's synonymous with
checking every file and seems to assume that people who don't do the
copying and pasting aren't checking every file.  They truly are not the
same thing.

> Regardless of format, caveat a machine readable format being available
> to lintian for some rudimentary checks, a requirement for developers to
> document the licensing checks in debian/copyright could (not would) go a
> long way towards preventing DFSG problems in future uploads.

We already *do* require that developers document the results of the
*license* audit.  I don't think anyone is disputing that (although it's
painfully tedious for large packages, and it would be really nice if the
people who are deeply concerned that Debian always do this would volunteer
to help the Iceweasel, Linux kernel, KDE, and X maintainers, among others,
with doing this work).

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: