[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

On Sun, Mar 22, 2009 at 12:29:37PM -0700, Russ Allbery wrote:
> Noah Slater <nslater@tumbolia.org> writes:
>
> > Having said that, I am thinking that fully documenting the license of
> > each file provides a handy way to ensure that developers are thoroughly
> > checking the package for licensing problems.
>
> Did you mean "copyright" here?  No one is disputing the need to document
> the license of every file that goes into forming the contents of the
> binary package.

No, I meant license.

It seems people ARE disputing that licenses be fully documented.

> I have a serious conceptual problem with requiring work in order to ensure
> that people are doing some other piece of work that's only partly related.
> The actual *requirement* here is that packages be audited for license
> problems.  For me at least, copying and pasting copyright notices to
> create a collective notice for packages that track separate copyright for
> all contributors takes at least three times longer than just checking each
> file for unexpected licensing.  I can more easily do the audit without
> doing that work.

I have already made it explicit that I was not talking about copyright holders.

> I'm really not enthused at the idea of having to do a bunch of copy and
> paste work just to prove to someone that I've looked at every file.  It
> feels like the sort of make-work assignment that I had to tolerate in
> grade school.  One nice thing about being an adult is that I don't have to
> put up with that sort of thing any more.  :)

In the context of documenting licenses, it's more for our own sake than anything
else. Like unit tests for code to make sure everything is in order. This would
be more clear if we had developed lintian checks already.

> In all of the packages for which I've implemented the new copyright
> format, which is more than a dozen now, I've always used a catch-all
> stanza with the main package license.  I have a hard time imagining when I
> ever *wouldn't* do that.  This means that such a Lintian check is going to
> be pretty worthless in practice, unless I'm missing some approach that's
> more than just making sure each file in the source tree has a matching
> stanza in copyright.

Me too.

Perhaps there is a way of catching boilerplate patterns and checking to see if
they are matched in debian/copyright. It wouldn't be an exact science, but it
might be helpful in some way.

> > Sure thing. My point was that not checking every file seems like sloppy
> > work to me, for a distribution that places such an emphasis on
> > licensing, and can lead to many problems.  I have been the unfortunate
> > victim of my own laziness in this regard, so at least I am speaking from
> > guilty experience.
>
> I'm finding it a bit frustrating that your wording here seems to treat
> copying and pasting all the copyright files as if it's synonymous with
> checking every file and seems to assume that people who don't do the
> copying and pasting aren't checking every file.  They truly are not the
> same thing.

I'm not sure I follow, sorry.

> > Regardless of format, caveat a machine readable format being available
> > to lintian for some rudimentary checks, a requirement for developers to
> > document the licensing checks in debian/copyright could (not would) go a
> > long way towards preventing DFSG problems in future uploads.
>
> We already *do* require that developers document the results of the
> *license* audit.  I don't think anyone is disputing that (although it's
> painfully tedious for large packages, and it would be really nice if the
> people who are deeply concerned that Debian always do this would volunteer
> to help the Iceweasel, Linux kernel, KDE, and X maintainers, among others,
> with doing this work).

Well, there seems to be some confusion then. I have made it explicit in this
thread that I don't really see it as necessary that each copyright holder be
listed, and that we only do it where necessary. It is my understanding that
people have still raised objections about documenting every license in
debian/copyright, for example Autoconf and other generated files.

-- 
Noah Slater, http://tumbolia.org/nslater
Reply to: