Lars Wirzenius wrote:
to, 2009-06-11 kello 15:01 +0200, Giacomo A. Catenazzi kirjoitti:- and a reasonThat's the killer point we should concentrate on. I know commercial derivatives of Debian can benefit from machine-readable debian/copyright files: their customers may need to get a list of licenses used in the (subset) of packages the derivative provides them, and this would get easier with DEP5. For Debian itself, this is not sufficient reason to bother. Would Debian benefit from being able to easily query for things like "packages linking to OpenSSL, licensed under GPL, but without an exception"?
But debian/copyright has not enough data to do these checks. debian/copyright is a source only collection of license (and copyrights with PEP5). It includes licenses of non-used file. But no assessment on the licenses of binary programs is done (including source file, compiling, linking, ...). This is a very difficult task (and outside sources: it depends on architectures and on runtime environment). It would be nice to have the license of binary files, but I think we are far to the target, and the PEP5 helps very little (I think PEP5 purpose is not about this task). ciao cate