Re: Let’s turn DEP5 into something useful
Frank Lin PIAT <fpiat@klabs.be> writes:
> On Sat, 2009-06-13 at 09:17 +0000, Bart Martens wrote:
>> On Sat, Jun 13, 2009 at 10:52:36AM +0200, Josselin Mouette wrote:
>> >
>> > The real problem with DEP5 is not the format (which is not worse for a
>> > small package than the current one), it is with the unrealistic amount
>> > of information that it requires to fill and maintain.
>> > [..]
>> >
>> > So, how about dropping entirely anything that’s related to files and
>> > only keep the amount of information we are requiring now? [..]
>>
>> I agree with this "let's get real".
> +1
>> I would even go further: The focus should be less on making it easier for
>> machines to read debian/copyright and more on machines generating a
>> human-readable debian/copyright.
>
> I believe it is very important to have machine parseable list of
> license.
> For instance, lintian/apt/dpkg/$whatever could check "Package Foo
> (license Apache) depends on the library Bar (license GPL)"
>
For that to work, you'd have to somehow indicate which files' licenses
are going to be relevant to which binary package. For instance, many
packages have (parts of the) build-system machinery GPL'd (e.g. the
ltmain.sh from libtool is GPL-2+), but the rest of the package uses a
laxer license (e.g. LGPL).
I don't see this addressed in any way in the current DEP-5 text. Maybe
it'd be better to get rid of the `Files:' field, and replace it by
`Package:', indicating the binary package the license (and copyright
information) applies to? The way I see it, debian/copyright is about
binary packages, as for source packages we already comply with license
terms by distributing the full upstream tarball (modulo DSFG-related
stripping, which is not relevant in this context).
Regards, Rotty
Reply to: