Re: git as a source package format?

To: debian-devel@lists.debian.org
Subject: Re: git as a source package format?
From: Charles Plessy <plessy@debian.org>
Date: Sat, 4 May 2013 13:41:55 +0900
Message-id: <[🔎] 20130504044155.GE21564@falafel.plessy.net>
In-reply-to: <[🔎] CAKTje6E9jPE0CyCuuDCGhy75GvDqHAPD6sugzYAaosA+fdy+rQ@mail.gmail.com>
References: <[🔎] 51816CCA.4060207@pocock.com.au> <[🔎] 20130503165022.GA3081@client.brlink.eu> <[🔎] 20130504024130.GB21564@falafel.plessy.net> <[🔎] CAKTje6E9jPE0CyCuuDCGhy75GvDqHAPD6sugzYAaosA+fdy+rQ@mail.gmail.com>

Le Sat, May 04, 2013 at 12:11:23PM +0800, Paul Wise a écrit :
> On Sat, May 4, 2013 at 10:41 AM, Charles Plessy wrote:
> 
> > The fact is that Debian does not make much effort to ensure that we do not
> > distribute unredistributable files in our mirrors and installation media, once
> > a package has passed its first copyright and license review.
> 
> That is simply not true, every developer is responsible for checking
> this before every upload, to NEW or directly to unstable. I don't know
> about you or the rest of Debian but I certainly take this
> responsibility seriously and perform this very necessary action.

Thanks for the correction.  I do not want to give the impression that people
are sloppy as individuals.  But there are thousands of uploaders and tens of
thousands of packages.  Errors will happen and accumulate, and we have no
mechanism for correcting errors.

I parse the diff for the strings "copyr", "licen" and "autho" (and sometimes
"©" of "(C)"), and look for suspicious file endings (like PDF).  However, my
experience when working on packages maintained by multiple people (it is easier
to see other people's errors than our own), is that, to say the least, one
person checking at each upload is not enough to prevent the copyright files to
slowly lose their accuracy.  This is a fact for which Debian does not take
action beyond underlining who is to blame in case of problem, which is not the
most effective strategy to prevent problems to happen.

I have no doubt that we are doing our best, and there are steps forward on
which improvemnts could be built (like the machine-readable copyright files),
but on the other hand, there is not much leadership into going beyond our
current model of being draconian at the first upload, and crossing fingers
on the next ones.  It would be definitely a big undertaking, but the point
I want to make is that one can not say that Git repositories could not
be redistributed by Debian and at the same time be satisfied with the
way we handle our packages currently.  (And to make things clear: I think
that we should redistribute Git packages, especially when they are
obviously the "preferred source for modification" upstream).

We are all quite busy and it is hard to avoid over-commiting ourselves, but I
always feel frustrated when some arguments are given against a development, but
are not followed fully in regard to our current practices.  For instance,
people insisting against distributing Git repositories could contribute tools
for a more efficient copyright and license review between uploads.  That would
be much more constructive.

Cheers,

-- 
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan

Reply to:

Follow-Ups:
- Re: git as a source package format?
  - From: Jonathan Nieder <jrnieder@gmail.com>

References:
- git as a source package format?
  - From: Daniel Pocock <daniel@pocock.com.au>
- Re: git as a source package format?
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: git as a source package format?
  - From: Charles Plessy <plessy@debian.org>
- Re: git as a source package format?
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: multiarch and interpreters/runtimes
Next by Date: Re: git as a source package format?
Previous by thread: Re: git as a source package format?
Next by thread: Re: git as a source package format?
Index(es):
- Date
- Thread