On Sat, May 28, 2016 at 02:18:51AM +0300, Dmitry Bogatov wrote: > But seems we do not have tools to check it. Probably, we need some way > to mark licenses of whole binary packages. WDYT? You're correct that we have no way to document the licenses of binaries. The Policy is currently only concerned to document licenses at the source (files) level. Note that having a human-maintained documentation of the license of each binary we ship is not enough to properly do the checking you've in mind. Tracking licensing information across builds is actually an open research question on which various teams around the world are working---on various angles: formalizing dependencies across builds, dynamically tracking builds using syscall tapping, inspecting built binaries ex post, etc. There are prototypes of all these things around, but TTBOMK they are all very limited (e.g., restricting to a specific build system and/or a programming language) and as such by no mean generic enough to scale to the size and diversity we have in Debian. Cheers. -- Stefano Zacchiroli . . . . . . . zack@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . . . . @zacchiro . . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Attachment:
signature.asc
Description: PGP signature