Re: Verifying dep-5
[2016-05-28 13:20] Stefano Zacchiroli <zack@debian.org>
> On Sat, May 28, 2016 at 02:18:51AM +0300, Dmitry Bogatov wrote:
> > But seems we do not have tools to check it. Probably, we need some way
> > to mark licenses of whole binary packages. WDYT?
>
> You're correct that we have no way to document the licenses of binaries.
> The Policy is currently only concerned to document licenses at the
> source (files) level.
>
> Note that having a human-maintained documentation of the license of each
> binary we ship is not enough to properly do the checking you've in mind.
> Tracking licensing information across builds is actually an open
> research question on which various teams around the world are
> working---on various angles: formalizing dependencies across builds,
> dynamically tracking builds using syscall tapping, inspecting built
> binaries ex post, etc. There are prototypes of all these things around,
> but TTBOMK they are all very limited (e.g., restricting to a specific
> build system and/or a programming language) and as such by no mean
> generic enough to scale to the size and diversity we have in Debian.
In my particular case, issue is solved (upstream maintener agreed to remove
GPL file, causing package be plain BSD-3-clause). But to get idea, whether
such issue is worth new Field in d/control, it would be interesting to
take a look on all dep5 d/copyright files. Downloading every source package
in archive is not option, sure.
--
Accept: text/plain, text/x-diff
Accept-Language: eo,en,ru
X-Keep-In-CC: yes
X-Web-Site: sinsekvu.github.io
Reply to: