On Mon, Aug 15, 2016 at 10:53:53AM -0700, Nikolaus Rath wrote: > > * If we had a good toolchain to compile and audit this stuff, people > > and companies who want to know the copyright holders could just use > > that to inspect the upstream source code and cut out the middle-man. > > I think even the best tooling wouldn't be able to automatically generate > correct copyright files. However, it would make it feasible to keep an > initially-correct copyright file correct over time (by flagging > potentially copyright affecting changes in an upstream release and > providing a straightfoward way to integrate those changes). Indeed. I don't think the ideal tooling here could be fully automated (at least in the most general case), it could/should be semi-automated at best. In that respect, it doesn't seem in any way different from other machine-readable information that we extract from upstream projects. Take dependencies: in many cases they could be extracted from other kinds of metadata (or, failing that, from README files, developer documentation, etc). But then they can be wrong, and need curation by a human maintainer for correctness; or at least usefulness. Cheers. -- Stefano Zacchiroli . zack@upsilon.cc . upsilon.cc/zack . . o . . . o . o Computer Science Professor . CTO Software Heritage . . . . . o . . . o o Former Debian Project Leader . OSI Board Director . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Attachment:
signature.asc
Description: PGP signature