[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: copyright precision

On Mon, Aug 15, 2016 at 10:53:53AM -0700, Nikolaus Rath wrote:
> > * If we had a good toolchain to compile and audit this stuff, people
> >   and companies who want to know the copyright holders could just use
> >   that to inspect the upstream source code and cut out the middle-man.
> I think even the best tooling wouldn't be able to automatically generate
> correct copyright files. However, it would make it feasible to keep an
> initially-correct copyright file correct over time (by flagging
> potentially copyright affecting changes in an upstream release and
> providing a straightfoward way to integrate those changes).

Indeed. I don't think the ideal tooling here could be fully automated
(at least in the most general case), it could/should be semi-automated
at best. In that respect, it doesn't seem in any way different from
other machine-readable information that we extract from upstream
projects. Take dependencies: in many cases they could be extracted from
other kinds of metadata (or, failing that, from README files, developer
documentation, etc). But then they can be wrong, and need curation by a
human maintainer for correctness; or at least usefulness.

Stefano Zacchiroli . zack@upsilon.cc . upsilon.cc/zack . . o . . . o . o
Computer Science Professor . CTO Software Heritage . . . . . o . . . o o
Former Debian Project Leader . OSI Board Director  . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »

Attachment: signature.asc
Description: PGP signature

Reply to: