[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: copyright precision

On Mon, Aug 15, 2016 at 05:59:43PM +0100, Simon McVittie wrote:
> * If we had a good toolchain to compile and audit this stuff, people
>   and companies who want to know the copyright holders could just use
>   that to inspect the upstream source code and cut out the middle-man.

I've comment on this in my follow-up to Nikolaus.

> * Our copyright files are only correct inasmuch as upstream's copyright
>   attribution is correct.

Right. But that doesn't make it less valuable. In provenance theory
knowing that someone has witnessed that someone else has said something
is a useful data point. And [FOSS] software provenance is a big deal
these days. If the price to pay for doing so is not too high, there is
an important role for Debian to be played there.

> * I will continue to complain as long as my "source" packages are
>   expected to contain 87kB monsters like
>   <https://sources.debian.net/src/adwaita-icon-theme/3.20-3/debian/copyright/>,
>   which is fairly clearly not anyone's preferred form for modification,
>   and if we're being honest probably not really anyone's preferred form for
>   consumption either.

I beg to disagree (at least) with the latter. No matter the size, once
parsed you can query that file with questions like "what's the
license/copyright of this file according to [this] Debian [package]?".
That's one of the thing that the Debsources API is meant to allow.

But to be clear: I'm not advocating for keeping nor ditching anything in
particular here. I've been asked which level of integration of
machine-readable debian/copyright exists in Debsources. I've answered to
that, testifying that we do have downstreams of our *current*
debian/copyright files. No matter that, Debian can decide: that is not
worth maintaining that information / that is worth only if better
tooling is available / that is worth only if someone else shows up to do
the job / etc. Like it or not, downstreams will cope.

Stefano Zacchiroli . zack@upsilon.cc . upsilon.cc/zack . . o . . . o . o
Computer Science Professor . CTO Software Heritage . . . . . o . . . o o
Former Debian Project Leader . OSI Board Director  . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »

Attachment: signature.asc
Description: PGP signature

Reply to: