Ben Finney <bignose@debian.org> writes: > Simon McVittie <smcv@debian.org> writes: > > On Wed, 13 Dec 2017 at 23:10:51 +1100, Ben Finney wrote: > > > expecting to find “complete copyright holder information” such > > > that we can be confident it *is* complete, solely in the upstream source > > > is a folly, in my experience. > > > > Given that, on what basis can a user of the package gain value from > > our claim that the complete list of copyright holders is present in > > debian/copyright? > > Because that file is typically a record of a specific effort to > *acquire* that information, and to document it for people who are > careful about the provenance and grant of license in the work. That description doesn't match my experience. Nor does it match what the Policy Manual requests: "Every package must be accompanied by a verbatim copy of its copyright information and distribution license". I have a very hard time believing that debian/copyright "typically" contains anything other than a scraping of upstream source files. I take the existence of various tools to semi-automate this task as evidence in support of my thesis. > The distinction I'm drawing is in response to proposals in this thread, > to declare the record in ‘debian/copyright’ to be obsolete. Some > proposals have advocated that we rely on finding that information solely > in the upstream work. I'm advocating it because in practice that's what is happening -- it is a "verbatim copy of ... copyright information". However, it's not worth my time to collate that from 55000 files. The source package has the verbatim copy already ... we just need to point to it! > > Linux distributions exist, they don't attempt to list every copyright > > holder on the Linux kernel, and in practice this is fine, which > > suggests that this is an ocean we're trying to boil as a weird Debian > > thing rather than because we actually need to. It's fine to have weird > > Debian things that we do because we're Debian rather than because we > > absolutely need to do them - but when we do, we should be clear about > > why, so that we can stop enforcing them if the cost (mostly in > > maintainer time and motivation, our most valuable commodities) exceeds > > the benefit. > > I agree with the need to be clear about why. I hope this and other > expressions in this thread have helped make it clearer. Your email sounds like a personal preference of yours -- which is fine. But it does not explain why Debian should demand it. On the contrary: your expectation goes way beyond Policy's "verbatim copy". -Steve
Attachment:
signature.asc
Description: This is a digitally signed message part.