On Wed, 2018-03-07 at 00:30 +0500, Andrey Rahmatullin wrote: > On Tue, Mar 06, 2018 at 07:27:40PM +0000, Ian Campbell wrote: > > > I know for a fact that quite regularly licence checks on binNEW packages > > > causes RC bugs to pop up. I acknowledge it may be a burder for the ftp > > > team, but that reason alone probably deserves to keep binNEW as it is. > > > > That would seem to justify some sort of randomized spot checks on the > > archive, not arbitrarily focussing on the subset of packages which > > happen to need a new binary package for some reason. > > Exactly. It's almost spring in northern Europe and with the lengthening day I start getting many crazy ideas. Here's one: it would be truly awesome if we could review each source package at least once per Debian release cycle. I don't think that's possible, it would be awesome if it were. There is, in unstable, about 28000 source packages right now, if I'm counting correctly. A release cycle is about two years. That's about 40 source packages per day, every day. That would require either a very large number of extra volunteer reviewers, or automation. If most upstreams were systemtically tagging (perhaps using SPDX) their sources with licence information, or we had a mostly reliable tool for deducing that information automatically, this might be feasible.
Attachment:
signature.asc
Description: This is a digitally signed message part