Re: What to do when DD considers policy to be optional? [kubernetes]

To: debian-devel@lists.debian.org
Subject: Re: What to do when DD considers policy to be optional? [kubernetes]
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 25 Mar 2020 22:50:30 +0100
Message-id: <[🔎] slrnr7nkh6.1eo7g.jmm@inutil.org>
References: <[🔎] 6621155.inLKrcisiX@deblab> <[🔎] 87k13attg9.fsf@iris.silentflame.com> <[🔎] CAGsaWmP4O3ZqbbQRGF3Z076Aod=Y1Gd_QDWT+HqQrzYu+02E-w@mail.gmail.com> <[🔎] 20200324203716.kzypgt33y3n47v4y@yuggoth.org> <[🔎] 871rphqus8.fsf@hope.eyrie.org> <[🔎] 20200325010713.GA796247@bongo.bofh.it> <[🔎] 20200324203917.0bbe1d5f@toast> <[🔎] 87eethp3v6.fsf@hope.eyrie.org>

Russ Allbery <rra@debian.org> schrieb:
> Michael Lustfield <michael@lustfield.net> writes:
>
>> One last thing to consider... NEW reviews are already an intense
>> process. If this package hit NEW /and/ we allowed vendored libs, you
>> could safely expect me to never complete that particular review. I doubt
>> I'm the only one; that's essentially ~200 package reviews wrapped into
>> 1.
>
> I'll repeat a point that I made earlier but put a bit of a sharper point
> on it: We should thoughtfully question whether the current approach to
> license review that we as a project ask ftpmasters to do is a correct
> investment of project resources.

Full ack!

> We do not *have* to do a detailed file-by-file review of the correctness
> of upstream's license metadata when packaging.  This is a choice.  By
> choosing to do this, we absolutely catch bugs... just like we would catch
> bugs if we did a detailed file-by-file review of any other property of
> upstream code.

Or even replace it with automated license detection to spot such bugs (as
provided by tools like Fossology), which could even be an ongoing thing
for every upload instead of "once for the initial upload" and "randomly 
when new new binary  packages" appear. Plus everyone keen on reviewing
copyright files is always able to report bugs in the BTS.

Cheers,
        Moritz

Reply to:

References:
- What to do when DD considers policy to be optional? [kubernetes]
  - From: Dmitry Smirnov <onlyjob@debian.org>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Janos LENART <ocsi@debian.org>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Russ Allbery <rra@debian.org>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Marco d'Itri <md@Linux.IT>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Michael Lustfield <michael@lustfield.net>
- Re: What to do when DD considers policy to be optional? [kubernetes]
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: new kubernetes packaging
Next by Date: Re: email backend for fedmsg
Previous by thread: Re: What to do when DD considers policy to be optional? [kubernetes]
Next by thread: Re: What to do when DD considers policy to be optional? [kubernetes]
Index(es):
- Date
- Thread