Hi Ian,
On Mo 11 Apr 2022 18:51:35 CEST, Ian Jackson wrote:
Another team member identified that there is code in this package
under a number of different licenses other than GPL-3+, but that is
not specified in sufficient detail in d/copyright. That contravenes
both Debian Policy and the terms of those licenses.
My apologies. You are completely correct. I don't understand how I
came to think that the approach I took was sufficient. I guess it is
a long time since I prepared a package with so many different bits and
pieces in it.
sharing some best practice here, feel free to adopt or give feedback on.
For d/copyright maintenance I use my update-copyright.in script [1]. I
run it on the source package's base folder.
The script creates a d/copyright.in file. I keep this file as-is as part
of my debian/ folder and use it for later reference.
When wrapping up a new DEB package, I copy over d/copyright.in to
d/copyright and complete it manually (plus doing some manual checks to
see if the licensecheck tool got things right). Note, that I don't use
file globbing in d/copyright, at all; every source file is listed
individually.
This catches 99% of all DFSG licenses on 80-95% of files in the
src:pkg's source tree (depending on upstream being good at using proper
license headers on individual files or not).
Whenever an upstream version bump is due, I import the new upstream and
re-run the update-copyright.in script on the src:pkg's base folder
again. I get a diff between my previous debian/copyright.in version and
the new version. This diff I then work into the actual d/copyright
manually and thus have an easy workflow for tracking copyright changes
in upstream projects (on a per individual file basis).
This workflow is esp. helpful on projects where many copyright
holders/years and/or licenses are involved and get updated every year or
maybe with every changeset / new contributor.
Greets,
Mike
[1]
https://github.com/sunweaver/MyHomeConfig/blob/master/bin/update-copyright.in