Hello Am 16.11.25 um 17:48 schrieb Simon Josefsson:
Adrian Bunk <bunk@debian.org> writes:A better workflow would be something like: - a dh_copyright creates and updates debian/copyright - the build aborts on non-trivial changes[1] - the maintainer reviews the changes when the build aborted (including after the initial packaging)Yes! What do you think about designing it similar to how we handle debian/*.symbols file? That is, dh_copyright would generate a debian/copyright based on upstream source code and compare that with debian/copyright and barf on diffs? With some suitable override or hint mechanism for known mis-interpretations. I have had good success using 'licenserecon' for verifying license compliance in many packages, but I have yet to find a good enough mechanism to curate the debian/copyright file from upstream sources. I think the output of this tool doesn't have to be perfect, if the hint/override mechanism is human-friendly and easy to use so that maintainers can somehow force the debian/copyright output to what they want. Having automated copyright generation with human assistance seems better than human maintained copyright files. I think it would lead to better quality debian/copyright content, fewer errors, and reduce maintainer cycles.
+1
It would also be good to discuss with a lawyer what actual legal requirements are....It is not clear to me whether debian/copyright is required for legal reasons at all,[2]Reproducing whatever upstream say about copyright and licensing is probably sufficient and the right thing to do regardless.
This approach carries the risk that non-free source code could still be published in Debian. As a community, we should take care to develop processes to minimize the risk of liability.
And this should apply across all different legal systems.
/Simon
Regards -- Mechtilde Stehmann ## Debian Developer ## PGP encryption welcome ## F0E3 7F3D C87A 4998 2899 39E7 F287 7BBA 141A AD7F
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature