Re: dh_copyright (was: Re: Seeking new members for the DFSG team (Re: Bits from the DPL))
On Sun, Nov 16, 2025 at 05:48:16PM +0100, Simon Josefsson wrote:
> Adrian Bunk <bunk@debian.org> writes:
> > A better workflow would be something like:
> > - a dh_copyright creates and updates debian/copyright
> > - the build aborts on non-trivial changes[1]
> > - the maintainer reviews the changes when the build aborted
> > (including after the initial packaging)
>
> Yes! What do you think about designing it similar to how we handle
> debian/*.symbols file? That is, dh_copyright would generate a
> debian/copyright based on upstream source code and compare that with
> debian/copyright and barf on diffs?
>...
My footnote contains an example for the same mechanism on a
different file.
> I have had good success using 'licenserecon' for verifying license
> compliance in many packages, but I have yet to find a good enough
> mechanism to curate the debian/copyright file from upstream sources.
>...
There are also decopy and a few other tools:
https://wiki.debian.org/CopyrightReviewTools
> > It would also be good to discuss with a lawyer what actual legal
> > requirements are.
> ...
> > It is not clear to me whether debian/copyright is required for legal
> > reasons at all,[2]
>
> Reproducing whatever upstream say about copyright and licensing is
> probably sufficient and the right thing to do regardless.
My footnote goes in the same direction, but there are at least two
reasons why consulting a lawyer might still be helpful:
1. Both for the people implementing tooling and later discussions it
would be helpful and less time-consuming when a qualified opinion on
what is actually required exists.
2. We do support users distributing products without /usr/share/doc
on the technical side (Policy 12.3.), and the legal side of that runs
into the same issue no matter what is in debian/copyright.
> /Simon
cu
Adrian
Reply to: