Re: On license check in the light of the godiff issue.

[Pirate Praveen <praveen@onenetbeyond.org>]

On Sun, Aug 28 2022 at 10:07:27 PM +02:00:00 +02:00:00, Martin Dosch 
<martin@mdosch.de> wrote:
> Hey Abraham,
>
> On 29.08.2022 01:05, Abraham Raji wrote:
> > What can we possibly do to make the situation better?
>
> I am pretty new to debian packaging and I am by no means an expert in 
> licensing issues, but from my understanding it should not happen that 
> a package with a dependency on package that has no license or 
> inappropriate license get's packaged as Debian requires each 
> dependency to be packaged for Debian.
>
> But maybe we should also mention all licenses of dependencies in the 
> Debian packages of golang programs as otherwise the licenses of 
> build-time dependencies (which are used to generate the binary) are 
> not shown to the user. Ideally this could be automated. But as I said 
> before I am no expert on this topic, so I'm curious what others have 
> to say on this topic.

I don't know if this is sufficient, but there is a Built-Using field in 
the binary package which can be used to check the licenses of the 
modules used to build the binary. If required, the same logic can be 
extended to combine the copyright files of all the modules to a single 
file automatically during build or make a tool that can show combined 
copyright using the Built-Using filed.

> Best regards,
> Martin