Bug#915384: lintian: check that debian/copyright has an entry for each component
Le 03/12/2018 à 13:28, Chris Lamb a écrit :
> tags 915384 + moreinfo
> thanks
>
> Hi Xavier,
>
>> It could be safe in this case to add a lintian warning if there is no
>> entry in debian/copyright like:
>>
>> Files: <component-name>...
>
> I don't 100% understand what would be the problem here if an entry is
> missing, what "it could be safe" means and whether the "<" etc are
> part of the name etc...
>
> But to save some back-and-forth, it might be easier to provide:
>
> * An example "good" case.
>
> * A "bad" case.
>
> * A short paragraph explaining why this is bad (for me and for the
> eventual tag description).
>
> Thanks in advance.
>
> Regards,
Hello,
thanks for looking at this. Here is an example:
# debian/watch
https://main/ main-(\d[\d\.]+)\.tar\.gz
opts="component=comp1" \
https://comp/ comp-(\d[\d\.]+)\.tar\.gz
In this example, a debian tool like gbp will unpack comp_1.0.orig.tar.gz
into "comp1/" directory
Presumed good debian/copyright:
Files: *
Copyright: foo
License: GPL-2+
Files: comp1/*
Copyright: bar
License: Expat
Suspicious debian/copyright:
Files: *
Copyright: foo
License: GPL-2+
In the last case, no entry matches explicitly "comp1/" directory. It
might be a missing exam of sources. If both main and component have the
same copyright, DD can insert a lintian-overrides but then we're sure
that he didn't miss to examine component directory.
I didn't propose "Certainty: certain": component were introduced in
uscan to group sources when upstream provided source in multiple tarballs.
Severity should be "important" but during a transitional time, I think
it could stay "normal" until all valid packaged fixes their
lintian-overrides.
I don't know also if "important" makes sense with "Certainty: wild-guess"
Cheers,
Xavier
Reply to: