Bug#907072: lintian: verify AppStream metainfo metadata_license matches debian/copyright
On Mon 2019-01-14 23:50:47 +0000, Chris Lamb wrote:
> Chris Lamb wrote:
>
>> > The gnupg2 source package version 2.2.9-1 has this mismatch because i
>> > was sloppy.
>>
>> So, debian/copyright contains:
>>
>> Files: debian/org.gnupg.scdaemon.metainfo.xml
>> Copyright: 2017 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
>> Comment: This file is licensed permissively for the sake of AppStream
>> License: CC0-1.0
>>
>> ... and debian/org.gnupg.scdaemon.metainfo.xml contains:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <component>
>> <id>org.gnupg.scdaemon</id>
>> <metadata_license>GPL</metadata_license>
In unstable, it's
<metadata_license>CC0-1.0</metadata_license>, which matches the
declaration in d/copyright.
>> <name>scdaemon</name>
>> <summary>USB SmartCard Readers</summary>
>> <description>
>> <p>
>> GnuPG's scdaemon provides access to USB tokens and smartcard
>> readers that provide cryptographic functionality (e.g. use of
>> protected secret keys).
>> </p>
>> </description>
>> [...]
>>
>> ... which is installed to /usr/share/metainfo via debian/
>> scdaemon.install.
>>
>> Thus, whilst we can rely on such metadata files existing in /usr/share/
>> metainfo/*.xml (or similar) we don't know which file in the source tree
>> this originated from (and thus it's license).
>>
>> Ideas?
>
> Gentle ping on this? :)
Sorry, i'm confused by this question. The source file
debian/org.gnupg.scdaemon.metainfo.xml itself is what shows up in
/usr/share/metainfo/. this file states that its own license is CC0-1.0,
as does debian/copyright. What information is missing?
sorry to be dense,
--dkg
Reply to: