Bug#556015: debian-policy: Clarify requirements for copyright file

[Russ Allbery <rra@debian.org>]

Charles Plessy <plessy@debian.org> writes:
> Le Thu, Nov 12, 2009 at 10:22:37PM -0800, Russ Allbery a écrit :

>> It's an additional requirement over the current Policy statement, but
>> according to previous statements by ftpmaster, it reflects what's
>> currently being enforced during NEW processing.

Sorry, this isn't completely correct.  It's a *relaxation* of the existing
requirement in one significant sense, and a strengthening in a different
sense.

Policy currently says:

    A copy of the file which will be installed in
    /usr/share/doc/package/copyright should be in debian/copyright in the
    source package.

So in other words, any package that does anything other than install the
debian/copyright file from the source package into the appropriate place
in the binary package is buggy according to Policy currently.

Now, I know that some package maintainers like to provide separate
copyright files for different binary packages if, say, one is under the
GPL and another is under the BSD license.  Currently, Policy says that
they should not do that.  I'm proposing relaxing that requirement and
allowing them to do so, provided that debian/copyright still documents the
copyright and license information for the source package as a whole.

I'm also proposing changing the requirement for debian/copyright from a
should to a must.  I believe that reflects existing practice.  A package
that has no debian/copyright file is not going to make it into the archive
now.

>> Also, it just makes sense; it's not possible for ftpmaster to easily
>> review the package unless there's one file that covers the source
>> package, since Debian is going to distribute that source package.

> That is my point: it is a requirement for NEW processing. The FTP team
> does not check the copyright files of the packages afterwards.

Ah, I understand what you mean, now.  But yes, they do.  Whenever a new
binary package is introduced, for example.

Besides, I'm not sure this is relevant.  Surely one wouldn't create a
debian/copyright file for NEW and then remove it afterwards so that no one
else can reproduce the NEW copyright check if they wish?  To me, that's
just obviously wrong, obviously a bad thing to do on many different
fronts.

Hm, in investigating this, I just noticed that Policy 4.5 doesn't make any
sense.  It says that any source package must be accompanied by its
copyright file in /usr/share/doc/<package>/copyright.  I'll produce a new
version of the patch that corrects that as well.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>