On 27/08/11 20:35, Russ Allbery wrote: > Ximin Luo <infinity0@gmx.com> writes: > >> I've been trying to package a bunch of mozilla extensions and getting >> used to all the book-keeping that debian packages need, much of which is >> copyright. I read DEP-5 and have been working on getting my >> debian/copyright files to conform to that standard. However, one major >> annoyance is the inclusion of verbatim licenses, in particular MPL-1.1. > > I simply don't buy the idea that this is any sort of significant > annoyance. You only have to do the work to convert MPL-1.1 to DEP-5 > format once, and then you can just copy and paste it from one package to > the next when they're under the same license. Compared to the other work > required to produce a good Debian package, this is minor, and after the > first time takes a minute or two at the outside. > The cost of the initial setup means that people don't do this in practise. I have not come across a single debian/copyright file with the full MPL text in it. Having a unified shared package for licenses makes this a lot easier. >> The "correct" way (according to a strict interpretation of debian policy >> and DEP-5) to do this is to include MPL-1.1 verbatim within a License: >> paragraph, > > Correct. > >> which means you need to indent every single line by one space, and fill >> in the blank lines with a "." character. > > Which takes all of 15 minutes of work at most in a good editor, that you > only have to do once, and then you're done forever. (You probably want to > check with diff that the MPL for one package is actually the same as the > MPL for the next package, but that's fast.) > This is flawed logic. Because there is no standard for this, and because this is a side issue from actual package work, every maintainer needs to work out this solution for themselves, and does things in a slightly different way. >> The "hardcore" geeks will say "oh you can write a sed script to do that >> easily", but this takes some mental effort, so not surprisingly people >> have come up with their ad-hoc solutions to this, usually involving >> including MPL.txt or somesuch in the /doc/ folder. > > I believe those packages are buggy, and I actually wouldn't be surprised > if ftp-master rejected them, although that's between the package > maintainer and ftp-master. It's just not that difficult to do the right > thing, particularly since one can probably pool resources and use the same > DEP-5 conversion of MPL-1.1 in multiple packages. > >> The problem is that everyone does this in slightly different ways, so it >> becomes very hard to extract this information mechanically. > > This doesn't make sense to me. DEP-5 has a clear explanation of how to > designate the license used by the package in a way that doesn't involve > the wording and which is mechanically extractable. Nothing about the > process of putting the legal text in debian/copyright is relevant to the > problem of mechanical extractability of the licensing information for the > package. > You missed my point. Verbatim text in copyright may be mechanically extractable, but not easily verifiable. It's hard in the general case to verify that a license block called "MPL" actually contains the full correct MPL text, both for machines and humans. To re-quote myself - one might see that a package points to MPL.txt [or a license paragraph with the MPL header], then assume it's the MPL, but then <strong>why have that file [or text] there in the first place, if you're not going to read all of it</strong>? X -- GPG: 4096R/5FBBDBCE https://github.com/infinity0 https://bitbucket.org/infinity0 https://launchpad.net/~infinity0
Attachment:
signature.asc
Description: OpenPGP digital signature