Bug#487201:

To: Steve Langasek <vorlon@debian.org>
Cc: 487201@bugs.debian.org
Subject: Bug#487201:
From: Ximin Luo <infinity0@gmx.com>
Date: Sun, 28 Aug 2011 01:22:02 +0100
Message-id: <[🔎] 4E598A2A.2000109@gmx.com>
Reply-to: Ximin Luo <infinity0@gmx.com>, 487201@bugs.debian.org
In-reply-to: <[🔎] 20110828000656.GA14668@virgil.dodds.net>
References: <[🔎] 20110827131927.13737.73392.reportbug@localhost.localdomain> <[🔎] 87y5yeps0a.fsf@windlord.stanford.edu> <[🔎] 4E597CC7.8010207@gmx.com> <[🔎] 20110828000656.GA14668@virgil.dodds.net>

On 28/08/11 01:06, Steve Langasek wrote:
> On Sun, Aug 28, 2011 at 12:24:55AM +0100, Ximin Luo wrote:
>> You missed my point. Verbatim text in copyright may be mechanically
>> extractable, but not easily verifiable.  It's hard in the general case to
>> verify that a license block called "MPL" actually contains the full
>> correct MPL text, both for machines and humans.
> 
> First, this is only hard for humans, not hard for machines; it's *trivial*
> to convert a block of license text into a case-insensitive,
> whitespace-smashing normalized form for comparison.  And any DEP5 parser is
> going to strip out the ' .' lines as well.
> 

Please, show us how easy it is.

> Second, an important feature of the DEP5 format is the use of standard
> keywords for common licenses.  If you have a DEP5 debian/copyright where you
> declare it's under the MPL, and the text of the license is not the MPL,
> *that's a bug*, and one that can be reliably and automatically detected by
> software.  No software does this today, because no one has taken the time to
> write it yet, but it's a problem that can be solved by writing the code
> once.  In the meantime, *users* can reasonably assume that if the package
> declares the code to be under 'License: MPL-1.1', this is the license that
> applies, without any need for long, by-hand comparison of license texts.
> 

No need for the redundancy then, which hinders human-readability of the rest of
the file.

>> To re-quote myself - one might see that a package points to MPL.txt [or a
>> license paragraph with the MPL header], then assume it's the MPL, but then
>> <strong>why have that file [or text] there in the first place, if you're not
>> going to read all of it</strong>?
> 
> Because not everyone who cares to know what rights they have to the software
> knows what the MPL is (or has its terms memorized) in the first place!
> 

Missed my point again. In this case you should be able to read the MPL in a
single shared location. Not 50 different places, which all have slightly
different formatting.

-- 
GPG: 4096R/5FBBDBCE
https://github.com/infinity0
https://bitbucket.org/infinity0
https://launchpad.net/~infinity0

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#487201:
  - From: Ximin Luo <infinity0@gmx.com>
- Bug#487201:
  - From: Russ Allbery <rra@debian.org>
- Bug#487201:
  - From: Ximin Luo <infinity0@gmx.com>
- Bug#487201:
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Bug#487201:
Next by Date: Bug#487201:
Previous by thread: Bug#487201:
Next by thread: Bug#487201:
Index(es):
- Date
- Thread