[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian/copyright in source package

On Wed, Aug 26, 2015 at 11:14:48PM +0200, Thorsten Alteholz wrote:
> On Tue, 25 Aug 2015, Santiago Vila wrote:
> >Not having a debian/copyright file in the source package does not
> >affect usability of the package in *any* way.
> 
> If it is not possible to add the copyright and license information to the
> binary package, it might violate some licenses and such the package may not
> be distributed by Debian or may not be used on Debian systems.
> 
> As the normal workflow of packaging is to collect the copyright and license
> information in debian/copyright and copy that file into the binary package
> during build, a missing file might make the package unusable. Of course, not
> in a technical manner.

I think you are missing the point completely.

I'm talking about packages shipping *proper* copyright files in their .deb
that are generated by debian/rules at build time.

There is absolutely no license, copyright or dfsg-freeness problem in
doing that, and there is also no usability problem at all justifying
the "important" severity.

Moreover, normal workflow != mandatory.

If you want to make it mandatory, what you should do is to modify
policy so that it reads "must", not submitting a lot of similar bugs
with inflated severity.

> Anyway, in the light of source only uploads, how shall the copyright and
> license information of the binary packages be verified, if there is no
> debian/copyright? Either the maintainer or the ftpteam has to do the work.
> Given that the package output of about 1000 maintainers needs to be checked
> by just a few members of the ftpteam, the burden should be distributed on
> the larger group. And experience shows that there is a check needed to
> fulfill the DFSG.

If that's really a problem, I think it would be fair to require that
the very first time a package is uploaded, it's *not* done in
source-only form. This way you will always have a copyright file
available without having to build the package yourself.

But there is something I don't understand. Do you *just* verify that
there is a debian/copyright file in the source? You don't verify that
it matches the actual copyright notices in the several *.c files etc?

Surely that a mandatory debian/copyright file in the source might
simplify your work a little bit (which is why you should try to modify
policy in the first place), but such kind of help would be just a
small fraction of the license and copyright checking anyway.

So, to summarize, I don't think this is such a big problem.
Reply to: