Re: debian/copyright for files not part of the binary packages?
* Steve Langasek <email@example.com> [080720 20:36]:
> Well, a) I don't agree that this is a bug, and b) it matters that
> developers' work not be blocked by orthogonal and *low impact* issues. By
> making this a blocker for binary NEW, it's given an importance far out of
I'm undecided about for packages in NEW because of new binary packages, but
I definitely think that for new packages the bar cannot be high enough.
> This is something that can happen at any point, not just when a package goes
> through NEW. If freetds were really an issue, it would have been an issue
> for three years and our stable release would be contaminated. We *already*
> have to trust DDs to not screw up the licensing of existing packages when
> they package new upstream versions that don't go through NEW; there's no
> reason to single packages out when they do go through binary NEW.
There is some saying "Trust gets consumed if it is used". For important
stuff, it is always better to also check things. And if there is a
specific point, at which things are looked at, why should they not look
at the licensing part, too? (Usually judges also tend to be much more
harsh when there was a chance to do something that was not used).
Otherwise one could argue with the same point that DDs should be trusted
anyway to not break the packages and not land in NEW with new binary
packages but the archive software just extract the priority and section
from the .changes file...
> So what, exactly, do you intend for the ftpmasters to do in the case that a
> single source package contains software that's licensed under incompatible
> licenses - like, say... the GPL and the GFDL?
> If "it would be foolish to ask FTP masters to check the whole build process",
> then listing the licenses is a waste of time because it does not give you
> the information to distinguish the legal cases from the illegal ones. You're
> still either relying on the maintainer to generally know what they're doing,
> or depending on the ftp team to fully vet the licenses... or authorizing the
> ftp team to blindly reject packages if they contain incompatible licenses
> anywhere in the source, regardless of how much collateral damage it causes.
I think forcing maintainers to list all licenses in the source package
is both usefull so that the websites offering those files to download
state their actual licenses in the linked copyright file and to make
sure the maintainer is acutally looking around for the actual licenses
of the files. It is far more easier to overlook some license (especially
when the notices do not contain the word license or copyright) than to
know about them and make the wrong assessment of what is used together.
(And it makes it much easier to first make sure if all licenses and
copyright/authorship statements are actually listed and then check
if there are any problems depending on where those happen. Especially it
makes it easier later).
> Following the last to its logical conclusion, we would have to repack/split
> upstream tarballs to get them through NEW even if there are no actual
> license problems. I'm not ok with that.
I do not think anyone suggested mere aggregation would be a problem.
> When their practices involve rejecting packages that it's perfectly
> legitimate to distribute in main, I strongly disagree.
I do think Debian should have a higher goal than just shipping
everything that is legally distributeable.
Bernhard R. Link