[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possibly exhausted ftp-masters (Re: Do we still value contributions?

On Thu, Dec 26, 2019 at 04:30:58PM +0100, Thorsten Alteholz wrote:
> 
> 
> On Thu, 26 Dec 2019, Roberto C. Sánchez wrote:
> >    So, what does the FTP team consider that we, as the wider community
> >    of Debian Developers, can do to help?
> 
> What about being more careful when creating the debian/copyright for a
> package?
> I know it is boring, but writing a REJECT-mail is not much fun as well.
> Seeing a copy&paste error once is ok, but seeing that in a bunch of
> packages, makes me wonder.
> Don't neglect fonts, pictures, sound files.
> 
I agree that this is a terribly boring thing to do when packaging new
software.  I cannot imagine how much more boring it would be for the
person performing the verification on the FTP team.

> When there is a REJECT and the maintainer used a tool like licensecheck,
> file a bug and let the tools become better.

One interesting thing about this is that I have often wondered if it
would be beneficial to have checks on debian/copyright during the life
of a package.  Checking only once when a package first enters the Debian
archive seems to leave open the rather likely possibility that some
change in a future upstream release changes or adds some component
license that should be documented in debian/copyright.  I try to be
diligent in this regard and even at times have found that I overlook
things.

In any event, a tool that can scan a source tree and produce a base
debian/copyright file that I as a maintianer could edit would be a
marvelous thing.  Would be possible to make the licensecheck tool dual
use in that way?  The FTP team could use it when validating and
developers could use it for creating the initial debian/copyright.

Then it might also serve as the basis for a lintian check (when the
quality is sufficiently high), or some other process whereby ongoing
checks of debian/copyright could be performed.

> (I tested some commercial tools a while ago and they were extremely bad in
> detecting correct licenses.)
> 
> Make the machine-readable copyright file mandatory.
> It is much easier to "parse" than just a bunch of copyright information.
> 
Yes.

Regards,

-Roberto

-- 
Roberto C. Sánchez
Reply to: