Re: libAWSL: Improving Human Efficiency for debian/copyright Reviewer
On Tue, 26 May 2020 08:13:24 -0400
Sam Hartman <hartmans@debian.org> wrote:
> Unfortunately, being a member of Debian, I find myself getting stuck in
> the details and think you may have gotten a few things wrong.
>
> * I think that reviewing a file every time the salt changes is too
> frequent.
> It is a sign that we might need to review, not that we certainly do.
> We don't tend to review files every time they change today, and I
> think pushing toward this would be problematic.
At the moment, when a package hits binNEW or NEW, *all* files need to be
re-checked by the reviewer. There is no single-file review. This is appropriate
because there are many times where code copies have been added to the source
but not added to d/copyright. Some of these code copies are even embedded in
previously-reviewed files that have another license.
Pushing this direction would reduce efforts, not increase them.
> * Unfortunately the srcpkg-bool problem does not decompose into a set of
> file-bool problems the way you describe.
> The issue is license compatibility.
> Two licenses may be DFSG-free, but their combination may not be
> distributable (and thus not DFSG-free).
Two DFSG-free but incompatible licenses is a non-trivial concern and likely
only caught in more extreme cases. This is really something that should become
a lintian check that only reads through d/copyright.
> Next Steps
>
> The biggest thing I see missing here is what are the next steps?
> If we agree with your principles, what next?
> How does this work go forward?
Mo has made it clear that his ambition has run out. However, we had many
discussions, including with ftpteam members, prior to either of our
announcements. In a sense, libAWSL is aimed at being both a stand-alone utility
as well as a module usable by the project I previously described.
It's probably worth noting, based on previous conversation, I don't expect
anyone in ftpteam would want to see anything discussed implemented as a formal
review tool. Therefor, my own goal is to ultimately build a tool that focuses on
package uploaders, so that they can be confident their package will be approved.
If there are developers interested in working on this tool, I'd be happy to
discuss further in #debian-review and write an actual requirements document to
aid collaboration and development.
Reply to: