Hi On Thursday 05 June 2014, Raphael Hertzog wrote: > Hi, > > On Wed, 04 Jun 2014, Stefan Lippers-Hollmann wrote: > > > The Perl script (attached) took a few hours to write - there's a brick > > > of about 60 lines to munge file moves. Then about another hour to > > > inspect all that output, plus poking at each file to make sure that the > > > license change actually occured. > > > > Thank you a lot, this really helps. I'll integrate your changes over > > the next few days after some further local testing. > > I'm glad that this got sorted out but I wanted to point out that > you are actually too demanding of yourself in terms of what to put in > debian/copyright. > > You don't have to document the copyright holders of each and every file. > What truly matters is to properly distinguish the different licenses and > the files concerned by each license. > > Listing of copyright holders doesn't have to be exhaustive (it's > impossible for big projects) and it's perfectly acceptable to group them > for a set of files that share a common license. See how the linux > packages uses: > > Files: * > Copyright: 1991-2012 Linus Torvalds and many others > License: GPL-2
I'm aware of debian/copyright implementations like this and linux is
certainly in a particularly bad situation when it comes to doing a
complete copyright audit (it's all available, but just too exhaustive
to even start documenting it). But not every package gets this carte
blanche.
The better question however would be, if a package like this would be
able to pass NEW[1] (as wpa had to for 1.0-1 - and it will have to pass
through binary-NEW in the not too distant future again). While wpa
certainly has a non-trivial copyright status, recent history has shown
that ftp-master requests complete documentation for debian/copyright
even from much larger/ more complex packages than wpa. Just look at
chromium(-browser) or kfreebsd{9,10,11} for comparison, which were
REJECTed within the last few years, until the missing attributions
were added.
So, does wpa need to have a machine readable debian/copyright,
certainly not, as DEP-5 is just non-binding advice. Would it be easier
to forget about DEP-5 and use a more free-form listing of copyright
attribution? Quite likely yes, but would it be so much easier to make
a significant difference? This answer is less easy to answer, probably
it would be a "yes" after larger changes/ code movement like this time,
but that's less obvious for more incremental changes like 0.7.x -->
1.x where diff(1) or git diff can do most of the job.
The level of difficulty for doing a sufficient documentation for
debian/copyright is less depending on DEP-5's syntax (although a few
changes later in the DEP-5 process certainly led to quite some useless
busy-work - and it's certainly rather verbose), nor is it doing the
mechanical listing (although there is a significant margin of error
regarding false negatives, when contributors get inventive regarding
anti-spam methods). The difficulty is in cleaning up the listings and
collating information into useable chunks, like you mentioned
historical mail addresses for the same copyright holder, collating
files into groups and dealing with unclear attributions or IP takeovers
(like Qualcomm buying Atheros). These issues are independent of the
preferred syntax for debian/copyright - and while it would be easier
to ignore these and just continue with a mechanical listing for version
'n', it's poses more of a problem for version 'n+1' (assuming
incremental, rather than monumental, changes).
Regards
Stefan Lippers-Hollmann
[1] Yes, src:linux has to go through binary-NEW every ~3 months.
signature.asc
Description: This is a digitally signed message part.
