On Thursday, 6 February 2020 11:21:01 CET Jonas Smedegaard wrote: > There are two machine-readable outputs currently, enabled by either of > options "--machine" or "--deb-machine" - I assume you are talking about > the latter.
Nope. cme use "--machine" option whose output is easier to parse. I don't really need the "FIXME" tag as cme either provides a similar message (although in a more verbose way) or provides the correct value (from control information or using Software::LicenseMoreUtils) > Yes, I plan to include most possible in machine-readable output, but > will (for the "--deb-machine" format) keep within the boundaries of > https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ - so > what you should worry about should only be if you are making too strict > assumptions on that format. Which makes it harder to parse. > In particular, beware that it is plain > wrong to only expect explicitly defined fields (as per ยง 4: "Extra > fields can be added to any paragraph"). Yes, I've been bitten by this. This is now taken care of [1]. > Now that I write this, it occurs to me that > it probably makes sense to expand those FIXMEs to add some explanatory > text. Agreed. > I imagine that qualities are of different importance for different uses > of licensecheck. An author might be interested in correcting errors, > and a larger organization of authors (e.g. KDE) might want to ensure > coherence both in writing style and in licensing "regime" (in lack of a > better word: which political field they want to stay within - e.g. > "GNU-compatible copyleft" or "Apache semi-copyleft without > GPL-contamination"), whereas a distributor like Debian is less > interested about style (we cannot change it anyway) except for details > directly harmful for our work (e.g. wrong contact information as has > happened with FSF changing postal address). Understood. I'm mostly focused on Debian use case. > ...then maybe I should add " and/or UNKNOWNS" to _all_ detections - > which is currently implied by the "FIXME" comments. The way I see it, the FIXME comment instructs user to find the license text. I assume that the license is correctly detected unless specified otherwise (with "and/or"). I know that licensecheck is a heuristic tools and misdetections are possible. But I cannot afford to systematically verify each file. Adding " and/or UNKNOWNS" to _all_ detections would make me question the added value of licensecheck. > To clarify: When licensecheck says "GPL-2+ and/or MIT"" then it means > "this file is seemingly licensed under GPL-2+ and/or MIT (and/or > additional terms not auto-detected)" (not "this file is _only_ licensed > under GPL-2+ and/or MIT"). No problem. > If cme warns about "and/or" needing human investigation but not FIXMEs, > then it implicitly says FIXMEs need less human investigation which is > plain wrong! cme uses "-m" option, so "FIXMEs" are currently not seen by cme. However, cme either fills the blank with the correct license text or warns the user about missing license text. All the best [1] https://salsa.debian.org/perl-team/modules/packages/libconfig-model-dpkg-perl/blob/master/lib/Config/Model/models/Dpkg/Copyright/Content.pl#L6
