On 25/07/2025 09:03, Simon Josefsson wrote:
Working on 'leancrypto' packaging (which now build! see salsa pipeline
below) made me consider life choices wrt debian/copyright.
For several of my packages, I use 'lrc' to audit that debian/copyright
file matches what 'licensecheck' thinks the license of files are.
But what is the best tool to GENERATE a debian/copyright in a package
with 1500+ files with different copyright and license information?
Best tool at parsing individual text files is definitely licensecheck.
It doesn't reconcile against the existing d/copyright and doesn't group
years very well. And doesn't ignore known files (.git, COPYING, etc...)
with certain args. And doesn't handle binary files gracefully.
Still, excellent recognition of license/copyright on text files.
I have heard about 'clscan' but using it does not seem straightforward
to use, or at least I didn't understand how to use it. Are there any
gentle introductions to it?
I expect a tool to be able to either CREATE a template debian/copyright
or UPDATE an existing debian/copyright (made from an earlier template)
by searching through the content of a directory.
decopy reconciles against existing d/copyright, but recognises a limited
set of licenses and they have to be cleanly written.
Handles mimetypes and checks images/fonts/pdfs/etc through exiftool though.
A tool like that doesn't feel like rocket science these days.
Could someone summarize the alternatives and share their experience with
some of them?
I start by looking at the output of:
- `licensecheck --deb-machine --recursive .`
- `decopy`
Compare and see which one looks more accurate. You'll probably have to
do a lot of cleanup, globbing and grouping.
Neither will be usable as-is since upstream attached their copyright and
disclaimer only to every file. And I think upstream is dual licensed to
begin with, so tools won't recognise that.
Alternatively, since upstream tracks 3rd party licenses in their LICENSE
file, I would consider the manual route if that information is accurate
enough.
/Simon
Simon Josefsson <si...@josefsson.org> writes:
Packaging is materializing here:
https://salsa.debian.org/debian/leancrypto/
Automating debian/copyright generation somehow would help.
/Simon
--
Regards,
Ahmad
