The machine-readable debian/copyright file specification says that the
Format field should contain:
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
These days www.debian.org supports HTTPS+HSTS (thanks, DSA!). Apparently
this prompted some people to replace "http" with "https" in their Format
field, contrary to the requirements of the specification.
Worse, some tools (Lintian, mk-origtargz) incorrectly say that the HTTPS
URL is the one you should use in the Format field. Also, some tools
(dh-make, Config::Model) produce copyright files with the HTTPS URL
inside.
Some DEP-5 consumers recognize the HTTPS URL (Lintian, mk-origtargz,
Config::Model, python-debian, license-reconcile), but others don't
(adequate, umegaya).
So, what we're going to do about it? I see the following options:
A) Make Lintian complain about the HTTPS URL; fix
HTTPS-advertising and HTTPS-producing tools, and >400 copyright files.
B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers.
C) Admit that file formats are too hard and go shopping.
--
Jakub Wilk
