On Sun, Mar 06, 2016 at 07:35:57PM +0100, Jakub Wilk wrote: > The machine-readable debian/copyright file specification says that > the Format field should contain: > > http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ > > These days www.debian.org supports HTTPS+HSTS (thanks, DSA!). > Apparently this prompted some people to replace "http" with "https" > in their Format field, contrary to the requirements of the > specification. > > Worse, some tools (Lintian, mk-origtargz) incorrectly say that the > HTTPS URL is the one you should use in the Format field. Also, some > tools (dh-make, Config::Model) produce copyright files with the > HTTPS URL inside. > > Some DEP-5 consumers recognize the HTTPS URL (Lintian, mk-origtargz, > Config::Model, python-debian, license-reconcile), but others don't > (adequate, umegaya). > > So, what we're going to do about it? I see the following options: > > A) Make Lintian complain about the HTTPS URL; fix HTTPS-advertising > and HTTPS-producing tools, and >400 copyright files. > > B) Fix the spec to allow the HTTPS URL; fix the HTTP-only consumers. > > C) Admit that file formats are too hard and go shopping.
D) Relax and enjoy the benefits of HTTP. Groeten Geert Stappers -- Leven en laten leven
signature.asc
Description: Digital signature
