Scott Kitterman <deb...@kitterman.com> writes: > Personally, I think the bulk of the reason we should care about > debian/copyright is to achieve license compliance.
For this, IMO the licensing information is not just enough, since it does not document how our binaries are licensed. For example, a source package may contain BSD and GPL licensed files -- how would you find out under which license a certain binary package may be distributed? It may be the case that a binary package was built using only the BSD licensed sources (and another binary package from the rest), so the assumption that everything is GPL is not necessarily valid. And how would you differ between f.e. a binary package produced with a gfortan build dependency from another produced with libreadline-dev (both GPL)? The first does not need to have the sources being GPL compatible, the second needs it. readline may be a border case, since the result is dynamically linked to libreadline, but this can not be a general assumption. If we need license compliance, we would need details about how our binary packages are licensed, and even then it can give just a first guess. Best regards Ole
