Bug#1124821: marked as done (replace lc.py with call to licensecheck)

[Debian Bug Tracking System]

Your message dated Mon, 19 Jan 2026 03:48:36 +0000
with message-id <e1vhgfo-0000000awn0-0...@fasolo.debian.org>
and subject line Bug#1124821: fixed in debmake 5.0.0
has caused the Debian Bug report #1124821,
regarding replace lc.py with call to licensecheck
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1124821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: debmake
Version: 4.5.3
Severity: wishlist
X-Debbugs-CC: j...@debian.org, b...@debian.org, o...@debian.org

(I CCed a few DDs who gave me some input on license scanner.)

While reviewing recently closed #1121378 https://bugs.debian.org/1121378 , I
realized d/copyright generation needs to be updated.

As mentioned in #1121378, CC0-1.0 and MPL-1.1 and MPL-2.0 needs to be addressed
at least.

While looking for the best practice example for CC0-1.0 using:
 https://codesearch.debian.net/search?q=CC0-1.0
I found glibc package includes SPDX reference
 https://sources.debian.org/src/glib2.0/2.86.3-4/debian/copyright?hl=1091#L1091

License: CC0-1.0
 SPDX license expression "CC0-1.0": https://spdx.org/licenses/CC0-1.0.html
 On Debian systems, the complete text of the CC0 Public Domain Dedication
 can be found in "/usr/share/common-licenses/CC0-1.0".

I also saw:

License: Expat
 SPDX license expression "MIT": https://spdx.org/licenses/MIT.html
 .
 Permission is hereby granted, free of charge, to any person obtaining a copy
...

This style of text including SPDX reference is a nice one and the updated output
of debmake may follow this style.

As recorded in Debain wiki: CopyrightReviewTools
https://wiki.debian.org/CopyrightReviewTools
there are many existing tools.  Considering the core function of debmake is
generating template file for Debian packaging, if possible, delegating Copyright
Scanning Task to other program is one option to keep this debmake maintainable. 

I consider licensecheck mostly by Jonas Smedegaard to be the leading scanner.
  https://tracker.debian.org/pkg/licensecheck
(Problem is it is in Perl which I don't use much.)

Jonas has interesting discussion:
  https://lists.debian.org/debian-devel/2019/12/msg00197.html (Mo Zhou)
  https://lists.debian.org/debian-devel/2019/12/msg00207.html (Jonas)

Since debmake and licensecheck scanner use different heuristics and different
focus on generated output, it may not be easy to swap out current code with
external call to licensecheck.  (debmake has extensive MIT/Expat license variant
extraction to d/copyright.)   For now, it may be worth updating this debmake
lc.py with minimal changes.  (I may just call licensecheck as external program
in the future.)

* MIT programs and similar tend to embed full license text itself.
* GPL programs and similar tend to embed license assignment text while
optionally including full LICENSE text as a separate file.
* Perl programs may be dual licensed and needs to use license expression in
d/copyright.

Scanner needs to be careful.

Here are some notable resources to be considered for updating debmake:

Debain Policy: 12.5. Copyright information
https://www.debian.org/doc/debian-policy/ch-docs.html#copyright-information

Machine-readable debian/copyright file
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field

Machine-readable debian/copyright file: 7.1. Short name
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name

SPDX License List
https://spdx.org/licenses/

Differences between DEP5 and SPDX
https://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX

This is mostly my reminder for updating debmake.

--- End Message ---

--- Begin Message ---

Source: debmake
Source-Version: 5.0.0
Done: Osamu Aoki <os...@debian.org>

We believe that the bug you reported is fixed in the latest version of
debmake, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1124...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Osamu Aoki <os...@debian.org> (supplier of updated debmake package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Jan 2026 22:59:08 +0900
Source: debmake
Architecture: source
Version: 5.0.0
Distribution: unstable
Urgency: medium
Maintainer: Osamu Aoki <os...@debian.org>
Changed-By: Osamu Aoki <os...@debian.org>
Closes: 924658 1090069 1090070 1124821
Changes:
 debmake (5.0.0) unstable; urgency=medium
 .
   * black+isort
   * Remove unused code and data
   * Rename scanfiles.py -> scanext.py
   * Reorganize template files in data/*
   * Refactor src/debmake/*.py (Closes: #1090069, #924658, #1090070, #1124821)
   * Update packaging and documentation
Checksums-Sha1:
 c2408bfc33f1dc79756c750fc66da333adce4d53 1787 debmake_5.0.0.dsc
 7c2e7d53492d5e871cd2dac4ab6a7b275853379a 54544 debmake_5.0.0.tar.xz
Checksums-Sha256:
 b5456557d109da5851acc6ecd353511f4ceb037d1db6d0a5745b94c16bb6e68a 1787 
debmake_5.0.0.dsc
 254213352b315befd2718399a5e0a257aafb7223a453fc09fb7317be721231cf 54544 
debmake_5.0.0.tar.xz
Files:
 5308bc2b18299860e4fa99dd6934533b 1787 devel optional debmake_5.0.0.dsc
 ca087802b85163c305da9d145a5160c8 54544 devel optional debmake_5.0.0.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEMTNyTWIHiBV56V1iHhNWiB3Y15EFAmltpVcRHG9zYW11QGRl
Ymlhbi5vcmcACgkQHhNWiB3Y15HLWg//ejV91Y/5T9VxKsez+KbsGtjhq2bwFQVm
7gi2l1uyaAm+fCdK0kfldPyBVwZH1pVmcfnwriWpJcOIEqWI1WBiM27lVt7tQS8e
MQ3NlfAKVRM6ITLwXDSwIVQSbTXPASZCAtDLz+Pl46nnQsS9hpTnlN6yz8aGQ/1g
nzkqiKBOojwIS05Ld3Py5/2AR7MmqDZG50BO/QjkJXbdWO+VjoosVb1DCV7e/AUp
NwTnLM4bD9LtTA8zykhjH+fgVc2P0ejbJPFBAJu20Q6uxA5RLLtfKfb0+WnFQnxQ
CCn7XDOoVlyjQq0G/XXlA8TcpZ3Yst5qZb76Tmyb1KxF341WGzE+sbD4FbrxOmNI
aASNFvZjEel8+55Z+hVnAaY3vjTIHwjSFIflq/X1tlgFxHxeT4tW5R3yvlYg9qLR
OSATxNv+XcTYgJI5dh1YSDG1OfY6kpC0R/QRq8t8JatxESfWrFGuL3/Aq9x4I7o/
shKlp2WGCewJDMdE6t/siEpcn/y4G9ki46AaKvujX632Pzf/oUKtRwZ0C3bD1UD/
FVOKZbMo7gr2wsat3EyonS4AwV+JaCQzLFjatHlPgewH8w2u8svIeu7HjnzT80xF
FIKC6K7jzcRN8lXno3yusJcGB5XEU6vjZSXxpY4gJRwMlJHZFNOh3FiFfbWGOEyZ
9SxxF+qBLp0=
=Z0cv
-----END PGP SIGNATURE-----

pgp_xxqIbSif_.pgp
Description: PGP signature

--- End Message ---