Package: debmake Version: 4.5.3 Severity: wishlist X-Debbugs-CC: [email protected], [email protected], [email protected]
(I CCed a few DDs who gave me some input on license scanner.) While reviewing recently closed #1121378 https://bugs.debian.org/1121378 , I realized d/copyright generation needs to be updated. As mentioned in #1121378, CC0-1.0 and MPL-1.1 and MPL-2.0 needs to be addressed at least. While looking for the best practice example for CC0-1.0 using: https://codesearch.debian.net/search?q=CC0-1.0 I found glibc package includes SPDX reference https://sources.debian.org/src/glib2.0/2.86.3-4/debian/copyright?hl=1091#L1091 License: CC0-1.0 SPDX license expression "CC0-1.0": https://spdx.org/licenses/CC0-1.0.html On Debian systems, the complete text of the CC0 Public Domain Dedication can be found in "/usr/share/common-licenses/CC0-1.0". I also saw: License: Expat SPDX license expression "MIT": https://spdx.org/licenses/MIT.html . Permission is hereby granted, free of charge, to any person obtaining a copy ... This style of text including SPDX reference is a nice one and the updated output of debmake may follow this style. As recorded in Debain wiki: CopyrightReviewTools https://wiki.debian.org/CopyrightReviewTools there are many existing tools. Considering the core function of debmake is generating template file for Debian packaging, if possible, delegating Copyright Scanning Task to other program is one option to keep this debmake maintainable. I consider licensecheck mostly by Jonas Smedegaard to be the leading scanner. https://tracker.debian.org/pkg/licensecheck (Problem is it is in Perl which I don't use much.) Jonas has interesting discussion: https://lists.debian.org/debian-devel/2019/12/msg00197.html (Mo Zhou) https://lists.debian.org/debian-devel/2019/12/msg00207.html (Jonas) Since debmake and licensecheck scanner use different heuristics and different focus on generated output, it may not be easy to swap out current code with external call to licensecheck. (debmake has extensive MIT/Expat license variant extraction to d/copyright.) For now, it may be worth updating this debmake lc.py with minimal changes. (I may just call licensecheck as external program in the future.) * MIT programs and similar tend to embed full license text itself. * GPL programs and similar tend to embed license assignment text while optionally including full LICENSE text as a separate file. * Perl programs may be dual licensed and needs to use license expression in d/copyright. Scanner needs to be careful. Here are some notable resources to be considered for updating debmake: Debain Policy: 12.5. Copyright information https://www.debian.org/doc/debian-policy/ch-docs.html#copyright-information Machine-readable debian/copyright file https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field Machine-readable debian/copyright file: 7.1. Short name https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name SPDX License List https://spdx.org/licenses/ Differences between DEP5 and SPDX https://wiki.debian.org/Proposals/CopyrightFormat#Differences_between_DEP5_and_SPDX This is mostly my reminder for updating debmake.
