On Sun, Nov 16, 2025 at 05:48:16PM +0100, Simon Josefsson wrote: > Adrian Bunk <[email protected]> writes: > > A better workflow would be something like: > > - a dh_copyright creates and updates debian/copyright > > - the build aborts on non-trivial changes[1] > > - the maintainer reviews the changes when the build aborted > > (including after the initial packaging) > > Yes! What do you think about designing it similar to how we handle > debian/*.symbols file? That is, dh_copyright would generate a > debian/copyright based on upstream source code and compare that with > debian/copyright and barf on diffs? >...
My footnote contains an example for the same mechanism on a different file. > I have had good success using 'licenserecon' for verifying license > compliance in many packages, but I have yet to find a good enough > mechanism to curate the debian/copyright file from upstream sources. >... There are also decopy and a few other tools: https://wiki.debian.org/CopyrightReviewTools > > It would also be good to discuss with a lawyer what actual legal > > requirements are. > ... > > It is not clear to me whether debian/copyright is required for legal > > reasons at all,[2] > > Reproducing whatever upstream say about copyright and licensing is > probably sufficient and the right thing to do regardless. My footnote goes in the same direction, but there are at least two reasons why consulting a lawyer might still be helpful: 1. Both for the people implementing tooling and later discussions it would be helpful and less time-consuming when a qualified opinion on what is actually required exists. 2. We do support users distributing products without /usr/share/doc on the technical side (Policy 12.3.), and the legal side of that runs into the same issue no matter what is in debian/copyright. > /Simon cu Adrian
