On Sat, May 16, 2026 at 07:46:44PM +0200, Alex wrote:
I was wondering about d/copyright files and their correctness when it comes to the information they contain about Free Software licenses contained in upstream projects.Let's assume an upstream project which has a sole author and includes a LICENSE file, say BSD-2-clause, in the project root. The simplest d/copyright stanza for that case - disregarding the debian/* contents in the package - would be: Files: * Copyright: YYYY The Author <[email protected]> License: BSD-2-clause Now, im my head, this implies that the upstream contained BSD 2 clause LICENSE was written by The Author in YYYY. While not necessarily dramatic, I think this is somewhat misleading. However, what is the alternative? Is there an authoritative source under which license every SPDX/OSI/CC License itself is (FWIW, lrc assumes under itself: GPLv3 as GPLv3 licensed) and who their actual copyright holders are?
We ignore this question. You should ignore it too. If you don't ignore it you may run into not being able to distribute certain license texts in main.
I'm not asking this out of a fetish for legal nitpicking, but rather from an automation angle: I'm evaluating the use of [spdx2debian][1] for the automated creation of d/copyright (in short: it's not quite there yet). spdx2debian converts the output of [reuse][2] lint (on spdx compliant projects) for the generation of the d/copyright entries. The [REUSE spec][3] - and therefore the reuse tool - disregard (i.e. do not require licensing headers) for the LICENSES/ directory as well as .license files (which contain licensing information for binary files) and some others. For spdx2debian this means, that its generated d/copyright will not contain entries for those files. This makes Lintian unhappy.
Not having Files: * is usually bad and makes the file hard to review.(I know nothing about REUSE, SPDX or the tool you mentioned, but with Files: * lintian wouldn't be unhappy when some individual files aren't mentioned)
-- WBR, wRAR
signature.asc
Description: PGP signature
