On Sun, Aug 28 2022 at 10:07:27 PM +02:00:00 +02:00:00, Martin Dosch
<[email protected]> wrote:
Hey Abraham,
On 29.08.2022 01:05, Abraham Raji wrote:
What can we possibly do to make the situation better?
I am pretty new to debian packaging and I am by no means an expert in
licensing issues, but from my understanding it should not happen that
a package with a dependency on package that has no license or
inappropriate license get's packaged as Debian requires each
dependency to be packaged for Debian.
But maybe we should also mention all licenses of dependencies in the
Debian packages of golang programs as otherwise the licenses of
build-time dependencies (which are used to generate the binary) are
not shown to the user. Ideally this could be automated. But as I said
before I am no expert on this topic, so I'm curious what others have
to say on this topic.
I don't know if this is sufficient, but there is a Built-Using field in
the binary package which can be used to check the licenses of the
modules used to build the binary. If required, the same logic can be
extended to combine the copyright files of all the modules to a single
file automatically during build or make a tool that can show combined
copyright using the Built-Using filed.
Best regards,
Martin
