On Wed, Aug 26, 2015 at 11:14:48PM +0200, Thorsten Alteholz wrote: > On Tue, 25 Aug 2015, Santiago Vila wrote: > >Not having a debian/copyright file in the source package does not > >affect usability of the package in *any* way. > > If it is not possible to add the copyright and license information to the > binary package, it might violate some licenses and such the package may not > be distributed by Debian or may not be used on Debian systems. > > As the normal workflow of packaging is to collect the copyright and license > information in debian/copyright and copy that file into the binary package > during build, a missing file might make the package unusable. Of course, not > in a technical manner.
I think you are missing the point completely. I'm talking about packages shipping *proper* copyright files in their .deb that are generated by debian/rules at build time. There is absolutely no license, copyright or dfsg-freeness problem in doing that, and there is also no usability problem at all justifying the "important" severity. Moreover, normal workflow != mandatory. If you want to make it mandatory, what you should do is to modify policy so that it reads "must", not submitting a lot of similar bugs with inflated severity. > Anyway, in the light of source only uploads, how shall the copyright and > license information of the binary packages be verified, if there is no > debian/copyright? Either the maintainer or the ftpteam has to do the work. > Given that the package output of about 1000 maintainers needs to be checked > by just a few members of the ftpteam, the burden should be distributed on > the larger group. And experience shows that there is a check needed to > fulfill the DFSG. If that's really a problem, I think it would be fair to require that the very first time a package is uploaded, it's *not* done in source-only form. This way you will always have a copyright file available without having to build the package yourself. But there is something I don't understand. Do you *just* verify that there is a debian/copyright file in the source? You don't verify that it matches the actual copyright notices in the several *.c files etc? Surely that a mandatory debian/copyright file in the source might simplify your work a little bit (which is why you should try to modify policy in the first place), but such kind of help would be just a small fraction of the license and copyright checking anyway. So, to summarize, I don't think this is such a big problem.
