On Sun, May 17, 2026 at 11:53:29AM +0000, [email protected] wrote: > Hello, > upstream maintainer of "spdx2debian" here. Please note that I am not a DM > and don't have much experience in Debian packaging. > > > > I would just use a File: * stanza > > I often asked myself if someone at Debian ever checked that behavior with a > lawyer. > It is IMHO not OK to add a default license/copyright to every file that is > not covered by something else. > You can not guarantee that upstream add some new files and the DM is not > aware of them. But those > files then will be covered by the * stanza. This results in kind of illegal > situations.
Mmm, it is part of the Debian package maintainer's job to review all changes in a new upstream version. At the very least, it is *very* important for the Debian package maintainer to review any copyright or license changes, it is *very* important to also check for any breaking functionality changes, it is *very* important to also check for any new dependencies needed... so, in general, examining the changes between the old and the new upstream version is quite important. Even when it is not practical to examine each and every changed line, such as with big projects that do not release new versions very often, it is still a very, very, very good idea to at least scan all the changes and see if anything funny jumps out. I know I have caught newly-introduced bugs this way :) (of course, I have also missed newly-introduced bugs, but that is a completely different question) > > This might be an artifact of spdx2debian not (always or by default or > > never; would have to investigate) generating a catch-all Files: * > > Correct. "spdx2debian" works on 100%-spdx-compliant projects only. > If "reuse lint" is not satisfied so "spdx2debian" also won't be. > > As I stated on debian-devel I think the real solution should made on the > level of "reuse-tools" and not my tool or Debian. G'luck, Peter -- Peter Pentchev [email protected] [email protected] [email protected] PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
