On Tue, 26 May 2020 08:13:24 -0400 Sam Hartman <hartm...@debian.org> wrote:
> Unfortunately, being a member of Debian, I find myself getting stuck in > the details and think you may have gotten a few things wrong. > > * I think that reviewing a file every time the salt changes is too > frequent. > It is a sign that we might need to review, not that we certainly do. > We don't tend to review files every time they change today, and I > think pushing toward this would be problematic. At the moment, when a package hits binNEW or NEW, *all* files need to be re-checked by the reviewer. There is no single-file review. This is appropriate because there are many times where code copies have been added to the source but not added to d/copyright. Some of these code copies are even embedded in previously-reviewed files that have another license. Pushing this direction would reduce efforts, not increase them. > * Unfortunately the srcpkg-bool problem does not decompose into a set of > file-bool problems the way you describe. > The issue is license compatibility. > Two licenses may be DFSG-free, but their combination may not be > distributable (and thus not DFSG-free). Two DFSG-free but incompatible licenses is a non-trivial concern and likely only caught in more extreme cases. This is really something that should become a lintian check that only reads through d/copyright. > Next Steps > > The biggest thing I see missing here is what are the next steps? > If we agree with your principles, what next? > How does this work go forward? Mo has made it clear that his ambition has run out. However, we had many discussions, including with ftpteam members, prior to either of our announcements. In a sense, libAWSL is aimed at being both a stand-alone utility as well as a module usable by the project I previously described. It's probably worth noting, based on previous conversation, I don't expect anyone in ftpteam would want to see anything discussed implemented as a formal review tool. Therefor, my own goal is to ultimately build a tool that focuses on package uploaders, so that they can be confident their package will be approved. If there are developers interested in working on this tool, I'd be happy to discuss further in #debian-review and write an actual requirements document to aid collaboration and development.