Le Fri, Sep 05, 2014 at 01:09:09PM -0400, Scott Kitterman a écrit :
> 
> grep -ir copyright * 
> 
> Do that over your source and then compare what you have in debian/copyright.  
> You might be surprised how often that turns up missing stuff.  Check your own 
> packages at least as carefully as you expect the FTP Team to check it.

Hi Scott, FTP team and everybody,

to have a perfect match between the names listed in debian/copyright and the
names found in the copyright statements in the upstream source files requires a
considerable amount of work, and in the case of some licenses this work is not
necessary for compliance.

It has been sometimes argued that this work is useful for the review process,
to prove that the source files have been inspected systematically and in
details.  However, when I reviewed some packages in the NEW queue
(<https://wiki.debian.org/CopyrightReview>), I found little value for this
information: what really matters is when license statements are missed.

I therefore propose to focus the review of the NEW queue on license compliance,
since this the point where errors can have the broadest consequences on Debian
as a whole.

In my impression from what I read on this mailing list, there is a positive
opinion in general about the fact that packages are more throuroughly checked
by the FTP team, as it increases Debian's quality, and indeed I agree that if
we could get this with little effort it would be great.  But in practice we can
see that it does not scale and the consequence is that packages need monthes
for being reviewed.  Therefore, let's not ask for the impossible; instead,
let's seek for the same level of quality through other processes.

In other distributions like Fedora, new packages are peer-reviewed in a public
issue tracker, in a way that is not unlike the "requests for sponsorship" (RFS)
on the debian-mentors mailing list.  I think that it would be reasonable to
require such reviews in Debian as well.  The existence of such a review
would not increase the work load of the FTP team if the inspections in the NEW
queue would be focused on license compliance, that can be done independantly
without reading the all the messages generated during the peer review.

In summary, a radical way to reduce the work load generated by the NEW queue
would be to split that work, leaving only licence compliance checks and
approval of new Free licenses to the queue, and transferring the checks for
DFSG compliance (missing source files, non-free licenses, ...) and quality in
general to another stage of package production.

Have a nice week-end,

-- 
Charles Plessy


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140906090810.gf31...@falafel.plessy.net

Reply via email to