Re: What are the benefits of a machine-parseable ‘debian/copyright’ file?
On Mon, 23 Mar 2009 11:59:29 +1100 Ben Finney ben+deb...@benfinney.id.au wrote: Are you saying that you don't want any BSD packages or that you're trying to make Debian out of only packages using GNU licences? I would find it useful, for example, to more easily determine which works, or parts of works, are FDL-licensed. It's easy to see that others would have similar opinions on other licenses. Then you are second-guessing ftp-master as well. How do you expect to get a working system on that basis? (I thought we were approaching some degree of sanity earlier on, but that has been left behind in this sub-thread, which is apparently trying to invent illusory benefits to justify what is increasingly sounding like a personal obsession.) You may disagree with the benefit, but it's not illusory. It certainly doesn't warrant changing every single package in order to support it and if not all packages support it, the benefit is unachievable. It's far easier for the user to prevent works they consider unacceptable from being installed in the first place, if that information is automatically discoverable from its metadata. If it's never installed in the first place, the need for deriving from it will be far less. That does not mean that it is worthwhile reformatting the debian/copyright file in every single source package across Debian. Have you any idea how much work that actually involves? Let me give you a hint - it isn't going to happen. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgpv43GU5wVLM.pgp Description: PGP signature
Re: What are the benefits of a machine-parseable ‘debian/copyright’ file?
Neil Williams codeh...@debian.org writes: On Mon, 23 Mar 2009 11:59:29 +1100 Ben Finney ben+deb...@benfinney.id.au wrote: Are you saying that you don't want any BSD packages or that you're trying to make Debian out of only packages using GNU licences? I would find it useful, for example, to more easily determine which works, or parts of works, are FDL-licensed. It's easy to see that others would have similar opinions on other licenses. Then you are second-guessing ftp-master as well. I don't know what you mean here. I'm not talking about whether a package is DFSG-free; I'm talking about having the copyright and license information discoverable before installing, to make a decision about the package on that pasis. How do you expect to get a working system on that basis? A working system without any FDL-licensed works? Pretty straightforward, I suspect; they're thankfully a minority of packages I consider non-essential. Or perhaps I'm wrong, and there *are* some FDL-licensed parts of packages that I consider important. In that case, I would consider it even more important that the copyright and license information be machine-parseable so that I can find out easily. It certainly doesn't warrant changing every single package in order to support it and if not all packages support it, the benefit is unachievable. Not true. Take debtags, for instance: the benefit of easily discovering the information they provide increases as more packages adopt them; more is better than fewer, and it's not necessary for every package to have debtags for it to be very useful. That does not mean that it is worthwhile reformatting the debian/copyright file in every single source package across Debian. Have you any idea how much work that actually involves? Let me give you a hint - it isn't going to happen. I'm not sure whose position you're arguing against here, but it's not mine. -- \ “I can picture in my mind a world without war, a world without | `\ hate. And I can picture us attacking that world, because they'd | _o__) never expect it.” —Jack Handey | Ben Finney pgpMXaPLRtbjy.pgp Description: PGP signature
Re: What are the benefits of a machine-parseable ‘debian/copyright’ file? (was: Sponsorship requirements and copyright files)
On Mon, 2009-03-23 at 10:03 +1100, Ben Finney wrote: Anyway, thanks for the work on the format. To me it seems to probably be a good thing. I hope this mail wasn't too negative. I find this a little confusing, since you spent most of your message saying how you *don't* think it's a good thing (nor, presumably, much of a bad thing), but thanks for the positive note :-) I think having a uniform format for debian/copyright is a good thing in general. It makes it easier to read and write. The problem is that I don't see much use for a machine-parsable format though at this point. Firstly (and most importantly for me), there are no tools to support it so there is no immediate benefit (except the improvement in readability). Secondly, the use-cases that have been pointed out are very limited and IMHO don't justify the amount of effort that has to be put into converting files. BTW, the use-case where you don't want to install FDL content and have some way for apt to warn you before doing so won't be solved by a new format because debian/copyright is written at the source-level and not on the binary package level (think -doc packages that have FDL stuff and -bin packages that have other-licensed stuff). (not that I've given this too much thought) Also I think that for complexly licensed packages a single line wouldn't do justice to the license at all (think of a GPL-licensed work with some BSD-licensed source parts, CC-licensed documentation, MIT-licensed whatever, etc,). For those, if you would be really interested, you would have to read the copyright files completely anyway (either that or GPL + CC docs would also do it). I have converted a couple of my packages to the new format (it's probably old by now) but for a more recent one (nss-ldapd) I skipped because the wiki page was unreadable and it would also be more effort (patches are welcome though ;) ). Note that this is completely separate from whether or not to list all copyright holders and for which files to list them. I would like to see some simplifications here or at least some rationale (but that's another subthread). -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Re: What are the benefits of a machine-parseable ‘ debian/copyright’ file?
On Mon, 23 Mar 2009 10:03:10 +1100 Ben Finney ben+deb...@benfinney.id.au wrote: * Display of the copyright notices, license grant and terms (in e.g. ‘aptitude’) when deciding whether or not to install a package. I don't see how that is a real gain, except for packages in non-free. Are we looking for a problem to justify the solution perhaps? Are you saying that you don't want any BSD packages or that you're trying to make Debian out of only packages using GNU licences? This thread gets more and more insane. (I thought we were approaching some degree of sanity earlier on, but that has been left behind in this sub-thread, which is apparently trying to invent illusory benefits to justify what is increasingly sounding like a personal obsession.) * Display (or via a link) of the copyright notices, license grant and terms on the package-specific pages at ‘packages{,.qa}.debian.org’. Hasn't it been established that lists of names and email addresses of copyright holders are not a priority for content because updating the list imposes an intolerable workload on many maintainers, either with lots of packages, large packages or packages with high upstream turnover? debian/copyright should be restricted to only that data that is essential for the LICENCES specified in the package and not all licences require any names of copyright holders, let alone all. Let's wait for the review of just what is required before trying to justify the proposal with an illusory benefit that could be completely undermined by the licences themselves. Perhaps you have never factored license terms into your decisions as a prospective user of a package, pre-installation; I do, all the time, since I want to know what I'm getting myself in for before adding a work to my computer's operating system. The whole point of main is that this doesn't need to be a day-to-day decision. Licences of packages in main only become an issue when developing code that will link against it. There is no need for any new tool for that purpose. As for copyright notices, if the work is in a field of interest to me, then I'm interested to know who wrote it. Reputation is one of the greatest benefits reaped by a developer of free software; having their copyright notice automatically and visibly connected with the package can only increase this, and I consider that a very good thing. Which copyright holder? The first one or #543 ? Do you really care if someone you know contributed one significant patch to a codebase of tens of millions of lines? Do you really want an unverifiable, unmaintainable and almost-guaranteed out-of-date list? For what possible purpose? I see no gain here. Have you watched the GNOME About box? It goes on for what seems like weeks. If I'm developing software and I want to use another piece of software (e.g. library, framework or component) I check the license (I don't care about the copyright holders btw.) and perhaps sometimes I check the copyright file but most of the time I just check what upstream put on their website. For these seldom uses a common format or tools wouldn't help me much. The copyright notices and license terms on the work in Debian only infrequently bears relation to what upstream puts on their website, not least because a great many upstream websites have *no* copyright or license information easily discoverable. Developers choose a new library, framework or component on a very infrequent basis, even upstream. The licence is only part of the decision process of such a change. It can take years to port an application from one version of a framework to the next (witness gtk1.2) let alone to a completely new framework. A few extra seconds to look at the actual licence from the actual source is hardly a significant loss - you'll be spending a lot of time reading the source anyway. Then there is the (admittedly less frequent, but undiscoverable without looking at the Debian copyright information for the work) issue of the upstream copyright information differing from what was packaged for Debian. Which only becomes more likely if you expect a list of copyright holders in debian/copyright because it can never be 100% complete across all of Debian, if only because upstream don't have a full list themselves. I can understand there may be benefits of a parsable format but I don't directly see enough gain. On the other hand there seems to be a lot of (perceived) cost involved (maintainer work). As has been pointed out many times, there should be no significant increase in the amount of writing to generate one of the machine-parseable ‘debian/copyright’ files. Only if the file does *not* require a detailed list of copyright holders. Conversion of existing files is also a huge burden. It merely imposes a consistent structure, much like the ‘debian/control’ file, or the pseudo-header of a Debian BTS report. Nothing about the proposal is merely anything. --
Re: What are the benefits of a machine-parseable ‘debian/copyright’ file?
Neil Williams codeh...@debian.org writes: On Mon, 23 Mar 2009 10:03:10 +1100 Ben Finney ben+deb...@benfinney.id.au wrote: * Display of the copyright notices, license grant and terms (in e.g. ‘aptitude’) when deciding whether or not to install a package. I don't see how that is a real gain, except for packages in non-free. And for those cases where users disagree with decisions of what works should or should not be considered free. That's certainly not illusory; such differences have always existed. Are you saying that you don't want any BSD packages or that you're trying to make Debian out of only packages using GNU licences? I would find it useful, for example, to more easily determine which works, or parts of works, are FDL-licensed. It's easy to see that others would have similar opinions on other licenses. (I thought we were approaching some degree of sanity earlier on, but that has been left behind in this sub-thread, which is apparently trying to invent illusory benefits to justify what is increasingly sounding like a personal obsession.) You may disagree with the benefit, but it's not illusory. Perhaps you have never factored license terms into your decisions as a prospective user of a package, pre-installation; I do, all the time, since I want to know what I'm getting myself in for before adding a work to my computer's operating system. The whole point of main is that this doesn't need to be a day-to-day decision. Licences of packages in main only become an issue when developing code that will link against it. There is no need for any new tool for that purpose. It's far easier for the user to prevent works they consider unacceptable from being installed in the first place, if that information is automatically discoverable from its metadata. If it's never installed in the first place, the need for deriving from it will be far less. -- \ “Oh, I love your magazine. My favorite section is ‘How To | `\ Increase Your Word Power’. That thing is really, really, | _o__) really... good.” —Homer, _The Simpsons_ | Ben Finney pgpR2oBUJpZdk.pgp Description: PGP signature