Re: New DEP: Usage of SDPX in debian/copyright

2022-02-12 Thread Charles Plessy 
Le Tue, Feb 08, 2022 at 04:02:20PM +0100, Stephan Lachnit a écrit :
> I would like to request to take the next available DEP number (17 as
> of today). It is about using the SPDX specification as an alternative
> to the machine-readable debian/copyright (previously DEP-5). An
> initial discussion was started on debian-devel [1], and since there
> have been no large objections I would like to formalize it.
> 
> For now, am I the only driver of this DEP. I would like to maintain
> the DEP in the DEP Team's repository [2].

Dear Stephan,

thank you for your initiative.

I just added you to the dep-team/deps project on Salsa.  Please open
issues if you have technical problems while adding DEP17.

Have a nice week-end,

Charles

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from work,   https://mastodon.technology/@charles_plessy
Tooting from home, https://framapiaf.org/@charles_plessy


signature.asc
Description: PGP signature

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Russ Allbery 
Jonas Smedegaard  writes:

> Are we discussing one (or more) of those topics here or at d-devel, or
> both?!?

Sorry, I for some reason thought the DEP discussion was moving here and
had it stuck in my head that debian-project was where DEPs are discussed.
I'll discuss this in debian-devel instead.

-- 
Russ Allbery (r...@debian.org)

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Dominik George 
Hi,

> No one uses our RFC-2822-style thing except us, and no one has tools for it

Well, then they should just apt install them.

I failed to understand SPDX until today (with the exception of the license 
specifiers), which is mostly due to the quadrillion different formats SPDX data 
can come in.

I am totally for aligning the License: field with SPDX licence specifications, 
but that's it. For everything else, SPDX is a PITA.

-nik

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Felix Lechner 
Hi,

On Tue, Feb 8, 2022 at 9:31 AM Russ Allbery  wrote:
>
> No one uses our RFC-2822-style thing except us, and no one has tools
> for it, so people are understandably quite reluctant to adopt it.

I agree with that assessment.

As far as I understand the situation of DEP-5 tooling, I may now have
(reluctantly) implemented in Lintian the most commonly used—and
therefore the authoritative—parser for the DEP-5 format. [1] I am only
aware of one other relevant implementation. [2]

> it really should have been (a restricted subset of) YAML

The issue with DEP-5 is not merely one of format. The standard is also
not fully specified. [3]

> My hope is that we can reuse standard data
> in a format that upstreams will start supplying, thus reducing the amount
> of Debian-specific work we need to do.

There is an opinion, possibly a minority, that the purpose of the
d/copyright file is to supply license information only for installable
packages. [4] For sources, there are other mechanisms, such as
comments or COPYRIGHT files, that are unlikely to be replaced by this
or other efforts.

Some folks even ship different copyright files with installables
generated from the same sources. [5]

Kind regards,
Felix Lechner

[1] 
https://salsa.debian.org/lintian/lintian/-/blob/master/lib/Lintian/Check/Debian/Copyright/Dep5.pm
[2] https://bugs.debian.org/1000319
[3] https://bugs.debian.org/969541
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672284#31
[4] https://bugs.debian.org/672284

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Stephan Lachnit 
On Tue, Feb 8, 2022 at 6:55 PM Jonas Smedegaard  wrote:
>
> Are we dicussing the request to take DEP-17 for a 3rd copyright file
> format, or more generally how to best integrate SPDX in copyright files,
> or something else?
>
> Are we discussing one (or more) of those topics here or at d-devel, or
> both?!?
>
> I tried to encourage keeping the broader discussion at d-devel by only
> pointing towards it from here, but perhaps that was wrong/silly...

To answer this quickly: the former one is my plan. But plans won't
always work, so I will also look at the latter option (i.e. REUSE ->
SPDX -> DEP5). Note that DEP5 -> SPDX is afaik not possible
standalone, but REUSE essentially is already a DEP5 -> SPDX converter
if given the source files.

Regards,
Stephan

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Jonas Smedegaard 
Quoting Russ Allbery (2022-02-08 18:22:46)
> Jonas Smedegaard  writes:
> > Quoting Stephan Lachnit (2022-02-08 16:02:20)
> 
> >> I would like to request to take the next available DEP number (17 as of
> >> today). It is about using the SPDX specification as an alternative to
> >> the machine-readable debian/copyright (previously DEP-5).  An initial
> >> discussion was started on debian-devel [1], and since there have been
> >> no large objections I would like to formalize it.
> 
> > Sorry that I initially missed it - I have now shared my objection to the 
> > idea at that thread: 
> > https://lists.debian.org/164433477648.2636895.1692225734052...@auryn.jones.dk
> 
> The point, as I understand it, [...]

Are we dicussing the request to take DEP-17 for a 3rd copyright file 
format, or more generally how to best integrate SPDX in copyright files, 
or something else?

Are we discussing one (or more) of those topics here or at d-devel, or 
both?!?

I tried to encourage keeping the broader discussion at d-devel by only 
pointing towards it from here, but perhaps that was wrong/silly...


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Russ Allbery 
Jonas Smedegaard  writes:
> Quoting Stephan Lachnit (2022-02-08 16:02:20)

>> I would like to request to take the next available DEP number (17 as of
>> today). It is about using the SPDX specification as an alternative to
>> the machine-readable debian/copyright (previously DEP-5).  An initial
>> discussion was started on debian-devel [1], and since there have been
>> no large objections I would like to formalize it.

> Sorry that I initially missed it - I have now shared my objection to the 
> idea at that thread: 
> https://lists.debian.org/164433477648.2636895.1692225734052...@auryn.jones.dk

The point, as I understand it, of the SPDX specification is to be even
more machine-readable, which implies to me that we could generate the
current debian/copyright format from it, and possibly vice versa.  I think
the best way to move forward with compatibility with SPDX may be to
improve our side so that we can consume that format and capture all of the
same information (think JSON and YAML interoperability), which would allow
us to use tools from their ecosystem while still producing the same output
files that people are used to today.

This is a hindsight is 20/20 sort of thing, and I was among the people who
resisted doing the right thing at the time (mea culpa), but we kind of
shot ourselves in the foot with the current debian/copyright format.  No
one uses our RFC-2822-style thing except us, and no one has tools for it,
so people are understandably quite reluctant to adopt it.  In hindsight,
it really should have been (a restricted subset of) YAML or something else
that everyone else knows how to use; if it had been, I'm not sure we'd be
in a situation where the rest of the industry is going in a different
direction.  But that's where we're at, and I think we're at significant
risk of ending up in a dead end and thus not being able to take advantage
of a ton of licensing work that's being done upstream but is in a format
that we don't use, requiring us to tediously recreate that work instead.

My goal in this discussion is to avoid that.  I don't really care that
much about what the canonical output format is because, if done properly,
I think we should be able to generate multiple output formats from the
same data with minimum effort.  My hope is that we can reuse standard data
in a format that upstreams will start supplying, thus reducing the amount
of Debian-specific work we need to do.

To make that concrete, I want to ship structured copyright and license
information with all of my upstream packages.  I'm currently doing that in
Debian's format, but Debian's format is not useful to anyone other than
Debian.  I plan on switching to SPDX or REUSE or something similar because
then someone else has a hope of being able to consume that data.  The
thought of then having to do additional work when packaging to cater to
Debian is very unappealing; I want to be able to fully automate generating
the debian/copyright file from the data that I'm already maintaining
upstream.

-- 
Russ Allbery (r...@debian.org)

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Russ Allbery 
Stephan Lachnit  writes:

> I would like to request to take the next available DEP number (17 as of
> today). It is about using the SPDX specification as an alternative to
> the machine-readable debian/copyright (previously DEP-5). An initial
> discussion was started on debian-devel [1], and since there have been no
> large objections I would like to formalize it.

Thank you very much for working on this!  I've been looking at adopting
this for all the packages for which I'm upstream, and really appreciate
other people also looking at it so that we can figure out the best
approach.

-- 
Russ Allbery (r...@debian.org)

Re: New DEP: Usage of SDPX in debian/copyright

2022-02-08 Thread Jonas Smedegaard 
Quoting Stephan Lachnit (2022-02-08 16:02:20)
> I would like to request to take the next available DEP number (17 as 
> of today). It is about using the SPDX specification as an alternative 
> to the machine-readable debian/copyright (previously DEP-5).  An 
> initial discussion was started on debian-devel [1], and since there 
> have been no large objections I would like to formalize it.

Sorry that I initially missed it - I have now shared my objection to the 
idea at that thread: 
https://lists.debian.org/164433477648.2636895.1692225734052...@auryn.jones.dk

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature