Acknowledgement sent
to Guillem Jover <[email protected]>:
New Bug report received and forwarded. Copy sent to Debian Policy Editors <[email protected]>.
(Thu, 07 Nov 2019 12:18:05 GMT) (full text, mbox, link).
Subject: debian-policy: Source provenance requirement is WET
Date: Thu, 7 Nov 2019 13:16:30 +0100
Package: debian-policy
Version: 4.4.1.1
Severity: wishlist
Hi!
We currently require (with a must) in section §12.5, to add to the
debian/copyright, where the upstream source was obtained from:
,---
In addition, the copyright file must say where the upstream sources
(if any) were obtained, …
`---
This means that when using a debian/watch file one has to duplicate
the information in two places, with the possibility of this getting
out-of-sync, etc.
In addition the machine readable debian/copyright format, specifies
the Source field as optional, which could perhaps be interpreted as
contradict what policy says.
IMO, ideally the requirement in policy would be lifted by clarifying
that the information should be provided in *either* debian/copyright
or debian/watch.
The other option would be, I guess, to turn the Source field into a
required one. If that's not desired to be done from the
copyright-format itself (because the format can be considered more
general and there's no need for this requirement from the parsing PoV)
then this requirement could perhaps be added from the policy side.
I just noticed recently I've been creating non-compliant packages for
a while. :/ Once there's a decision either way we could add lintian
tags so that we do not miss this kind of problem.
Thanks,
Guillem
Acknowledgement sent
to Russ Allbery <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Thu, 07 Nov 2019 17:09:09 GMT) (full text, mbox, link).
Subject: Re: Bug#944296: debian-policy: Source provenance requirement is WET
Date: Thu, 07 Nov 2019 09:00:29 -0800
Guillem Jover <[email protected]> writes:
> This means that when using a debian/watch file one has to duplicate
> the information in two places, with the possibility of this getting
> out-of-sync, etc.
> In addition the machine readable debian/copyright format, specifies
> the Source field as optional, which could perhaps be interpreted as
> contradict what policy says.
> IMO, ideally the requirement in policy would be lifted by clarifying
> that the information should be provided in *either* debian/copyright
> or debian/watch.
Personally, I usually find they're not the same thing. debian/watch wants
a very specific technical URL (the path to the download ___location), whereas
I usually use the Source file to specify a higher-level view of the
project.
That's not an argument against your point that this is duplicative; it's
just that I find Source to more normally duplicate Homepage in
debian/control than duplicate debian/watch.
Anyway, I have also found this an odd fit for debian/copyright if one
views debian/copyright as being for the legally-mandated notices plus
license information for Debian package users. I suspect that it's a
combination of that Policy text predating both Homepage and uscan.
I'm in favor of dropping this information from debian/copyright and
instead writing some language saying that packages should include this
information in Homepage in debian/control and, if there's a substantial
non-obvious difference between the package home page and how to download
it, put download information in debian/watch.
--
Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
Acknowledgement sent
to Guillem Jover <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Thu, 07 Nov 2019 18:00:08 GMT) (full text, mbox, link).
Subject: Re: Bug#944296: debian-policy: Source provenance requirement is WET
Date: Thu, 7 Nov 2019 18:57:14 +0100
On Thu, 2019-11-07 at 09:00:29 -0800, Russ Allbery wrote:
> Guillem Jover <[email protected]> writes:
> > This means that when using a debian/watch file one has to duplicate
> > the information in two places, with the possibility of this getting
> > out-of-sync, etc.
>
> > In addition the machine readable debian/copyright format, specifies
> > the Source field as optional, which could perhaps be interpreted as
> > contradict what policy says.
>
> > IMO, ideally the requirement in policy would be lifted by clarifying
> > that the information should be provided in *either* debian/copyright
> > or debian/watch.
>
> Personally, I usually find they're not the same thing. debian/watch wants
> a very specific technical URL (the path to the download ___location), whereas
> I usually use the Source file to specify a higher-level view of the
> project.
>
> That's not an argument against your point that this is duplicative; it's
> just that I find Source to more normally duplicate Homepage in
> debian/control than duplicate debian/watch.
Hmm, right, that just depends on the upstream project. I guess these
tend to converge in the following way:
debian/watch → Source: → Homepage:
As in you could have the three being distinct, all the same (well the
URL in debian/watch being extended by the filename part), or two from
each side being equal.
> Anyway, I have also found this an odd fit for debian/copyright if one
> views debian/copyright as being for the legally-mandated notices plus
> license information for Debian package users. I suspect that it's a
> combination of that Policy text predating both Homepage and uscan.
>
> I'm in favor of dropping this information from debian/copyright and
> instead writing some language saying that packages should include this
> information in Homepage in debian/control and, if there's a substantial
> non-obvious difference between the package home page and how to download
> it, put download information in debian/watch.
I would not even really mind keeping the Source: information (even if
we considered debian/copyright not to be the best place, and planned to
eventually move it elsewhere), as long as it's different from the other
two locations.
So I guess the core of the problem I see is that the Source field is
always required.
Thanks,
Guillem
Acknowledgement sent
to gregor herrmann <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Sat, 09 Nov 2019 14:18:03 GMT) (full text, mbox, link).
On Thu, 07 Nov 2019 09:00:29 -0800, Russ Allbery wrote:
> > IMO, ideally the requirement in policy would be lifted by clarifying
> > that the information should be provided in *either* debian/copyright
> > or debian/watch.
>
> Personally, I usually find they're not the same thing. debian/watch wants
> a very specific technical URL (the path to the download ___location), whereas
> I usually use the Source file to specify a higher-level view of the
> project.
>
> That's not an argument against your point that this is duplicative; it's
> just that I find Source to more normally duplicate Homepage in
> debian/control than duplicate debian/watch.
Just as an additional data point: For the average perl package, the
URL is the same in all three places (Homepage in d/control, Source in
d/copyright, and d/watch). [0]
Not a big deal, especially since we handle this mostly automatically,
but still this triplication (is this a word?) doesn't make too much
sense.
> I'm in favor of dropping this information from debian/copyright and
> instead writing some language saying that packages should include this
> information in Homepage in debian/control and, if there's a substantial
> non-obvious difference between the package home page and how to download
> it, put download information in debian/watch.
Sounds good to me.
Cheers,
gregor
[0] https://metacpan.org/release/Foo-Bar
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- NP: Soluna Samay: Sing Out Loud
Acknowledgement sent
to Sean Whitton <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Sat, 09 Nov 2019 15:57:05 GMT) (full text, mbox, link).
Hello,
On Thu 07 Nov 2019 at 09:00AM -08, Russ Allbery wrote:
> I'm in favor of dropping this information from debian/copyright and
> instead writing some language saying that packages should include this
> information in Homepage in debian/control and, if there's a substantial
> non-obvious difference between the package home page and how to download
> it, put download information in debian/watch.
For a lot of packages I've put some sort of git web view URL into the
Source: field and a descriptive homepage into the Homepage: field.
I don't think this is a very strong reason not to drop the Source:
field, since the descriptive homepage will usually have a link to the
git web view. But I thought I'd note my experience.
--
Sean Whitton
Acknowledgement sent
to Guillem Jover <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Sat, 16 Nov 2019 03:18:02 GMT) (full text, mbox, link).
Subject: Re: Bug#944296: debian-policy: Source provenance requirement is WET
Date: Sat, 16 Nov 2019 04:13:41 +0100
On Sat, 2019-11-09 at 08:55:23 -0700, Sean Whitton wrote:
> On Thu 07 Nov 2019 at 09:00AM -08, Russ Allbery wrote:
> > I'm in favor of dropping this information from debian/copyright and
> > instead writing some language saying that packages should include this
> > information in Homepage in debian/control and, if there's a substantial
> > non-obvious difference between the package home page and how to download
> > it, put download information in debian/watch.
>
> For a lot of packages I've put some sort of git web view URL into the
> Source: field and a descriptive homepage into the Homepage: field.
If upstream does not release tarballs, then I guess that usage of the
Source: field seems appropriate, otherwise it looks a bit like a
stretch?
> I don't think this is a very strong reason not to drop the Source:
> field, since the descriptive homepage will usually have a link to the
> git web view. But I thought I'd note my experience.
Just to clarify, I didn't intend to propose drop the field, just for
example to make it optional when the same information is elswhere in
the packaging.
Thanks,
Guillem
Acknowledgement sent
to Sean Whitton <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Policy Editors <[email protected]>.
(Sat, 16 Nov 2019 16:54:02 GMT) (full text, mbox, link).
Hello,
On Sat 16 Nov 2019 at 04:13AM +01, Guillem Jover wrote:
> On Sat, 2019-11-09 at 08:55:23 -0700, Sean Whitton wrote:
>> On Thu 07 Nov 2019 at 09:00AM -08, Russ Allbery wrote:
>> > I'm in favor of dropping this information from debian/copyright and
>> > instead writing some language saying that packages should include this
>> > information in Homepage in debian/control and, if there's a substantial
>> > non-obvious difference between the package home page and how to download
>> > it, put download information in debian/watch.
>>
>> For a lot of packages I've put some sort of git web view URL into the
>> Source: field and a descriptive homepage into the Homepage: field.
>
> If upstream does not release tarballs, then I guess that usage of the
> Source: field seems appropriate, otherwise it looks a bit like a
> stretch?
Well, if the tarballs are an afterthought for upstream (perhaps
automatically generated by git-archive(1) on GitHub's releases page)
then I think it's appropriate.
--
Sean Whitton
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.