1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • ITP of leancrypto and its debian/copyright

    From Simon Josefsson@21:1/5 to Simon Josefsson on Fri Jul 25 10:10:01 2025
    XPost: linux.debian.devel

    Working on 'leancrypto' packaging (which now build! see salsa pipeline
    below) made me consider life choices wrt debian/copyright.

    For several of my packages, I use 'lrc' to audit that debian/copyright
    file matches what 'licensecheck' thinks the license of files are.

    But what is the best tool to GENERATE a debian/copyright in a package
    with 1500+ files with different copyright and license information?

    I have heard about 'clscan' but using it does not seem straightforward
    to use, or at least I didn't understand how to use it. Are there any
    gentle introductions to it?

    I expect a tool to be able to either CREATE a template debian/copyright
    or UPDATE an existing debian/copyright (made from an earlier template)
    by searching through the content of a directory.

    A tool like that doesn't feel like rocket science these days.

    Could someone summarize the alternatives and share their experience with
    some of them?

    /Simon

    Simon Josefsson <[email protected]> writes:

    Packaging is materializing here:

    https://salsa.debian.org/debian/leancrypto/

    Automating debian/copyright generation somehow would help.

    /Simon

    -----BEGIN PGP SIGNATURE-----

    iQNoBAEWCAMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmiDOlAUHHNpbW9uQGpv c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA /iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx +3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0 +MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE 8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6 qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFooZPAQDnlevyaF9B tqMkb6FyKw8ILYNIvoMQsDuXZNnp+U+a/AEAo7UwwSUvctk/LNQVsVdMzavFh5I4 hXuUq2zUsK3Jxw0=
    =xB0h
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?SsOpcsOpbXkgTGFs?=@21:1/5 to All on Fri Jul 25 10:20:01 2025
    XPost: linux.debian.devel

    Le ven. 25 juil. 2025 à 10:08, Simon Josefsson <[email protected]> a
    écrit :

    Working on 'leancrypto' packaging (which now build! see salsa pipeline
    below) made me consider life choices wrt debian/copyright.

    For several of my packages, I use 'lrc' to audit that debian/copyright
    file matches what 'licensecheck' thinks the license of files are.

    But what is the best tool to GENERATE a debian/copyright in a package
    with 1500+ files with different copyright and license information?

    I have heard about 'clscan' but using it does not seem straightforward
    to use, or at least I didn't understand how to use it. Are there any
    gentle introductions to it?

    I expect a tool to be able to either CREATE a template debian/copyright
    or UPDATE an existing debian/copyright (made from an earlier template)
    by searching through the content of a directory.

    A tool like that doesn't feel like rocket science these days.

    Could someone summarize the alternatives and share their experience with
    some of them?

    /Simon

    Simon Josefsson <[email protected]> writes:

    Packaging is materializing here:

    https://salsa.debian.org/debian/leancrypto/

    Automating debian/copyright generation somehow would help.

    /Simon


    Did you have a look at
    https://wiki.debian.org/CopyrightReviewTools
    ?

    <div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Le ven. 25 juil. 2025 à 10:08, Simon Josefsson &lt;<a href="mailto:[email protected]">[email protected]</a>&gt; a écrit :
    <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Working on &#39;leancrypto&#39; packaging (which now build! see salsa pipeline<br>
    below) made me consider life choices wrt debian/copyright.<br>

    For several of my packages, I use &#39;lrc&#39; to audit that debian/copyright<br>
    file matches what &#39;licensecheck&#39; thinks the license of files are.<br>

    But what is the best tool to GENERATE a debian/copyright in a package<br>
    with 1500+ files with different copyright and license information?<br>

    I have heard about &#39;clscan&#39; but using it does not seem straightforward<br>
    to use, or at least I didn&#39;t understand how to use it.  Are there any<br> gentle introductions to it?<br>

    I expect a tool to be able to either CREATE a template debian/copyright<br>
    or UPDATE an existing debian/copyright (made from an earlier template)<br>
    by searching through the content of a directory.<br>

    A tool like that doesn&#39;t feel like rocket science these days.<br>

    Could someone summarize the alternatives and share their experience with<br> some of them?<br>

    /Simon<br>

    Simon Josefsson &lt;<a href="mailto:[email protected]" target="_blank">[email protected]</a>&gt; writes:<br>

    &gt; Packaging is materializing here:<br>
    &gt;<br>
    &gt; <a href="https://salsa.debian.org/debian/leancrypto/" rel="noreferrer" target="_blank">https://salsa.debian.org/debian/leancrypto/</a><br>
    &gt;<br>
    &gt; Automating debian/copyright generation somehow would help.<br>

    /Simon<br></blockquote><div><br></div><div>Did you have a look at</div><div><a href="https://wiki.debian.org/CopyrightReviewTools">https://wiki.debian.org/CopyrightReviewTools</a></div><div>?</div><div> </div></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Peter B@21:1/5 to All on Fri Jul 25 10:50:01 2025
    XPost: linux.debian.devel

    On 25/07/2025 09:17, Jérémy Lal wrote:

    Did you have a look at
    https://wiki.debian.org/CopyrightReviewTools
    ?

    and specifically cme
    https://tracker.debian.org/pkg/cme https://ddumont.wordpress.com/2015/04/05/improving-creation-of-debian-copyright-file/


    Cheers,
    Peter

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ahmad Khalifa@21:1/5 to Simon Josefsson on Fri Jul 25 17:30:01 2025
    XPost: linux.debian.devel

    On 25/07/2025 09:03, Simon Josefsson wrote:
    Working on 'leancrypto' packaging (which now build! see salsa pipeline
    below) made me consider life choices wrt debian/copyright.

    For several of my packages, I use 'lrc' to audit that debian/copyright
    file matches what 'licensecheck' thinks the license of files are.

    But what is the best tool to GENERATE a debian/copyright in a package
    with 1500+ files with different copyright and license information?

    Best tool at parsing individual text files is definitely licensecheck.

    It doesn't reconcile against the existing d/copyright and doesn't group
    years very well. And doesn't ignore known files (.git, COPYING, etc...)
    with certain args. And doesn't handle binary files gracefully.
    Still, excellent recognition of license/copyright on text files.

    I have heard about 'clscan' but using it does not seem straightforward
    to use, or at least I didn't understand how to use it. Are there any
    gentle introductions to it?

    I expect a tool to be able to either CREATE a template debian/copyright
    or UPDATE an existing debian/copyright (made from an earlier template)
    by searching through the content of a directory.

    decopy reconciles against existing d/copyright, but recognises a limited
    set of licenses and they have to be cleanly written.
    Handles mimetypes and checks images/fonts/pdfs/etc through exiftool though.

    A tool like that doesn't feel like rocket science these days.

    Could someone summarize the alternatives and share their experience with
    some of them?

    I start by looking at the output of:
    - `licensecheck --deb-machine --recursive .`
    - `decopy`

    Compare and see which one looks more accurate. You'll probably have to
    do a lot of cleanup, globbing and grouping.

    Neither will be usable as-is since upstream attached their copyright and disclaimer only to every file. And I think upstream is dual licensed to
    begin with, so tools won't recognise that.

    Alternatively, since upstream tracks 3rd party licenses in their LICENSE
    file, I would consider the manual route if that information is accurate
    enough.



    /Simon

    Simon Josefsson <[email protected]> writes:

    Packaging is materializing here:

    https://salsa.debian.org/debian/leancrypto/

    Automating debian/copyright generation somehow would help.

    /Simon

    --
    Regards,
    Ahmad

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)