licensecheck still broken

Thu Nov 19 16:33:25 UTC 2015

On Wednesday 18 November 2015 21:08:04 Nicholas Bamber wrote:
> 1.) Your thoughts on #472199? My reading of the bug report is you have 
> no interest in this as you provide the functionality in cme. On the 
> other hand I'd quite like something in this direction as this would 
> remove the need to map between the legacy licensecheck format and DEP-5 
> format.

It would be relatively easy to modify licensecheck to output DEP-5 format 
instead of the current format.

But who would want a dep-5 file with one paragraph per scanned file ?

That would create huge output for big packages.

> 2.) I was wondering about all the test scraps in the test/licensecheck . 
> We could (or perhaps more realistically "could if we writing the tests 
> now") get the test data from the Software::License module.

Err, as far as I know, there's no examples of file headers in Software::License 
module to test license data extraction.

Did I miss something ?

> Oh thinking about it a bit more, I guess I am asking if we could define
> what the precise role of licensecheck is.

I think its current role as data extractor is fine. We'll have more trouble 
finding maintainers later on if it does more like coalescing data.

> The problem of going from wild source code to DEP-5 is hard.
> 
> You seem to have attempted that in cme and good luck to you.

I'm trying to address 2 problems on top of data extraction:
- coalescing data. This is done in a library used by scan-copyrights and cme
- merging old copyright data with new one. This is done only by cme.

> I added a little of that to license-reconcile but I do not see it as its
> role. The idea is that once you have a license-reconcile config file, it
> can evolve with the source code and tie the copyright file and source
> code together with all moving in sync. That seems to me be the easiest
> approach in the long run and it asks very little of licensecheck.

I see license-reconcile as a tool to help a manual merge of old copyright data 
with new data. cme tries to do this automatically.

Note that ghostscript package seems to have a similar mechanism to reconcile 
copyright data.

> It could rely on licensecheck to produce DEP-5 license tags or it could
> handle it itself. I just want that effort is only invested into that job
> in the right places. Is licensecheck the right place or
> license-reconcile and cme?

If you mean producing license tags in dep5 format (i.e. "gpl-2", "gpl-2+"). 
Then yes, I think this should be done in licensecheck, but doing so without 
yet another option may break current tools (e.g. ghostscript package). 

> Similarly look at
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519080 . Is that going
> too far?

No. This bug is fine. I thought I fixed this in 2.15.6, but only the first 
owner is extracted. I'll fix this.

> I think we should either discuss a plan for these bugs or tag them wontfix.

Agreed. I think that #472199 should be tagged wontfix or its title should be 
changed to "need a tool to create dep-5 file from source file".

scan-copyrights does this work. I'm fine with extracting it from libconfig-
model-dpkg-perl once it has stabilized enough. 

All the best

-- 
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org