[Qa-debsources] SPDX generation issues
Orestis Ioannou
orestis at oioannou.com
Thu Jan 7 22:01:58 UTC 2016
On 01/07/2016 04:56 PM, Stefano Zacchiroli wrote:
> On Thu, Jan 07, 2016 at 11:04:58AM +0100, Orestis Ioannou wrote:
>> - Missing upstream name: native packages do not have an upstream name.
>> this is an easy fix i ll do it in my PR.
>>
>> - better error handling when somebody tries to generate the document but
>> gives incorrect or no version. I am at it and will fix it in the PR.
>
> OK, great!
>
Done those two and updated the PR.
>> - files paragraphs missing copyright field (required in the docs). for
>> example:
>> http://sourcesdev.debian.net/src/matplotlib/1.5.0~rc2-1/debian/copyright/#L67
>>
>> What's the best solution here? Ignore the paragraph? Give just none
>> fields? right now it just breaks but on the license rendering we provide
>> None fields for the ones we miss
>> http://sourcesdev.debian.net/copyright/license/matplotlib/1.5.0~rc2-1/
>
> I think we need more generally to decide what to do for invalid
> machine-readable d/copyright files. My proposal is to ignore them, and
> return an error indicating that they are invalid according to the spec.
> In an ideal world this work should be done in Debian more generally by
> an unrelated QA process/tooling. But right now we're probably the
> biggest consumer of machine-readable d/copyright, so it is kinda normal
> that we hit those errors earlier than others.
>
> Being conservative will give an incentive to our users to fix broken
> d/copyright files, or at least to report them as bug.
>
> To that end, however, we need to do better than fail with an "internal
> server error", we need to return a proper, user understandable error,
> embedded in a flask template. Relatedly, and in view of d/copyright
> parsing at package extraction time by Debsources, we should also think
> about loggging an appropriate error, so that we can easily grep the logs
> and report bugs accordingly.
>
Ok so i created a template for the copyright field and here is the outcome:
http://sourcesdev.debian.net/copyright/spdx/matplotlib/1.5.0~rc2-1/
If this is ok i ll try and create some more :)
Cheers,
Orestis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/qa-debsources/attachments/20160107/4c63a404/attachment.sig>
More information about the Qa-debsources
mailing list