Peer review for package copyright files

give two to get one

Goal

Increase the quality of the file debian/copyright in our source packages, especially before or during submitting new packages to the Debian archive.

Principle

We barely can see things that are at the tip of our nose. After working many hours on a package, a single person will eventually miss details that would be obvious to the naive eye. The solution of this is peer review, where other people check our work and in return we check the work of others (not necessary the same people).

When a package is ready for upload, before calling for review of your debian/copyright file by two developers who will report if it has problems or if it is complete, please review two packages. This is the sense of the slogan: make two reviews to make one package reviewed.

Alternatively, after uploading to NEW, review the two packages that are above yours in the queue. In order to make it easier for others to review your packages, please publish it somewhere, in a VCS or on DebianMentorsNet, for instance, and indicate the URL in your ITP bug. If somebody finds an error in your debian/copyright file, do not hesitate to re-upload a corrected package: this will not make it move back in the queue.

Mode of operation

Lists of packages

New packages are identified by their WNPP bug. Packages waiting for review are listed on the following pages:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=copyright-review-requested;users=debian-legal@lists.debian.org

Packages reviewed once are listed here:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=one-copyright-review;users=debian-legal@lists.debian.org

Packages reviewed twice are listed here:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=two-copyright-reviews;users=debian-legal@lists.debian.org

Step one: review packages

Download one package that has no review, and another that was reviewed once, and verify that the debian/copyright files comprehensively reflects the use, redistribution, and modification terms of all the files included in the ".orig.tar.gz Upstream archives and the .diff.gz Debian diffs. If you find an isolated discrepancy or omission, please submit a patch to the bug report. If the debian/copyright file looks irreproachable, please write a short summary describing the contents of the source package, that should be convincing enough that you looked at all the Upstream archive, and send it to the bug report.

When submitting your review by email to the WNPP bug, please increment the review counter, for instance by sending a copy to control@bugs.debian.org and adding a header similar to the one below:

user debian-legal@lists.debian.org
usertags 1234546 two-copyright-reviews
thanks

(Where 123456 is the number of the WNPP bug and two-copyright-reviews is chosen because there was already one review before the example is sent.)

Step two: request review

Now you have given to the community, you can ask the community to give to you. Just send an email to your WNPP bug explaining where your package can be downloaded and set the copyright-review-requested tag as indicated above.

Discussion

Please discuss here about improvements.

See also

?PackageReview CopyrightReviewTools