LCA: Cooperative management of package copyright and licensing data

I think it's important for distributions to do their own due diligence when doing license checking, so if there is a central resource it should be used as an additional hurdle that needs to be jumped to get into a distribution.

At present in Debian, it's the Package Maintainer's responsibility to ensure that the package's Copyright file reflects the copyrights of the files contained. Even so, when a new package is uploaded, the ftp-masters also check the copyrights.

A central resource should be something that allows alerts about broken copyrights/licenses to be shared, so that people don't have to waste effort packaging something only to later discover that the license is toxic -- instead the first victim could report it, and future prospective packagers could save themselves the effort by checking it against the central database.

In Debian's case, the posting of an ITP (Intent To Package) could provoke a database lookup that would automatically alert the maintainer that issues had previously been reported against their package.

Instead of wasting the effort and enthusiasm in useless packaging, they could then perhaps put effort into working with the upstream to fix the problem.

So, it should not be a license approvals database, but a license warnings database.