Generate a compliant distribution copyright metadata

[j-rivero]

While working in #651, different ideas appeared to be able to claim a fully compliant versions of debian/copyright as specified in https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/.

In order to have all the data available to properly generate the files, probably REP 149 should be extended for making package.xml to include all the metadata necessary to map files with copyright and licenses.

Another interesting option could be to allow the maintainers to already host copyright files in the source code of the package ready for each platform and just make package.xml point to them so bloom does not need to build them.

All this needs to keep in mind that multiple formats and platforms need to be covered, not just Debian/Ubuntu.

//cc @cottsay @nuclearsandwich

[matthews-jca]

Wanted to make note of this causing extra work downstream as a vendor would like us to conduct a licensing audit of the open source packages we use/depend on, and for tooling like https://github.com/daald/dpkg-licenses every single ros package shows as "unknown"

Edit: Specifically dug into #651 and realized it has been merged into master but we have been looking at foxy.

[nuclearsandwich]

Edit: Specifically dug into #651 and realized it has been merged into master but we have been looking at foxy.

@matthews-jca Given this, do you think that the changes in #651 will improve the situation, worsen it, or leave it more or less unchanged. Those changes are not yet in a released version of Bloom but when they are released that new version of bloom will be used for all subsequent ROS releases regardless of ROS distribution. So the updated work will come piecemeal into distributions as individual packages perform updated releases with the new bloom version.

[matthews-jca]

@nuclearsandwich I believe so, yes.
Our internal workaround for us was to run a script to step into /opt/ros/foxy/share/* and read out the license information for each package.xml then hand fill our tracking sheet, which as far as I see is what #651 would accomplish as well.

I did try running the dpkg-licenses against osrf/ros2:nightly with some ros-rolling packages installed, but the results are still currently the same (all unknown). I'd generally assume I grabbed the random ros-rolling packages I grabbed haven't been run through the newer bloom setup.

[nuclearsandwich]

I'd generally assume I grabbed the random ros-rolling packages I grabbed haven't been run through the newer bloom setup.

Even the Rolling distribution uses the release version of bloom so no packages currently released have these changes.