CommonPackagingMistakes updated -- notes about debian/copyright
Stefan Potyra
sistpoty at ubuntu.com
Sat Jul 22 22:47:58 BST 2006
Hi folks,
I've finally updated the CommonPackagingMistakes section of the debian wiki.
This time the topic is "Keeping the archive legal or the importance of
debian/copyright". You can find it at
https://wiki.ubuntu.com/MOTU/Packages/CommonPackagingMistakes/DebianCopyright
Please fix any errors and omissions ;).
Here is the article in its current form.
Cheers,
Stefan aka sistpoty.
= Keeping the archive legal or the importance of debian/copyright =
== Prelude ==
When reviewing packages, one major common error I find is that
the copyright file is missing some information. However with debian/copyright
wrong or incomplete, you'll get a veto from me for sure. The reason is
simple: If something is missing in debian/copyright, that's a violation
of the involved licenses which makes the package per se undistributable.
== The importance of debian/copyright ==
The most important thing of debian/copyright is, that it holds the
copyright information for the binary package.
Apart from that, it's also useful to give a summary for the sourcepackage.
Finally it contains the copyright of the packaging work.
If the information in debian/copyright doesn't fulfill all the licenses
involved within the package or the libraries the package links against,
this means that we don't have any valid license for the given package.
Thus we mustn't distribute the package.
That said, it's absolutely vital to have debian/copyright right.
== What needs to be listed ==
=== Rule of thumb ==
The rule of thumb is: Look at copyright definitions in the sourcecode,
the accompaning COPYING/AUTHORS file and at the involved
licenses. There is no such thing as a general rule of thumb to get it right:
Different licenses have different requirements for redistribution. While a
public domain license may even state that you can do everything with the
sourcecode (which would mean that you needn't put anything into
debian/copyright,
or could even choose your own "may be distributed in cd form only on rainy
saturday's"-license), other licenses will impose certain restrictions like
including the copyright statement and/or authors and making it clear if the
sourcecode is altered from its original form.
Sometimes the involved licenses even conflict with each other
(e.g. GPL and OpenSSL-license), which means that the resulting binary package
cannot be distributed.
=== Example 1: GPL ===
The GPL requires that the complete license text is distributed (you can
refer to /usr/share/common-licenses/GPL, which is always there on
debian/ubuntu
systems), the authors and the short disclaimer of warranty (which you should
include into debian/copyright). An example is in the license itself, but
I'll post it here again for clarity:
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
On Debian GNU/Linux systems, the complete text of the GNU General
Public License can be found in the /usr/share/common-licenses/GPL file.
Please also note, that upstream may also choose to restrict the license
to one specific version of the GPL, then you'll need to modify the text above.
Usually that very disclaimer can be found in the sourcecode of a package.
Then you can simply paste it to debian/copyright.
== Example 2: GPL with different GPL derived files from a different author ==
The gist of OSS is to reuse already done work. Many projects do this, but not
always they fill in their copyright notices correct. Always 'grep' for the
word
copyright, this might reveal other persons, whose work has been reused in a
project.
Your debian/copyright needs to list each of these additional authors and
wether the file is altered or not.
Usual approach is:
* src/foo.c:
(C) 2004-2005 by Cracky Coder.
* src/bar.c:
Based on foobar (C) 2001 by Harry Hacker.
=== Example 2: GPL + different license ===
Combining GPL and another license will always make the combined work to be
GPL or undistributable if the licenses conflict.
What licenses can be combined can be found at
[http://www.gnu.org/licenses/license-list.html]
Usually you'll need to list the different licenses as well in
debian/copyright.
A good way to do this, is to list files with a different license together
with the license in question. Wether you'll actually need to list the
different
licenses depends solely on the license involved.
What you don't need to mention is licenses from libraries against which the
package links. They are accompanied by their own copyright file and
the package in question can never be installed w.o. the library in question.
Of course there are exceptions which impose different restrictions, like
the OpenSSL license which requires a disclaimer to be present in
debian/copyright if it's used (as in linked against) in a project.
But these additional restriction mean, that the used library is incompatible
with the GPL.
=== Final words ===
While usually most of the projects don't have any legal issues, it's very
simple
to introduce these with inaccurate copyright-files. Finally there is a rule of
thumb:
Better safe than sorry - be verbose and list everything which you are not sure
if it should go into debian/copyright or not.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20060722/10d4bbf9/attachment.pgp
More information about the Ubuntu-motu
mailing list