CommonPackagingMistakes updated -- notes about debian/copyright
Stefan Potyra
sistpoty at ubuntu.com
Sun Jul 23 15:35:58 BST 2006
Hi Matthew,
first of all thanks for your feedback, I'll overhaul the section.
Am Sonntag 23 Juli 2006 03:03 schrieb Matthew Palmer:
> On Sat, Jul 22, 2006 at 11:47:58PM +0200, Stefan Potyra wrote:
> > == Prelude ==
> > When reviewing packages, one major common error I find is that
> > the copyright file is missing some information. However with
> > debian/copyright wrong or incomplete, you'll get a veto from me for sure.
> > The reason is simple: If something is missing in debian/copyright, that's
> > a violation of the involved licenses which makes the package per se
> > undistributable.
>
> On what do you base the assertion that information missing from
> debian/copyright automatically makes a package undistributable?
As an example Section 1 of the GPL:
"... provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice ..."
violating against sec 1 will mean that the GPL isn't fullfilled and that will
mean that no license is given at all.
>
> > == The importance of debian/copyright ==
> > The most important thing of debian/copyright is, that it holds the
> > copyright information for the binary package.
>
> Unless you're writing per-binary-package copyright files (very uncommon),
> then the same copyright file will be shipped in each binary package,
> potentially making parts of the copyright file inapplicable to one or more
> of those binary packages.
But it's true that the copyright information of a binary package needs to be
contained inside debian/copyright, isn't it? (I'm thinking here of the fact
that you can install a binary package w.o. having to install the
sourcepackage). Imho it thus should be made clear which copyright applies to
the binary package(s). Can you shed some more light on this topic?
>
> > licenses. There is no such thing as a general rule of thumb to get it
> > right: Different licenses have different requirements for redistribution.
> > While a public domain license may even state that you can do everything
> > with the sourcecode (which would mean that you needn't put anything into
> > debian/copyright,
>
> Like hell you shouldn't. If all of the copyrightable material has been
> placed into the public domain, that should be documented in
> debian/copyright.
The intent of this paragraph was that you can omit it from a *legal* POV. Of
course this information should always be in there. I'll clarify this.
>
> > or could even choose your own "may be distributed in cd form only on
> > rainy saturday's"-license),
>
> You could stick with the Debian-canonical "must pet a cat" licence, to keep
> things simple.
Didn't know about that one ;).
> Perhaps noting that such licences are not UFSG-free would
> be good, too.
Ack!
>
> > === Example 1: GPL ===
> > The GPL requires that the complete license text is distributed (you can
> > refer to /usr/share/common-licenses/GPL, which is always there on
> > debian/ubuntu
> > systems), the authors and the short disclaimer of warranty (which you
> > should include into debian/copyright). An example is in the license
> > itself, but I'll post it here again for clarity:
>
> Never, ever use the boilerplate. It probably won't match what the author
> put in the source. Find the licence statement in the source files and copy
> it in -- not reference, *copy*. That way you'll be getting *exactly* what
> the author specified, instead of some (possibly misleading) boilerplate.
> As an added bonus, this generalises to any licence, so you can drop a
> couple of hundred lines of repetitive examples.
Yep. Actually this is my position for that as well, though there are different
opinions (like about changing the FSF-address) among the motu reviewers.
However having one clear answer to this maybe is a good start to educate
reviewers as well ;).
>
> > What licenses can be combined can be found at
> > [http://www.gnu.org/licenses/license-list.html]
>
> That would be "the Free Software Foundation's opinion on what licences can
> be combined". Useful, but unless the copyright is held by the FSF, it
> isn't the final word.
I beg to differ: If for example a license adds additional restrictions and the
whole is licensed under GPL, the resulting license would be void, since it
contradicts itself. Example:
<http://lists.debian.org/debian-legal/2006/05/msg00309.html>
> It's far better to get the definitive word from the
> authors of the software.
Ack!
>
> > Usually you'll need to list the different licenses as well in
> > debian/copyright.
>
> "Usually"? Can you give an example of a case where the different licences
> *wouldn't* have to be listed in debian/copyright?
This again is from a legal POV. Example would be the BSD-like license of
tinyxml, if used in a GPL project:
<http://prdownloads.sourceforge.net/tinyxml/>
As written earlier, I'll clarify that it's a very bad behaviour to not list
such things though.
>
> > A good way to do this, is to list files with a different license together
> > with the license in question. Wether you'll actually need to list the
> > different
> > licenses depends solely on the license involved.
>
> The licence text needs to be included either explicitly or by reference to
> one of the standard forms in /usr/share/common-licenses.
(see above, again this was meant from a legal POV).
>
> Have you considered including content from or references to existing
> literature on debian/copyright files, such as those from Peter Palfrader
> (http://lists.debian.org/debian-devel-announce/2003/12/msg00007.html) and
> Andrew Suffield
> (http://lists.debian.org/debian-legal/2003/12/msg00194.html)?
Good idea.
Thanks again for your criticism, I'll try to rectify the wiki entry (not sure
if I'll manage to do it today though).
Cheers,
Stefan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20060723/0ac6d903/attachment.pgp
More information about the Ubuntu-motu
mailing list