1. Forum
  2. Usenet
  3. LINUX.DEBIAN.LEGAL

  • d/copyright entries for licenses and copyright data

    From Ross Vandegrift@21:1/5 to All on Mon Jan 1 23:00:01 2024
    Hello,

    Suppose project A includes code from project B. To be good stewards of license and copyright data, A incorporates B's license and copyright files into their source distribution.

    How should these files appear in d/copyright? I don't see any suggestion in [1] or [2].

    Thanks,
    Ross

    (Please CC me, I'm not subscribed.)

    [1] https://dep-team.pages.debian.net/deps/dep5
    [2] https://www.debian.org/doc/debian-policy/ch-docs#s-copyrightfile

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ross Vandegrift@21:1/5 to Paul Wise on Sat Jan 6 07:40:01 2024
    Hi Paul,

    On Sat, Jan 06, 2024 at 01:12:50PM +0800, Paul Wise wrote:
    On Mon, 2024-01-01 at 13:16 -0800, Ross Vandegrift wrote:

    Suppose project A includes code from project B.

    The best option would be to talk to upstream about removing the copy,
    further advice about embedded copies is on the wiki:

    https://wiki.debian.org/EmbeddedCopies

    Definitely agreed in general. I had a different kind of situation in mind.

    Imagine I take some code from a freely licensed reference implementation and customize it. The result is a derived work. But this embedding isn't removable - the reference implementation shouldn't accept changes to integrate it into a specific project. It'd be reasonable to include the original license and copyright statements.

    If I do, Debian requires packagers to describe the license and copyright on those embedded license/copyright files. And I'm puzzled about how to do that best.

    Maybe the answer is to repack it away? But that seems weird. It's freely redistributable, and that'd be *obscuring* license/copyright details. We usually like that. :)

    The same issue arises for disabled conveience copies. The wiki suggests Files-Excluded, but also alternatives that involve Debian redistributing the convenience copy (and so probably it's license/copyright files) in source packages.


    (I realize not much hangs on this - but cme/licensecheck raised the issue to me. I can ignore it, but also got curious and tried to figure out what to do.)

    How should these files appear in d/copyright?
    (Please CC me, I'm not subscribed.)

    Richard Laager responded but forgot to CC you, I bounced the message:

    I document them the same, except that I also add use the DEP-5 "Comment"
    field to indicate that it came from "B".

    Thanks!

    Ross

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEsAjXULa3g2HtU1bw2rOJMppM+hYFAmWY88QACgkQ2rOJMppM +ha13A/+PQ0S3CZ83ZpmdpmTPJrJOWukyf/o/9aYr6M5uGxqQl6u8LVY+LmSTz6q HOmZxF+dLDDZ7xmhcX0VUe7xO5JZUGIV8YIfyuDVshhZQWIZNaOjhGQl7YOvuou1 CL39+r31NDaHzH0+9EvkAnI8vfwud8Eu4G1kWl3lrHhLb/Omx2JvNcvtkEsCKUr0 563BzFwv0NmpzdCfaJa+PWUatrLFP+SyHPJHPsxwcQQ/MBMVXEJK8V4B16PTI31D WWt8NJ2kjvQlSH83geIz1qyI+xgZYu/oDPWaveJGW+/8FG7owAdL6dul83eFX8jw g8UwMmEXMuxzwDpB9ham3ce/mo3reX/qE0+6PaIZ6rZ+oVveqoR2YbSgGfwKSy2c 8CT+3uc7iv+xDuQgNd1kxfi5y5rfuI3l0y9rvu+1/aeFxGTQQBkrwrsPfMWW2LAY HR58Ai+qkCijsJ3KLlpWet9OLPXp3mxgmUsxSm106wicf4F0agsJvqFz9+92iryq N18pp1gNR8rg59hPgk6j/7e8GZ1bAk+LR4k10rAzD4r6aWntSg9edpDqNZ2w71xs at9nPCgNL+RZmKa0LLT6HqY5Yb2crBMVtjb6jfYCnMRCduu7IZ7x8gDZn75QIfPg SDwgas9mqQkcelTGmZrDBMaTNdRdrX2NURtBfWDjarph89BLRD8=
    =fQhy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ross Vandegrift@21:1/5 to Richard Laager on Sat Jan 6 08:10:01 2024
    Hi Richard,

    On Tue, Jan 02, 2024 at 10:31:23PM -0600, Richard Laager wrote:
    I document them the same, except that I also add use the DEP-5 "Comment" field to indicate that it came from "B".

    That's a nice idea. If I claim my software distribution is licensed under the GPL, then it's natural to think I mean all of the software distribution.
    Simple way to represent what project B probably intended.

    (I realize there's also something fishy - that GPL isn't really under the GPL - but IANAL and this is still better than I'd thought of before.)

    Ross

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ross Vandegrift@21:1/5 to Paul Wise on Sun Jan 14 23:40:01 2024
    Hi Paul,

    On Mon, Jan 08, 2024 at 12:54:25PM +0800, Paul Wise wrote:
    On Fri, 2024-01-05 at 22:31 -0800, Ross Vandegrift wrote:

    Imagine I take some code from a freely licensed reference implementation and
    customize it.� The result is a derived work.� But this embedding isn't removable - the reference implementation shouldn't accept changes to integrate
    it into a specific project.

    The reference implementation should be flexible enough to work as a
    library imported/loaded/linked by any project that wants to use it.

    Perhaps - but some people provide code without having any interest in the implementation details that users might run into. Still, that code might be useful to use & distribute.

    This is one of many ways Debian and upstream might have different or conflicting goals.

    It'd be reasonable to include the original license and copyright statements.

    Right.

    If I do, Debian requires packagers to describe the license and copyright on those embedded license/copyright files.� And I'm puzzled about how to do that
    best.

    Same as for any other file in the source package, list in the debian/copyright which files have which copyrights and licenses.

    Heh, right - the problem is executing that. :) Folks typically take care to document the copyright on code, not so often licenses (the FSF licenses being the exception, they are clear).

    (I realize not much hangs on this - but cme/licensecheck raised the issue to
    me.� I can ignore it, but also got curious and tried to figure out what to do.)

    What issue did it print? Which package/code is this about BTW?

    src:efl is a pastice of original work, dervied code, and vendored copies. The situation I asked about is somewhat simplified from real ones. Here's two harder cases than what the wiki considers:


    - https://salsa.debian.org/pkg-e-team/efl/-/blob/debian/sid/src/static_libs/rg_etc/README

    This is a Zlib license statement for code derived from another project. This
    copy has been rewritten from C++ -> C. So the changes wouldn't be appropriate
    for the upstream project.

    What license and copyright holders can I write for this file? The text is
    derived from the Zlib license, but I also don't know who wrote that.

    - https://salsa.debian.org/pkg-e-team/efl/-/blob/debian/sid/src/static_libs/fnmatch/COPYRIGHT

    This is from an included copy of musl's fnmatch algorithm. I think EFL
    includes this for portability, to ensure that the same fnmatch is used on
    Linux, BSD, and Windows. Even if that's not needed in Debian, I don't think I
    can link to musl and glibc.


    Interestingly, base-files (which contains /usr/share/common-licenses) doesn't contain any copyright information for some of it's licenses. It also doesn't use dep5 copyright, and so probably not licensechcek/cme. So no one is being bugged to document who holds the copyright to the MPL-1.1.

    Ross


    [1] - src:efl has those too. I'm recently trying to remove a libunbreak copy
    in the static_libs directory.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEsAjXULa3g2HtU1bw2rOJMppM+hYFAmWkYEYACgkQ2rOJMppM +hbTEw//XrJU+uMVCcRfvSbvlqMSe0VK727m/vqugysvQgyse5O/1TGDkJBrfs1b Z791BioOf4askj1wWWM4E1gRDWHQNt8abumnGUFe4obDvSzsnB57P+t5jrq8WQRn Ev5y46+ohvcG/uI21LDpGdHH+oPFgaMB7FCNKamjJNFjwyBj2U031EGnoT8mKXaL a/ZGnp2q7syGsNWHuM8Nil+/haoNzG8e6il0LqoSvIByAJcgTYTZnTtjfysdH9Ov zlyoX0pJlaP3HVExOgktHxG8ACWOwjkWV9YGtE4WHYlh/1K5/g4gf/gtjF9lMbLV gX8m+PhxcEwoOJ1F3jPFOBpYbfjm4dGyJ/KbgRSwrYkvp7HT+UfnrE7m4VRI4DS1 Q3NOaN1Uf5NvuS7aCApfIkPZf8Wpo9eKBbHRmUmX6rqwk1FtgYmEylCt/we4Loj1 umHFNmmu7Ik+17gKX6rHcJSMVLm1Sqqd6WnuDfWlc4892VU1o4feFAYbL9qXM8+f ozfG1144gARrc5RyfoKc1ZbxLMp0E7QVBQACr7nvqL4wAb/i+r4FHWICYQOAqkyr WNTBuOS1K5eK3xwH39A3PmmGawHT3O+W9hm26qIIuE+LfOQYFR8EYuu9vQjx/gSc WFIcuRj24bDE/EDH3FecLD7mWMFhixHJUt+Ipmot1nt6oXb/ptk=
    =3uWg
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)