--f85bb14d9f34ca9276eb239beea894d30b2e90f8762d6000f15c7a8576ee
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

I've missed the GPL-2/LGPL-3 incompatibility:

GPL-2: GPL-3, MPL-1.1

should be:
GPL-2: GPL-3, MPL-1.1, LGPL-3

LGPL-3: MPL-1.1

should be:
LGPL-3: MPL-1.1, GPL-2

ps. please cc me on replies

--f85bb14d9f34ca9276eb239beea894d30b2e90f8762d6000f15c7a8576ee
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaBxqUACgkQT59tVQ7W EirEpg//SIOzYder2Zm65KTl2UQoR1dJjfzEaFF9BfQ1AXwnWN/wwjnGqXDBYydI jql9OB41cijnsUCLJLiOkqIst3xW5qIyzylmPcAijocxvPFPlg3JgKNZ30ihImk9 JGcFL4HGapn7qMieuReKga0ik8DNknEjS47V7UTivn9K1h0kRr2WrlP3s+S6M3ZT sJq5ujrG/bX0WJ6b4r6f6I4McmlH4ea2LTaproBjnIj67p90DOFdMHN8ox0F7C2G HFYNNaofKKd8u2Tw/mY9xCZg2QYvetPMl0dLfsnLrN8fI0hrlPR6qitXS2Jh4fTA MGisJJvitHksPd0Ay1W0JNslQlA9tBZdGczcDYdrvmehSAMsARtKxHiJF/lWt3V7 kzoSQD5UD06F34KoXWW84hqDzJw1JckJfBQqviCgx7r69iU51lw/gE6Y7ZbCj4pc Uz9LxuH0laELDcM9RofWipYVnGWl8njIJ+q3PM2VLuPU6xt/7lSH6bIULK7ROB3G yXgKY1aza5OqmpEiv+V0UPT+marBtNFjrefdm3qUAqscTf3O0YRri/gHEdX0b0KL Ni0LCDMRb9N/sIF+Gtwyh1oB8dewVMa6bxwROv3d8bOKeWD1WOri+O4ASiA67cHw ymBTtUErwvSx3J7qeFZp4YNbTjxf/1eqPjAqVat/u4lk5y0NsGc=hY4H
-----END PGP SIGNATURE-----

--f85bb14d9f34ca9276eb239beea894d30b2e90f8762d6000f15c7a8576ee--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--cc0818b48ccdf14b945bbbc0c1fe99fda3059656ed167ad5c0c718528675
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

hello Debian legal folks,

I'm looking for an up-to-date compatibility matrix of /usr/share/common-licenses
(modulo documentation licenses). I've recently taken over the Debian-native package adequate, which among other things checks for binaries that link in libraries that are available under an incompatible license, and its compatibility logic is rather outdated.

based on:
https://en.wikipedia.org/wiki/File:Floss-license-slide-image.svg
https://www.gnu.org/licenses/gpl-faq.html#AllCompatibility

I've prepared the following, where the license before the colon may be combined with any common license *except* the ones listed right of the colon. do you see any mistakes? have I missed anything?

Apache-2.0:
Artistic:
BSD:
GPL-2: GPL-3, MPL-1.1
GPL-2+: MPL-1.1
GPL-3: GPL-2, MPL-1.1
LGPL-2: MPL-1.1
LGPL-2.1: MPL-1.1
LGPL-3: MPL-1.1
MPL-1.1: GPL-2, GPL-2+, GPL-3, LGPL-2+, LGPL-2.1, LGPL-3
MPL-2.0:
OpenSSL: (GPL licenses ommitted here due to https://www.gnu.org/licenses/gpl-faq.html#SystemLibraryException)

thanks,
Serafeim

--cc0818b48ccdf14b945bbbc0c1fe99fda3059656ed167ad5c0c718528675
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaBwgIACgkQT59tVQ7W EipCxw//XjeUNLfZ9jtDq1aMdawuQufTDxkdbQ0AnUfJBdxf05/HPgeETzPF6Thj MCOObHjC6duhywPuLQs3A5vRHny7y0fJ0vRnhjluvZgz+5U8q/2XyWRuZs3IqjNJ J2IzPb2ar/Wfmp2MRFD881REYyPUoJQMqZvkzN1Fn6hgFf7Y/69Q4wTqNNNXTj+8 PjLyab3tkpwu3DhmD7RUfVcreOcOCEABy6xBXTMOzUboY0VR7WEAZUBltkn3XeYH XFkC7CYRddQoiSO/9LtbVO00mHAH201UtEJdSc+soO04AcjBMifqWjbcWM/3iKeP Q4Wg5ZpLIi9XbujKqsH/4ipGye6XHMR2sP4l6Z7x0ccp5mtnFmXy50+exYd07x3H K5uPIXcdUb8aJuSMaa2hWHSKFPf9Q+GCKYWHI7XOs7Ax9gyWeDxqe44O/Ui9FVGv G0eZOqJ/wyjKNhOfxGpmZPiDyQVNKIY3umExPWR8YRkoJ8SqepSGohcTIigIlgJT nXHITg9ZPqN9RGjLstguQl8DOK3+L1/7hblti2pnxv8FPjIp218iJO26nyST0VFg ZJez3I5R388UuxtZejzFVYh17Y7jEifj8tgm19isaf4VrHZE58Y77tO5Up1Cb1aW EG3APnVUxdpruEN9CXJ43aCWC1sqG4T2BEjHQJS3F3bWRRyr77A=1iiU
-----END PGP SIGNATURE-----

--cc0818b48ccdf14b945bbbc0c1fe99fda3059656ed167ad5c0c718528675--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 30 Jun 2024 22:37:22 +0200 Serafeim Zanikolas wrote:

hello Debian legal folks,

Hello Serafeim,
nice to read you!

I'm looking for an up-to-date compatibility matrix of /usr/share/common-licenses
(modulo documentation licenses).

[...]

I've prepared the following, where the license before the colon may
be combined

If I understand correctly, we are talking about linking-compatibility
here.
Different compatibility relationships hold for mixing (that is to say,
taking parts of two works and merging them together to form a new work).

with any common license *except* the ones listed right of the colon.
do you see any mistakes? have I missed anything?

Apache-2.0:
Artistic:
BSD:
GPL-2: GPL-3, MPL-1.1
GPL-2+: MPL-1.1
GPL-3: GPL-2, MPL-1.1
LGPL-2: MPL-1.1
LGPL-2.1: MPL-1.1
LGPL-3: MPL-1.1
MPL-1.1: GPL-2, GPL-2+, GPL-3, LGPL-2+, LGPL-2.1, LGPL-3
MPL-2.0:
OpenSSL: (GPL licenses ommitted here due to https://www.gnu.org/licenses/gpl-faq.html#SystemLibraryException)

I think some incompatibilities are missing.
At least the following ones:

Apache-2.0: GPL-2
Artistic: GPL-1, GPL-2, GPL-3
BSD:
GPL-2: Apache-2.0, Artistic, GPL-1, GPL-3, LGPL-3, MPL-1.1, MPL-2.0[*]
GPL-2+: Artistic, GPL-1, MPL-1.1, MPL-2.0[*]
GPL-3: Artistic, GPL-1, GPL-2, MPL-1.1, MPL-2.0[*]
LGPL-2: GPL-1, MPL-1.1, MPL-2.0[*]
LGPL-2.1: GPL-1, MPL-1.1, MPL-2.0[*]
LGPL-3: GPL-1, GPL-2, MPL-1.1, MPL-2.0[*]
MPL-1.1: GPL-1, GPL-2, GPL-2+, GPL-3
MPL-2.0[*]: GPL-1, GPL-2, GPL-2+, GPL-3
OpenSSL: (GPL licenses ommitted here due to https://www.gnu.org/licenses/gpl-faq.html#SystemLibraryException)

[*] Please note that the compatibility status of MPL-2.0 is more
complicated than a simple yes or no: it is compatible with "Secondary Licenses", unless it is explicitly made incompatible with the notice
described in Exhibit B or the covered software was previously available
under MPL-1.1 or earlier, but not also dual-licensed under a "Secondary License".
"Secondary Licenses" are: GPL-2+, LGPL-2.1+, AfferoGPL-3.0+

A terrible headache?!? I think so, that's why I abhor MPL-2.0 ...

thanks,
Serafeim

You're welcome!

Anyway, let's wait for some other debian-legal participants'
take on the matter...


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmaB0woACgkQPhwn4R9p v/4rLhAAthUgk+2N5fwsfXNxvmHBBDHRP9gYWpjtERq3e681g2HRX2ZOjOQ3E4cF JiDOg0+H2VyPB5ybecQwba/ixB27YquJ5/uS6EeN2Yp0gaTWRfvIloeePYqtBzPx 6g3rfq8SB82Cfnogmd9qSH5nJ8xsKZF5GYCPKicQ7ABV/V+fRQZLShQv6Z2dmQJ9 tmQ8IloueTzzVIE6xvWVDtypxBJE5/f5VvsGei4I1L4dBGr1NKAwsR0dhVs63G4S YbdTCDyTDp56QOZsALSRakaeyg+y8Y/XAoHIEvGyl29THwy+5DLaoO99oTK2pbJ8 aQ1GVbSxTyXAIlMtiFhQzpQLYXIooRt8w8RlaRbKSoxc/CNqQU+j1A5yo8gpCPYv POPKE4tdZrNMW2Zy1sX33LR8Deq9g3ea7KUhWH1oxp48nLr3djcgmwwf31CNl3h9 FVK8a5ROC8V2YScr2xHYU6ssEnxNq6BQuwHIlgfbK9paidXmgAzHp6px/7nv8Ubm DW52XaHb+wNqOe6/P68LrZdCVpmzou9L+A3pPbw8vCc5KLpWG08+yXnYoTTkQ0JH ZWmnkEs4y/faiHcUo17GXsrYZWmqGGH23O3k6oYOdmBqMKMUp27Fp4WYMxxhqQae 3LUlMXYF6mJa7PLxC7fsC3ylfdfW/eys

--cf436f2481180388601483d94e7d19e289559a9e5f5c0591a9015794c033
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

hello Francesco! nice to read you too and thanks for the feedback :)

On Sun Jun 30, 2024 at 11:50 PM CEST, Francesco Poli wrote:

On Sun, 30 Jun 2024 22:37:22 +0200 Serafeim Zanikolas wrote:

[..]

If I understand correctly, we are talking about linking-compatibility
here.

that's right

I guess I should have specified that for the purposes of adequate, we need to err on the side of false negatives (otherwise, I imagine that there'd be so many
false positives that people would stop paying attention).

I think some incompatibilities are missing.
At least the following ones:

Apache-2.0: GPL-2

the image I've originally linked to in wikipedia suggests that apache-2 is compatible with MPL-2 which in turn is compatible with all GPL licenses. what am
I missing? (of course, it's possible that an apache-2 lib depends on MPL-2-no-copyleft-exception, but we only need to enumerate direct binary/lib relations here)

[*] Please note that the compatibility status of MPL-2.0 is more
complicated than a simple yes or no: it is compatible with "Secondary Licenses", unless it is explicitly made incompatible with the notice described in Exhibit B or the covered software was previously available
under MPL-1.1 or earlier, but not also dual-licensed under a "Secondary License".
"Secondary Licenses" are: GPL-2+, LGPL-2.1+, AfferoGPL-3.0+

right, I guess that's why the wikipedia diagram distinguishes between MPL-2 and MPL-2-no-copyleft-exception. I think that we don't have to worry about that because spdx.org/licenses defines a distinct license identifier for the -no-copyleft-exception variant, and dep5 requires the use of spdx identifiers. (which is to say that we can assume that MPL-2 is in fact MPL-2 without the copyleft exception and therefore GPL compatible)

anyway, I do expect that we might have to iterate a bit on this, and I don't trust myself to accurate copy things manually from one place to another, so I've put the
revised matrix with all the context over at:

https://salsa.debian.org/debian/adequate/-/blob/tech-notes/license-incompatibility.md

please do feel free to include patches in any follow ups here (e.g with
git format-patch)

thanks again,
Serafeim


--cf436f2481180388601483d94e7d19e289559a9e5f5c0591a9015794c033
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaDJ1IACgkQT59tVQ7W Eiqddw//awRYzV+Z23U+NEhNiHbf0XvUfChJ1XOmNNzcvjL7Vlby2zOrF2KE687e HAkcXT7KayK84feMOyYhCIyg3xENGB05icHOpIB5KJ6MDKorj1hHPer32DkCkFNo /C658L9cjGE8FX0NS/sK2QEiwsmQNs/3rIDPUpoMOEklQgXSdx5xp0/a5rEQxqE0 bZ3KN/rn5zcPHua5fdOZwvNMsf9qli6vjDx72t96S5HehMXfA3XIQ6ebKWb++tWQ DUS79La2e+N6HPBu9qJ/M792+Rzd/K5UIbcYvVZG+08Q+ZWgx9mS/l9m81SaCweg h2X8gF1RBkoCNqIugFstP2k6JYF223gna0HVJkzryOPptg0pJdKsmOyOHG6WCFZG R6LBpl8BGM7aa9KB5XcE/mL7FFadY9+fI348g8X1oP3r0GwzLW3GKgwCPEI9DOl4 XEKZ0FAOYRqE6m5jun9m7BpI00Ys3xjsWC1ztr77NfoEOWvfjDsIRhvPzW867i/F iO4CzREodhYNDszP4nGcQ4dSRckIMEJ2AvOYhVrnPTOoAuBV+epqCC1aUElVgsAN MIVWhTtkWOCrLckoLYUibWGoSdgrQnsU1hES/kANJz6gT73jj2aREY2xtFEAZiN8 aME05sxzknWk8kIh6XABHVwlFW20QGd8F7F4/gsp4s9oWa466As=fTVh
-----END PGP SIGNATURE-----

--cf436f2481180388601483d94e7d19e289559a9e5f5c0591a9015794c033--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 02 Jul 2024 00:01:54 +0200 Serafeim Zanikolas wrote:

[...]

On Sun Jun 30, 2024 at 11:50 PM CEST, Francesco Poli wrote:

On Sun, 30 Jun 2024 22:37:22 +0200 Serafeim Zanikolas wrote:

[...]

I think some incompatibilities are missing.
At least the following ones:

Apache-2.0: GPL-2

the image I've originally linked to in wikipedia suggests that apache-2 is compatible with MPL-2 which in turn is compatible with all GPL licenses.
what am I missing?

[...]

GPL-2 is compatible with BSD-3-clause
BSD-3-clause is compatible with a proprietary license

however, GPL-2 is incompatible with a proprietary license

I would say that the missing detail is that license compatibility is
not a transitive relation!

[*] Please note that the compatibility status of MPL-2.0 is more complicated than a simple yes or no: it is compatible with "Secondary Licenses", unless it is explicitly made incompatible with the notice described in Exhibit B or the covered software was previously available under MPL-1.1 or earlier, but not also dual-licensed under a "Secondary License".
"Secondary Licenses" are: GPL-2+, LGPL-2.1+, AfferoGPL-3.0+

right, I guess that's why the wikipedia diagram distinguishes between MPL-2 and
MPL-2-no-copyleft-exception. I think that we don't have to worry about that because spdx.org/licenses defines a distinct license identifier for the -no-copyleft-exception variant, and dep5 requires the use of spdx identifiers.
(which is to say that we can assume that MPL-2 is in fact MPL-2 without the copyleft exception and therefore GPL compatible)

OK, so by "MPL-2.0" we are only referring to the MPL version 2.0
license applied in such a way to be compatible with "Secondary
Licenses".

anyway, I do expect that we might have to iterate a bit on this, and I don't trust myself to accurate copy things manually from one place to another, so I've put the
revised matrix with all the context over at:

https://salsa.debian.org/debian/adequate/-/blob/tech-notes/license-incompatibility.md

please do feel free to include patches in any follow ups here (e.g with
git format-patch)

Well, before I start sending patches (for instance to reintroduce GPL-2
in the Apache-2.0 row), some questions:

* are you going to completely ignore GPL-1 (assuming it's no longer so
widely adopted)? I am asking because I see that you included it in
the Artistic row, but not in other rows (such as GPL-3 or MPL-2.0
or ...)

* why did you drop LGPL-3 from the GPL-2 row? they are incompatible...

* why did you introduce LGPL-2+, LGPL-2.1, and LGPL-3 in the MPL-1.1
row? as far as I know, the LGPL licenses are (linking-)compatible
with MPL-1.1 ...


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmaEP7UACgkQPhwn4R9p v/4zuw/+I7CmGaBzR/u3cH0bf3tFS8jwCW1sa4oDQqDTZvUUELjilC0s+nJl+o4b FYvIWsUXC/jOqewwv+eGOzJVmTDkjNnwglGkFXTL5lV4YTK7N+WhE4PaLqgTlzp9 Ll8TU7ywfHIKnwFo1NVPSV+VkxdRn6x8eOgI63vobSj8K1x81rUTAzcsxQ22k1gg ZlkkHM61FnuZDFf7941bZq+NLk2C1zfCrx6BEcE4wvGykPpqfKQTifHcsJiaB8oD 4xjGJivuvYp330MHTvWdxNKFnKvPGPqY429pO8W2263gaTn35NSnyfSGPC0S2B5F yc1d40BddkpuB2EQftSVSNN9iVTt9+J82BEZJRjJ+eYyC2vfmYNX3rqhVaekd1z4 k5LGu/rOZfcZPmnvXMyLizuvb14pNaljc0Fo+iXXo01mVkhVy2UfdiSBy3kwgNw+ hHgm8BmeeSlGmyusO7D3VoRw9gzN/m6cCGrOZ5iMEM6xq1Z/k9NjC4fjcKYKU7UY 0C8noAtLsmcXI6qmjJ2TEwO5DMZf1ha7LCPg8g7gxaDRQyaRndm3rbL0clvndoXn eulc9MgsjPHIdOlC3tOQ0RgzZqXu2sBeeXo/Ol5M+0yumDKadmHKKT3SR70xh6ho UARzm6W4RlMk3U4jmcftynn1s33qhj7o

--e6ee440bdb75da988ad1a12b14c0cdf5f6aa329cffe8c7fd8af4b3611ab8
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

hi Francesco,

I would say that the missing detail is that license compatibility is
not a transitive relation!

indeed! I knew that but somehow it fell off my consciousness while looking at that wikipedia diagram

Well, before I start sending patches (for instance to reintroduce GPL-2
in the Apache-2.0 row), some questions:

* are you going to completely ignore GPL-1 (assuming it's no longer so
widely adopted)? I am asking because I see that you included it in
the Artistic row, but not in other rows (such as GPL-3 or MPL-2.0
or ...)

* why did you drop LGPL-3 from the GPL-2 row? they are incompatible...

* why did you introduce LGPL-2+, LGPL-2.1, and LGPL-3 in the MPL-1.1
row? as far as I know, the LGPL licenses are (linking-)compatible
with MPL-1.1 ...

sorry, that's all sloppiness on my part, at the end of a long day. please send me a patch, if you don't mind. as for GPL-1, either way is fine (it wasn't included in adequate as of 8y ago, and I only see GPL-1+ references in my local system, so it certainly seems reasonable to drop it)

--e6ee440bdb75da988ad1a12b14c0cdf5f6aa329cffe8c7fd8af4b3611ab8
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaIVz4ACgkQT59tVQ7W EiorARAA4H9rekEeoRdZH+NliYJX36jIQ7qyXnuIxHMQHy3k0tRPvNio6aovCkaZ 8MArd41yWWjdLb6rhp3oTta7FGOl8fGSSNLZ/AXf8s+w2aWFFuxHHC08tBWCVp0P sVRNFUj6OTlRCIm9U8Ofd2yFjvbvJorq+SjI3XFrih5CVMyj1s5mn2JHk9PxzCkh jzEuxweUCI8CUWIGELF6Hocz4IvvbaL2k0q4LW3HpBV8F9zon/5shWDOV7YZ9gkK 8+YgMLvTrgVoupuGQ7dyyTU+BRhdo+DegrjdJUOoi6F423TJH5pkh3DGv7tHCxW2 S/otGD6H2RpoE4ef0IrVBEiuBor87D/kYpb12bPUy9rGZoQfTVr89lPeU8r8q+PT G6SLKT5gnvJH2t2Ct8/VEBKEEmE1yZKyw7xJEe7WPr6N0cjeRdORS+8bTheqd98o LADE22qavyOJgC1AY9E2tz1LBfPBeddRKLiYLSOFzUDRU6rLI3zPwdWAGTFWb1Bj r4kJnmN21CyqRJQtxkgBW7qBeHmz4KEtJB8/mTu4P9YtyNa4TPNqMFMk6XzQiLtZ VQIT8CqlIfbOyygeWYZt+B8cyydTveQR9f+FimUoQjG0D8gYvFDTH+9Ntsj+nJL4 YHXyWPwR5bUX1lhXjEmgh9uuveBI/2y78ocNohef4xKvsXtcSl4=1PTV
-----END PGP SIGNATURE-----

--e6ee440bdb75da988ad1a12b14c0cdf5f6aa329cffe8c7fd8af4b3611ab8--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--bb814657836aa2bacbd201a161ea0c3a6790d3691dd4336b6998c1131c70
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

hi Nicolas,

thanks for the feedback!

On Tue Jul 2, 2024 at 10:24 PM CEST, Nicholas D Steeves wrote:

right, I guess that's why the wikipedia diagram distinguishes between MPL-2 and
MPL-2-no-copyleft-exception. I think that we don't have to worry about that because spdx.org/licenses defines a distinct license identifier for the -no-copyleft-exception variant, and dep5 requires the use of spdx identifiers.
(which is to say that we can assume that MPL-2 is in fact MPL-2 without the copyleft exception and therefore GPL compatible)

Would you please provide a citation for this update, because it looks to
me like DEP 5 only prohibits the redefinition of "a standard short
name", as well as defining the "trailing dot-zeroes" case. "Standard

[..]

no, you're right -- and I've only now read https://wiki.debian.org/Proposals/CopyrightFormat which makes abundantly clear that we care little about spdx.

that brings us back to the question of what to do with MPL-2. my inclination is to KISS and assume that all "License: MPL-2" is without the copyleft restriction, and only assume otherwise if we ever encounter MPL-2-no-copyleft-exception (which does not seem to be used anywhere today, according to codesearch.debian.net)

if that sounds reasonable to you, I'll update accordingly the relevant FAQ entry
in the tech note.

--bb814657836aa2bacbd201a161ea0c3a6790d3691dd4336b6998c1131c70
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaIYtEACgkQT59tVQ7W EioCgg//dBdOFXleHEdlB44e0xylTlChw/hYQNaUon7ql/Cx0Bvads1ZUHH3I5/w uDXhOoIZKlWDquIOIk8tB4WwGNEKgKmBOfLtf6/tNTsVJrfeE5f78D4jOCC640JS 4cfHcQizcMZPKr6wvL12EsMnTgqsLRp8eJzNavLTgNWpMQstn22n40DrmvUv3Qye 6gRWAD0PLkr9cYPyXnUfUXI6BOeraBtokK+AILpuoafck5eHK6xHPcCFq60OIgzu aJHUF7k2MlwJ+DavcVsFHeSfx6Bx3lnGlac3K/Ky9WCNz9cn57LC6woIJC5QIGSC q8zeeW7hDniFMrXkh3h7jPZmH1C+S1rhDoJnzK93PZYnZhtSG9+iEqU3DzRjDsI7 MpOvX3+E75A/0+U/vGcATwJXs/T5bnZwR3Fe9eON9Tt7qqZmr7WA5/44scH+p3EL vk/JOaPmCrC2wK6FVH3oVV2ptOL3/+n90KOwN709NJg4UhGb4PebVwY6ZMvqn0od DgWSfrDqiCvXKPFodvIecuozq25StY0Vv8xawsCz1Bxb+tZC5cm1ewzanpXWhQZd VzrgU0Lye7JNC1I1nhay6+JGQK6js2f/J1pi7EzEW5LW/2T/3hZpwYaij1ytlMth gVY9/G6MWWj55VEFe5n7sTiG8ZrKRDTicJP6FNxykOLKmFH6Bg4=TrAA
-----END PGP SIGNATURE-----

--bb814657836aa2bacbd201a161ea0c3a6790d3691dd4336b6998c1131c70--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--Multipart=_Sun__7_Jul_2024_00_21_48_+0200_nme8D5f+rj+MHof4
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, 05 Jul 2024 22:27:41 +0200 Serafeim Zanikolas wrote:

[...]

please send me a patch, if you don't mind.

[...]

I am attaching a patch that tries to improve the technical note.
I hope this helps.


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

--Multipart=_Sun__7_Jul_2024_00_21_48_+0200_nme8D5f+rj+MHof4
Content-Type: application/gzip;
name="license-incompatibility.diff.gz"
Content-Disposition: attachment;
filename="license-incompatibility.diff.gz"
Content-Transfer-Encoding: base64

H4sICAbCiWYAA2xpY2Vuc2UtaW5jb21wYXRpYmlsaXR5LmRpZmYAnVZZc9s2EH42f8XO+KFOSJAS qdgOp9PIqe1eSuLWmTjtUyASlDCGAIYALevfd5eHLidK2hdRwN4f9splUQCr6rfAIyUzoa1gUmdm UXInp1JJtwoXOUwPED3G2EHpo3gQj9jgjA1OYfgyHZ2nyWkYj07j5GyUnII/iAcDz/f9g1Y2Ss5g MEiHozQ5C1/GL8/OX5yP4k7JeAxsFAyH4De/47EHHryfC7gUU8k106jxQcAnnovPNXfiE5Q8u+cz EQBfGD0D4+aiAjeXemYDKBSfWZhKzatVz2k9KEwFdi7LErlaqhQWhbgDJfU98BmX2tJhWrW0pXRz 4Bo2YSkBXayhx94bmArgdOkM5AasgUooSTcBLAVoIXKSP5H62Q4wsOCuko9gCs8/oGX13Vogqm0V 2TmvRIQ8CArr/LRwsjB5rUh1Vi+EdihvdB+GfRYi2Ozy6uYF5KKQGgU4Ks4QS4F+8LzxLDP

--b1025ae4dd66bb7a85c9339f1e4783101864d360c94e1203683d94be70bf
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

Francesco, thanks for the patch! applied and pushed (and additionally added you as an author)

Nicholas, Francesco, you're now both set as reviewers. can I ask you to both let
me know whether you're happy for me to change the review status to completed?

sidenote: I'm toying with the idea of proposing certain markdown conventions to improve discoverability/visibility of team-local and cross-team proposals, in a way that's less scary/formal than DEPs, and compatible with email. I'l do a write up about it at some point; please do let me know if you'd like to be an early reviewer

On Sun Jul 7, 2024 at 12:19 AM CEST, Francesco Poli wrote:

If I correctly understand the design philosophy, risking a false
negative is better than risking a false positive.
So I can agree that, when in doubt, adequate should assume there's no
license incompatibility to report...

that's right.

thanks again!

--b1025ae4dd66bb7a85c9339f1e4783101864d360c94e1203683d94be70bf
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaKnUMACgkQT59tVQ7W EioF+g//d+jJ7oAkscGnkpf9eoakkhFmm1jgKEz8TFVgrsvrhKCWwAa8/DolRgRt ZNS2J9sJ4VOF8b9pA6tXJM/Dp7yVT+FmMUrWgMUu4NP1dbfG8R2fdBM5J4EyFLDc h0hGpcnde3zc7q8zc9cH/V511//OWanRSCbLaVg1ei+hAPKCm4Jz+Z7cBV8Ai4Ei HpAknFDWR+0nQ1mQPdqULcBkqkgYieViQeH+fZK0JRbWNo+7bzDSnXFX8xWdW3Fx 7P0VB6Ysuomr00lo+mU/aKxtzNpIg0C6kEwDLV2IR9VIeiHQ6Ufh2lMObXLwu09t aaLQt2PUF3ircGVax0SnwR94K7+zyblvIe7cK3/MtQE+m1gSjJzck8J+BtlZ4f5a h/lQCCLP7qz7EeL/C3y+m7NLsy5KUQYxTx63Sfyiy3GBIE0z+tHfMqa1cyXAVUB3 2RI+6by33qo+MlE6M8rho+8b4n5rjoE4asiGwxAiJK++BDciOwmWTS76RXHFYJKd 4H3XgPohk/mGef1ShLtKcOiPkEDBene+KpchnFooSE1m3lHLPEp57COJ38gJPJiH jD1/lWtPyy5YKcfowGPpaGxxNd/aV2HqH9Oa7V35VXJzh/3pK2PVOnmvWClonMOI Knwr0dv/0yieWy1gLbzH0eGuH+CypjvO2RcUCEZtjVBD7YUjUs804
-----END PGP SIGNATURE-----

--b1025ae4dd66bb7a85c9339f1e4783101864d360c94e1203683d94be70bf--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--Multipart=_Mon__8_Jul_2024_23_39_26_+0200_n9gAtS/9aXQqCz_o
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, 07 Jul 2024 15:50:59 +0200 Serafeim Zanikolas wrote:

Francesco, thanks for the patch!

You are welcome!

applied and pushed (and additionally added you as an author)

Good.

Nicholas, Francesco, you're now both set as reviewers. can I ask you to both let
me know whether you're happy for me to change the review status to completed?

Not yet, because I made a mistake.

See the attached patch, which fixes the mistake (basically, when I was
writing the various LGPL rows, I was inadvertently thinking about combine-compatibility, rather than link-compatibility, which is the
focus of the matrix...).

sidenote: I'm toying with the idea of proposing certain markdown conventions to
improve discoverability/visibility of team-local and cross-team proposals, in a
way that's less scary/formal than DEPs, and compatible with email. I'l do a write up about it at some point; please do let me know if you'd like to be an early reviewer

I don't know much about this topic, but, just a question: have you
considered stuffing these metadata into a YAML metadata block? It is
supported by [pandoc] and it also seems to be supported by [Gitlab]...

[pandoc]: <https://pandoc.org/MANUAL.html#extension-yaml_metadata_block> [Gitlab]: <https://docs.gitlab.com/ee/user/markdown.html#front-matter>


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

--Multipart=_Mon__8_Jul_2024_23_39_26_+0200_n9gAtS/9aXQqCz_o
Content-Type: application/gzip;
name="license-incompatibility_2.diff.gz"
Content-Disposition: attachment;
filename="license-incompatibility_2.diff.gz"
Content-Transfer-Encoding: base64

H4sICH9ZjGYAA2xpY2Vuc2UtaW5jb21wYXRpYmlsaXR5XzIuZGlmZgB9T0FuwjAQPCev2Puy7nqd kOBTeuKSFiReACFIliBFkB74fV3iBERQJEs7nhnPrPfucAC6/H7D9uPoqrq51uSa6ud03rZu546u vanTHnYTYkxEk68jYUmIM+IcxFh/OFGpkSzN9XwByMIcI+Jky2tIalOteJ4vMpPkSQgpCiAxMy2A 3SiKGKLluiRBC5+X1l1bV83gyzNa6aCZZ+luHjlwwkJReWfsiMExpfQ7bmz0O72v+V/lRcF+gQHh A/rCJ/wQ+oLh3uf6L4fgoajL7KYJA4NPFFsPV+e62WxKG/8BFSTXIVECAAA=

--Multipart=_Mon__8_Jul_2024_23_39_26_+0200_n9gAtS/9aXQqCz_o--

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmaMXI4ACgkQPhwn

--00a329d4bbd3a4d1c362e8e1c333c2134042efd7625481c5cb0145eeb5d5
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

On Mon Jul 8, 2024 at 11:39 PM CEST, Francesco Poli wrote:

On Sun, 07 Jul 2024 15:50:59 +0200 Serafeim Zanikolas wrote:

thanks again Francesco!

Not yet, because I made a mistake.

See the attached patch, which fixes the mistake (basically, when I was writing the various LGPL rows, I was inadvertently thinking about combine-compatibility, rather than link-compatibility, which is the
focus of the matrix...).

applied and pushed. which brings me back to:

can I ask you to both let me know whether you're happy for me to change the review status to completed?

sidenote: I'm toying with the idea of proposing certain markdown conventions to
improve discoverability/visibility of team-local and cross-team proposals, in a
way that's less scary/formal than DEPs, and compatible with email. I'l do a write up about it at some point; please do let me know if you'd like to be an
early reviewer

I don't know much about this topic, but, just a question: have you
considered stuffing these metadata into a YAML metadata block? It is supported by [pandoc] and it also seems to be supported by [Gitlab]...

thanks, I'll discuss this in the various options considered when I do get to write that doc. for now though, my thinking is to keep it as simple as possible (unobtrusive when presented as raw text, which yaml is, and keeping parsing requirements to a minimum)

--00a329d4bbd3a4d1c362e8e1c333c2134042efd7625481c5cb0145eeb5d5
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaURJcACgkQT59tVQ7W EiplVBAAxkrqBPI24Jx4A3ZYycmG+hM8tgeK1BGwYNQODVvI5ch+J7YCs3Vr5yZp 3dxA40ETwdzr0dW49jdcafkyHqI/c2KExIBGs1qQ0Of3e8/KKbJfjibJO8DN6i+o zzHpTaK0n8uD6jRaQqo9FFOho/ovNwyUnDYIBZs8WoNeSGJ/06JavdhwlR1yExeO a88W/VJ1dtXpd9LVEbE8a5w1wLGLCV2iMEGtx7KDKME25pLaguBqzyXDoB+T2FLb CGD4AXEL+qB/YGrO8z/P1qPenPsZ5dWY3nHc02SNrQa41IVKL46eiMIAX3E7aRbc dQiuIQPeXGO4ExaF3cQAus1o9cP0UsvSwE2C2HcEn8hYT0hKYrCUrdo4aXPGMpcL zAge4Vpq9aO3Xb3rD1SA5cvefHV1fw6+Y75+TcrLl4k8oWbF4PO7HCDPnWswScNX 65cdQmH3fpolzIIH1x/geQESv/I4ycw9nBXjUhW4o4y8TjJXxldEydtgEgrL4gux g5PlTbz2JetPYL5bgohm8DlLqsrrDAhviXWN+bF6Lihx6bANSk1470QaKENcNger VewoULEuvb0lKGNmYq9SgT7S3NIknXiKM4dx7ok0q0KRPv06xPtj9BFadrg32DPS zhJF+GUGeQyYBMld6nS15COxw7rsSAAAFX9CLjJsP0T6f6FbNfw=H2n1
-----END PGP SIGNATURE-----

--00a329d4bbd3a4d1c362e8e1c333c2134042efd7625481c5cb0145eeb5d5--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--dd7bc1cb610895db973d0edaeb71d8155e617ee866eb90349c5e2d002d0c
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

Hi Nicholas,

can I ask you to both let me know whether you're happy for me to change the >> review status to completed?

Do you mean Salsa/github reviewers? To be honest I don't have time to
do a full review...Sorry.

no, I really mean this in the simplest possible way: review the 50 lines of

https://salsa.debian.org/debian/adequate/-/blob/tech-notes/license-incompatibility.md

and let me know if you approve of it. if you have changes to propose, either a patch or comments here are fine

in any case, happy to drop you off the reviewers list if that sounds too much for you at this point

thanks again,
Serafeim

--dd7bc1cb610895db973d0edaeb71d8155e617ee866eb90349c5e2d002d0c
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaURhUACgkQT59tVQ7W EioxLw/9GpgQLA8CGqHDFcthFCdRZTJ/ITuLhifwWqPYLMwVH5qXY4um1kByfsdg Pf6TPwrwAHStlQ3wdl7Nv7bm5l6T0yDlvuly3EwLkpqcEqn4ftTUb/3M1mbTUaXu 5qyqnZ3EHgQ94IfrrFVGp/uLvgw/DyBSpj8vQt1aANl5d99yRBh/bfSuq2csv9kU LvjHoxR0HeoXMRenNZwjZ/km5b5ja2Pwn55yElI4xp7jYuFsHQ8bK2HBWe0gRED/ qskEB9dV5cwUS6luVhBTffqUytIqBKc5SAt5IuMKb6uxmSopD6pgsWbI0nv2Ra3a 8MzrRYOU/VqW5aneWBGqS3RRRVqxEC+jfcXKglNQ6iJ/PFsge+GnI8yd6poJijgk vQ/3IpCy27quv6GHoO5AQ25WvxerOd8mAts4dRqZjwk5l1gFGuNfwtAXjzcJLnIs sV00jyOHfVn0HaxV9VngHzvY6L9HOonxd4Ejbfc9c6d9+kcW/yWYYtJbTuzM62Mb cYlbH1Qb9kXFu91+CnzD/oKCJ0vAwjXL9obKJ68Fzub1adxCd32sDtgTeSwtEJAH PalPZivbYan0fvtFIy9GRhJttsBeR09eDerICJpv7FEFKbY7u4sJnpAVUoV0GIVs bwD2x0motbwbbHlRqcOgBB1WR2LGzENA2czvoybnThr1zbfsKBs=p8HN
-----END PGP SIGNATURE-----

--dd7bc1cb610895db973d0edaeb71d8155e617ee866eb90349c5e2d002d0c--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 14 Jul 2024 23:35:18 +0200 Serafeim Zanikolas wrote:

On Mon Jul 8, 2024 at 11:39 PM CEST, Francesco Poli wrote:

On Sun, 07 Jul 2024 15:50:59 +0200 Serafeim Zanikolas wrote:

thanks again Francesco!

You're welcome. :-)

[...]

the attached patch

[...]

fixes the mistake

[...]

applied and pushed. which brings me back to:

can I ask you to both let me know whether you're happy for me to
change the review status to completed?

[...]

Personally, I cannot see anything else that needs to be fixed
in the [current] version of the technical note. I think it is
'adequately' fit for its purpose... ;-)

[current]: <https://salsa.debian.org/debian/adequate/-/blob/f0454641633af27d1ad9663e12494eb6f9e9d3ca/license-incompatibility.md>

I hope that the technical note, once finalized, gets included in
package 'adequate', under the same license as the rest of package
(Expat).

Also, do you plan to automatically extract the incompatibility matrix
from the technical note itself? That would prevent the matrix (as used
by the "adequate" command) from ever becoming inconsistent with the
documented matrix (as found in the technical note)...


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmaVnlEACgkQPhwn4R9p v/6yrA/9FQ8sAlr92AhI295L/0npLli2IxswqGJ0KiEfKBez2E9iqaVxFsOBOxxg P8k7CA7Dieubs0upl85i2mNNwjIqzM282dKbqrXFxlRKsTj53yW7jEfVvzYmRnZ3 gr7gaYAdBp4BWosK75QkyVLVPIOAYcbo13uKp2qiB9jcvz8ZLYd8I3jJcSQLixhK 1XGMpqT4j6OGU/ZqKMShYTZmZqYBJlYck2XOTwZ9jx/udcnZkamnbswXKbQZNz0C DJF3eJ3+4Upi6Ny2IVvNL1rGGOV0v6bW/vCn6OpbKYSNsNFx8ZkpW75RyBfhTdga 0x8Pj8xsgdMHBUqzLMG5dz6RvAldMk9wWLm5+Y7L5hXyiMOi/TFontoCUsKOAEs8 hzdYT26crC8HtJAQfMBNQ2ejE2f8jwC4eU7HI1aOE5XclRQBn6CKffvxQ73M/2It JqDkEG8EPaRuFODRymo1ldZCyTfnMYz65BlU5V2KFXc57jdhXfr2HcfFJmqa4pXu 7ods2N/94leQOcV9BHxNuRVHqHBmfIuE45E3dJWooVQp9gmexnCMk3crZxsFDt3m YRYtxjdo2AOrVrIX+mgIrGlTyIfxhbP5MntUgCRQTL5ttup4JYefW5Mxc+4+r3gs wD43Kr/nwHWbUHPGRArv4KZDrSf/J+fN

On Mon, 15 Jul 2024 18:27:24 -0400 Nicholas D Steeves wrote:

[...]

People are going to use this
instead of spending time (and extensive energy) manually checking for
license compat, thus the reviewer[s] sign-off indicates that the matrix
is a trusted shortcut.

Well, I hope people will not skip any manual license compatibility
check, just because 'adequate' is able to complain about some simple
and well-known incompatibilities!

If this is an actual concern (on a second thought, I personally think
it could be!), some more explicit warning could be added to the
technical note, highlighting that the design philosophy is to allow for
a good number of false negatives, in order to try hard to avoid false positives.
Perhaps the background section should be clearer on this.
And a FAQ could be added.

Serafeim, do you agree?


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmaWq/0ACgkQPhwn4R9p v/4Z9A/8DmXI+dqDC+jM3ljx49HKvKq5RDowMe9tngyqe5LBG1eb4fkmhIaLos56 5/YSUynI4cVYDwbi2j3VWJGaj0V/hirGoCyD8Yr4ufkwBhR0/dQbdsmwxQh4WUlo d3D485eyyuDGMIUJmKP+MR6qV2+zbtylBv5zUzZM52hwzaEphJKtwGiGMcOX8u4K AC6vhGEie3Ez7GhGZb1vnSv05L/T0aVa9kJZusdAd6GYNEeoK04wWGpRB0l7e0UD WqigjfXzeOeZ/+cs7o/07DhkAotl7c0lTZ5usCP+nXr1VQdxZZKMbh+FLZY/0Au9 PjcklrxAY5e1JRav69zQ4cayiFiNDF0k8BM4C2ib/L1hP0hythQnlR+ZK0o6uUMd SuaH9tramLKxrGi1qakf6AXxABKM4kE2ARb2mSlGdcR+HpYjfz9yQIrdqZGz9I4O Y23wQVTw6EltkwMBIIQuiWXz2m/avtAy58ko3eI4Im7TXbmslqob+7aCB7PF9eN0 9rjQdD473J2SiZUnJouOBSVPNAPq6Kr2VK7iO3MhI7nRI6Q5Eb5okNQL9dB42ABf vOD6CFUk3vQZkRqGpfYe+Pcja/I+YF8ntL78UVTYTA2Uu5BMiFO3YKtkKZZfKk/z C8n5pylRsXtSggvKImxe3GnVsKUiTyZw

--5d1936356e6f8ef443bf1176d1341d9d73c909c01513ad9eb3b6ad406378
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

On Tue Jul 16, 2024 at 12:27 AM CEST, Nicholas D Steeves wrote:

...this is much more work than 50 lines. People are going to use this

[..]

I don't have time to check the proposed compatibility matrix for
correctness, I haven't checked it, so it's wrong to say that I reviewed

that makes sense. I'll add you as a contributor and drop you as a reviewer.

thanks again,
Serafeim

--5d1936356e6f8ef443bf1176d1341d9d73c909c01513ad9eb3b6ad406378
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaWwqYACgkQT59tVQ7W Eioi/A//S0Yrp8zTAejnCsqWipmXynBkXFIyEf1haeElWgdF9pdYp7iPsVbvee9n 0N3HXUBtFJSGAHdjT/n/l8hF4OyMJbT4pz7hztLldW7hn1yl7gc2iubkyEfZ1lcz FGYUKQw83AmvTnwhwdUmIpb5l8x2DMYXaRv9MHJGH7LKYD+c5yoSR7AJ05KBkmfR EL+Pu93dwYpVhdeMc9j0TXu3eFvmeuYLm3rzbY0hQrfcWrTNqh/Dzh0i/TffKRbb jD3T1hxXLFfRYu87NPro8yRoOazvl+TqmmdHDEKYaHvUWqaiSV8c11cJvqIgruwV mEawcwBCq+4kf7lN06CMtHYWiImt/GByVd3NEbCJiH63kxIU2WNzs3HFsbXESR5E FevKOEVT9X2XmMJBLwLCAl6+OnWxc8XRfkY/xKcyFB/v67rqWIdTt2qwA3a8RwB2 uwLz3f86Y5ETy3lLGFn7FtcP5Yl5QPtnCkgMxKXDMUyiBUqKaHyV6dvcDfrLYppC Fj0Skn9u80TicqpoIekxgndJaKxhyv9xvdAeDnh8Qp/tvfVfAQo+nyooOJFYifA6 1ynfFC+fwJUucs64K4fd3fDpz3SPSef0AXIPPsIqgwEZ+2CIlBnxz76nx+Ga0sGt Fp4co9uFthsI9g1Cu60poaZ8ep2VppUhfyVhI99pkMg4mnMsY5c=xdjg
-----END PGP SIGNATURE-----

--5d1936356e6f8ef443bf1176d1341d9d73c909c01513ad9eb3b6ad406378--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--21e3af800dcce048289142b21edd3c3204824f9c678df82e71bf75844773
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

On Tue Jul 16, 2024 at 12:10 AM CEST, Francesco Poli wrote:
[..]

If this is an actual concern (on a second thought, I personally think
it could be!), some more explicit warning could be added to the

[..]

Perhaps the background section should be clearer on this.
And a FAQ could be added.

I've added a note in the background, a comment in the MPL-2 entry, and an additional FAQ entry.

Personally, I cannot see anything else that needs to be fixed
in the [current] version of the technical note. I think it is
'adequately' fit for its purpose... ;-)

thanks, changed your review status to approved.

I hope that the technical note, once finalized, gets included in
package 'adequate', under the same license as the rest of package
(Expat).

I haven't thought about licensing (the irony!). Expat sgtm.

Also, do you plan to automatically extract the incompatibility matrix
from the technical note itself? That would prevent the matrix (as used
by the "adequate" command) from ever becoming inconsistent with the documented matrix (as found in the technical note)...

I guess I could move it to the main branch, although I'm not sure that I'd bother with technically enforcing the consistency. the nice thing of having it in a separate branch is that one can subscribe to the branch RSS feed from salsa
without having to be notified about changes in the adequate code.

thanks,
Serafeim

--21e3af800dcce048289142b21edd3c3204824f9c678df82e71bf75844773
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaW9oEACgkQT59tVQ7W EioXzQ/+PHUrydFhksxOFpAp6ZVnlnLaLlpR33Gj408X0I08EY1d4PJjevtmCY9r ldcUPIVYk1UDHHpUfmbErazo2+AdABUOig4Q5w6qWSqw8cZVZq4/T/55rIkiGovu QqsOIYzlKxfKCSOzhfoefSTF04cYyUvYFWzd/HXWm0tNsyMfvRzOxX9L5t64z9eM AYAWPlV5xTVvi1Z0eC6TF5CEetMvTnMzEp1tGOlC37nkFphEONSBV5Cb/58j1JsD YFYVMyH1NTTxuh7AQSlQSUMPToxeAUZr5+vVqRwr7XnzcdXcdbQheF803H/ttOQ8 orb9OnrxyQ+wi6f0meYrx3zTzzQ035YHEC1JQurdgKcsJgfNsuRnpe96wHuUCsRZ /ymhAp/GT9NtTgwaW0XgIHSVfIkv7kR9QmMo7ElXhLmXVLole6dVMdwfEJ2wbUs7 m6OhgMRMN8de531weksI3JeD+CvG2C+v13gy9aJwsIwj/XTZD08fEboJoHEC+s9w wLgcNvLMKiKbodHA+X68o0HO4bdxQxDvq4HGem1Gc/YmxnPHWPuuTKnEvTFnD+IY vhDosy1O8StT+zx/X4TauL/uI0UFUzynDLwkuFiIUlQYTn5fHrdyfT3rzQQaZSbG aVVZH+s9xUeDCyNZwg+XYR14XUk0psmXgEPhZE50dGyN9z9PhZE=z5j3
-----END PGP SIGNATURE-----

--21e3af800dcce048289142b21edd3c3204824f9c678df82e71bf75844773--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 17 Jul 2024 00:38:57 +0200 Serafeim Zanikolas wrote:

On Tue Jul 16, 2024 at 12:10 AM CEST, Francesco Poli wrote:
[..]

If this is an actual concern (on a second thought, I personally think
it could be!), some more explicit warning could be added to the

[..]

Perhaps the background section should be clearer on this.
And a FAQ could be added.

I've added a note in the background, a comment in the MPL-2 entry, and an additional FAQ entry.

OK, that looks better.
I hope this is enough to clarify that manual license compatibility
checks should not stop, just because one can run 'adequate'...

Personally, I cannot see anything else that needs to be fixed
in the [current] version of the technical note. I think it is
'adequately' fit for its purpose... ;-)

thanks, changed your review status to approved.

Just one nitpick about the metadata:

reviewer: [email protected]
review-status: approved
on-behalf-of: debian-legal@

I think that writing "on-behalf-of: debian-legal@" could give the wrong impression that I have been officially appointed as a spokesperson of
the debian-legal mailing list.
I am not a spokesperson.
I am just one debian-legal participant, with my own opinions and
standpoint (which sometimes are similar to those of some other
debian-legal participants, sometimes are not!).

Please fix this line.
Thanks.

I hope that the technical note, once finalized, gets included in
package 'adequate', under the same license as the rest of package
(Expat).

I haven't thought about licensing (the irony!). Expat sgtm.

Good, thanks for agreeing on the licensing for the technical note.

Also, do you plan to automatically extract the incompatibility matrix
from the technical note itself? That would prevent the matrix (as used
by the "adequate" command) from ever becoming inconsistent with the documented matrix (as found in the technical note)...

I guess I could move it to the main branch, although I'm not sure that I'd bother with technically enforcing the consistency. the nice thing of having it
in a separate branch is that one can subscribe to the branch RSS feed from salsa
without having to be notified about changes in the adequate code.

I am convinced that the technical note really belongs to package
'adequate', so I would strongly encourage you to move the document
inside the package (probably to be installed
under /usr/share/doc/adequate/ ).

Extracting the matrix from the technical note at package build time (in
some sort of literate programming fashion) would ensure that one does
not forget to modify the documentation, when the matrix has to be
modified, or the other way round.
But I think I had already clarified the rationale behind my suggestion.
I acknowledge that it could be a bit tricky, but it would be nice to
have...



--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmab3xsACgkQPhwn4R9p v/7lqRAArGCM5TXLvrSh525RMUrduwH7GPlxr3mCM2l3Unj5EcOJI63+dAnWR3ED j3XpfCQWvtH+tOXjiposDyc3gtGaEx5bLqFaUqkcclWJ+RUVB11S4Cl2fx7nnMdj 6sZfFgTe9tSdFyv2Lo9TsEMoMriTgThsV2aCaXQeXorpGP5AcGq29Hx5zIAIRfU/ q4sDwb9gfPckuGK3tc6Y02+rWDpV2TfaRfOglh7rC30FWG+Q8K6uPZ+tsqHE8slw UxfL3wXaTdhLJnSZzrkmrBgYyTVeshrw51zKrmdQ/ebpC5j5K7z4zgRXv7WmArTE 8lgU/WNXSAUvIDjVzxiOLq3YvxTsXBhnubp8guG31ONbcwiiBXesRNxzQbi6/dGU DvpdBLHy7X60zRt6XC57S4n0kHpKyq7PHbaEBdp9CIGc/IN1XZYxSYRV7ZzLQ0f2 FfRR/1u30ussR3m454xAyceU9cElzGqoH57VvzVhLY+9cMyFRiqPpNj4rbtn0YFc ebmOkBsFnXW4uGosxYIR4Gq2Op/IdrtS46uWbRh2BoJiuttAkoor7CJg/IcUi3g6 lrfAKb9xVgCFFORKCspUH8jRCIMgLAb8Z2tvkQadzQ1aouybir8ml2t5FgqZP6T3 xaKJw7br5B7OcoC5R5n7KKJjgFYm3izj

On Mon, 22 Jul 2024 01:12:52 +0200 Serafeim Zanikolas wrote:

[...]

On Sat Jul 20, 2024 at 6:00 PM CEST, Francesco Poli wrote:

I think that writing "on-behalf-of: debian-legal@" could give the wrong impression that I have been officially appointed as a spokesperson of
the debian-legal mailing list.

[...]

I see, I understand your concern. I've now changed this to
"review-context: debian-legal@"
to highlight that the review didn't happen in the dark nor in an off-topic place

Good.

[...]

I hope that the technical note, once finalized, gets included in package 'adequate', under the same license as the rest of package (Expat).

it's now in adequate's master branch and shipped in /usr/share/doc. I did not add a license field in the markdown file itself, because debian/copyright already covers that.

But debian/copyright does not have a stanza for that file (license-incompatibility.md)...
If you really consider me as a co-author (despite the very little
contribution I provided), then you should create a separate stanza in
the debian/copyright:

Files: tech-notes/license-incompatibility.md
Copyright: 2024 Serafeim Zanikolas <[email protected]>
2024 Francesco Poli <[email protected]>
License: Expat

Also, I would suggest to not repeat the Expat license text multiple
times, it's probably better, if you put the license text into a stanza
on its own...

Thanks!


--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory! ..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEygERR5zS79/7gjklPhwn4R9pv/4FAmalD8MACgkQPhwn4R9p v/6kmQ/7BBWhyp8oXo1BG1JlGdfeUY0QZkkrVLFA6wggsXnisn3edjyLgARWnyt7 RGTiPkofHcdriM2TP4kzo/4unR/EFaRVgyTHO+suspHqWXhgjnWqIvrzlPVEou+0 5VIJssq4HKdkY/UT6TkaxqIFk35tCpF0ap7C9f6leyfjFSAFPLGBsPa2Uo1WpQFv vhJhdKeD6V966N39Tgh1hYGyUSCnyUbl/0xTUoo5UVx3YqpxJsJzHCLFy5BzDpCc ajKJURISPCIzu9dsEbNkgmY2VehHYu/TeQ4ORHWEpXpony7BULHZPzp1RHlYT38t jlH6r0owd1Ucetl2ed8G0CSsakzGkml/U7Nv4S6XCmvICrhTRwtCOr/KyvSU9i9I chPDzmPfoR39rXCpbGgS5wUw6wwnWpESFdpbxK9l1PwApTj4VRYDcEGe/xwUVfn+ EecEOAAmQ7yIdncmleIZlwVSS+MtCaw/+E6NRFS/l1OTBvFpxT4XavKY2KmRj2K7 s74EZFeNRJufR6z1didqh2hNCEoJxuRxhimwVEXrUjWv7fGaZv7F1IxrtmVawdna 7L0JUs6sDXAmObDUQ0BRARgoQUEysl6z2UPTE6bj5ds/RW6avSzsmM0eG4LcNtN4 bwjfn2u2e6wbLQuh4FnVpDir/Stx0IGl

--193ffbe1a00fe9619a1b1a102beb7985d15592fdf8b3bf229abea68a2661
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

On Sat Jul 27, 2024 at 5:18 PM CEST, Francesco Poli wrote:
[..]

But debian/copyright does not have a stanza for that file (license-incompatibility.md)...
If you really consider me as a co-author (despite the very little contribution I provided), then you should create a separate stanza in
the debian/copyright:

[..]

Also, I would suggest to not repeat the Expat license text multiple
times, it's probably better, if you put the license text into a stanza
on its own...

done and done in 0.16.5

thanks,
Serafeim

--193ffbe1a00fe9619a1b1a102beb7985d15592fdf8b3bf229abea68a2661
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA2RWqo7IwLCLSFYbT59tVQ7WEioFAmaoDwwACgkQT59tVQ7W EiqIHA//bRe3f24+T+6vsbDoDKUEXm8uKAA0tm7lJI2rR6MDdnyifjy758a4NljP RGPWZRMv3slARAYDom0be2djBZ1NfvDgJhG3m6wAJA+Kdn/L9Ax+zzHQWaAqNR9B QWXr7kv3HTgIrA/32ibrzhoI4JFiAILTcezWQ30gInLNjCT9qaLG+izwKKC+dOIk HPVnadQmDH+xirFJQAzHWJOsCJ3iTZQ6/H8XeJMh0NhZu6hs81qm1XEOGd6kV9B8 WMQW5uk65qngTCADxbA2lKoyc3jnNWQqI5GJ2eDk1DwWGPeiajYm+JsNoBhS490i VhVAP1amS2Y6PANRwBWIIqhxPLErp5iZbaWmffUzGLKNYbECh6usJSVCAVqbHIfK SzjTmjdNrZ+Q/gvT0Jj5Pf66sGMh06XNBULUie9kVha0ok7NG/X6S2sNm8UCXrYg 579sgRykTYW5T3V7EWaHVOLE9fFmfuqNnPJH6LNe4pKS/MayYu/uGDxyX57jEg7Z KdXPeaTXKNwn2H3W13u9GFnZOGJYKKzGV4A5u2nDb//Ta7ZjBNOZ2UdqelF8LXKY VHUUvNGUlFw5gFupVUOlEriHQ3PBjoHxVQw8qm1NG96vsqNY/ASnewR9qGugbB1L P8JDLAT4QMB40VQ6b4eFtSJR5m/2N7t5+704t0o6SwBqah162kQ=X2ep
-----END PGP SIGNATURE-----

--193ffbe1a00fe9619a1b1a102beb7985d15592fdf8b3bf229abea68a2661--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)