Re: Sponsorship requirements and copyright files

[David Claughton]

Charles Plessy wrote:
 [If I remember correctly, the question below is whether the law in the U.S.A.
 requires us to reproduce all copyright statements from the source files when 
 we
 redistribute binary programs, or if this is only needed when the license
 expliciterly asks so.]
 

I believe there was also a related question concerning who might be held
liable for copyright infringement in the case of something dodgy making
it into the archive - would it be the FTP team because they exert
editorial control over the archive, would it be SPI as the umbrella
organisation, or would the axe fall on the individual maintainer?

Cheers,

David.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Charles Plessy]

[If I remember correctly, the question below is whether the law in the U.S.A.
requires us to reproduce all copyright statements from the source files when we
redistribute binary programs, or if this is only needed when the license
expliciterly asks so.]

Le Sun, Mar 22, 2009 at 12:55:58PM -0700, Russ Allbery a écrit :
 Joerg Jaspert jo...@debian.org writes:
 
  Also, keep in mind what Mark wrote elsewhere. He asked the DPL to let
  SPI get us some lawyers input on the question. Thats probably the best
  course.
 
 Yes.  I'm wholeheartedly in favor of this, and I think we should hold any
 resolution of this discussion for the results of that.  There are a
 surprising number of gotchas hidden in licenses that people think are
 straightforward and read past, and it would be nice to know what our basic
 legal requirements are.

Dear Steve, FTP team, and everybody.

The discussion was held for half a year now. Can we have an update on what is
happening on the lawyer side?

Have a nice Sunday,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Emilio Pozuelo Monfort]

Russ Allbery wrote:
 Joerg Jaspert jo...@debian.org writes:
 
 Also, keep in mind what Mark wrote elsewhere. He asked the DPL to let
 SPI get us some lawyers input on the question. Thats probably the best
 course.
 
 Yes.  I'm wholeheartedly in favor of this, and I think we should hold any
 resolution of this discussion for the results of that.

Has this happened? Did we get a reply yet?



signature.asc
Description: OpenPGP digital signature

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Manoj Srivastava sriva...@debian.org writes:
 On Thu, Mar 26 2009, Russ Allbery wrote:

 One intermediate way in which I could see this specification going into
 Policy without it being required for anyone would be to add a
 subsection of the copyright section that says you are not required to
 use any particular format for debian/copyright, but if you *want* to
 use a structured format, please use this one.  I can see some value in
 doing that without requiring the format and I think it would fit into
 the mandate of Policy to do so.

 You think policy shol recommend people use a format known to ve
  flawed, in draft form, and scheduled to be radically changed?

No, no.  Not until it's been discussed and is fairly stable.  Sorry, I
wasn't clear.  My only point was that we can put it into Policy without
making it mandatory (or even recommended unless people *want* to use a
machine-parsable format).

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Thu, Mar 26 2009, Russ Allbery wrote:

 Manoj Srivastava sriva...@debian.org writes:

 Not currently seems to imply that at some point it will be
  mandatory at some point.  I find that somewhat presumptuous, but
  perhaps I am reading too much into the in this current time bit.  I
  would put it as this is a proposal. It is not, and will not become
  policy, unless something improves radically. Even so, it might never
  become policy, and at this point a proposal in good enough shape to
  even start discussing the merits of the idea does not exist.  When a
  proposal which is even maginally viable is licked into shape, it shall
  be brought forth to light again. And, if it is very good, it might live
  to see light in policy.

 One intermediate way in which I could see this specification going into
 Policy without it being required for anyone would be to add a subsection
 of the copyright section that says you are not required to use any
 particular format for debian/copyright, but if you *want* to use a
 structured format, please use this one.  I can see some value in doing
 that without requiring the format and I think it would fit into the
 mandate of Policy to do so.

You think policy shol recommend people use a format known to ve
 flawed, in draft form, and scheduled to be radically changed? I think
 this is one case where policy should instead butt out and let the
 format be tested and adopted by users and have the kinks worked way out
 before recommending something that no one actually defends using.

Indeed, changing recommendations on an ongoing basis as the
 specification is modified, tested, and modified again  would lead to
 people who follow policy recommendations to be using something that is
 deprecated, and would be the wrong thing for policy to do.

Am I missing something? (It has been a long day of meetings, and
 the hotel bed is lumpy, and I am replying to these mails fighting bouts
 of insomnia)

manoj
-- 
No matter who you are, some scholar can show you the great idea you had
was had by someone before you.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Ben Finney wrote:

 Manoj Srivastava sriva...@debian.org writes:

 On Tue, Mar 24 2009, Ben Finney wrote:
 
 If the spec is being bruited under the understanding that
  the flaws do not matter

 Who's doing that? Of course the flaws matter.

 So answering criticism of the current spec with well, it is not
  going to be policy any time soon, so just urn your attention elsewhere

 If you got that impression, I can only say I don't think it's
 accurate. Try this:

 The machine-parseable copyright format is still in draft form and is
 not currently mandatory, so no-one is forced to use it.

Not currently seems to imply that at some point it will be
 mandatory at some point.   I find that somewhat presumptuous, but
 perhaps I am reading too much into the in this current time bit.  I
 would put it as this is a proposal. It is not, and will not become
 policy, unless something improves radically. Even so, it might never
 become policy, and at this point a proposal in good enough shape to
 even start discussing the merits of the idea does not exist.  When a
 proposal which is even maginally viable is licked into shape, it shall
 be brought forth to light again. And, if it is very good, it might live
 to see light in policy.

There is nothing pre-ordained about this idea to assume it will
 become policy -- that happens when a whole lot of people agree that it
 is a good idea.

 Those who don't like the form it's currently in are welcome to discuss
 it, once the discussion moves to a forum more amenable to actually
 building on what is discussed. I believe this is in progress with a
 DEP under way.

Generally, the forum for discussion development for Debian is the
 debian-devel mailing list.  If we are having to move to some other
 forum, or wait around and not discuss this while something happens to a
 DEP, I think the DEP drivers have failed. 

At this point, I have spent some effort looking over the
 proposed solution, thinking about the issue, and coming up witht he
 flaws in the current proposal, and how they might be changed. I am
 unlikely to keep this in my working set, and once it swaps out I am
 unlikely to want to go through the same effort again.

manoj
-- 
Beware of a tall blond man with one black shoe.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Manoj Srivastava sriva...@debian.org writes:

 Not currently seems to imply that at some point it will be
  mandatory at some point.   I find that somewhat presumptuous, but
  perhaps I am reading too much into the in this current time bit.

I think perhaps you are. I read it only as leaving that option open;
the proponents of the format should at least have the ambition of
working toward a format good enough to propose as policy.

  I would put it as this is a proposal. It is not, and will not
  become policy, unless something improves radically.

Would it surprise you to know that I find *that* rather presumptuous?
:-) I think that a format good enough to bring consistency to the
chaos of disparate ‘debian/copyright’ files would in itself be enough
to propose such a format as policy. I think the current format is not
far away from that state.

Note that none of the above is meant to predict the format is anywhere
near good enough yet to be proposed as policy; only that I can't see
what would cause you to reject it in such absolute terms.

  Even so, it might never become policy, and at this point a proposal
  in good enough shape to even start discussing the merits of the
  idea does not exist.

We evidently *have* been discussing the merits of such an idea,
precisely because such a format is being actively developed. I don't
understand what basis you have for your statement.

  When a proposal which is even maginally viable is licked into
  shape, it shall be brought forth to light again. And, if it is very
  good, it might live to see light in policy.

Yes.

 There is nothing pre-ordained about this idea to assume it
  will become policy -- that happens when a whole lot of people agree
  that it is a good idea.

Totally agreed.

  Those who don't like the form it's currently in are welcome to
  discuss it, once the discussion moves to a forum more amenable to
  actually building on what is discussed. I believe this is in
  progress with a DEP under way.
 
 Generally, the forum for discussion development for Debian
  is the debian-devel mailing list. If we are having to move to some
  other forum, or wait around and not discuss this while something
  happens to a DEP, I think the DEP drivers have failed.

Sure. DEP 5 is now online and the drivers are, by their own account,
active in their role and taking the recent discussions here into
consideration.

-- 
 \ “Pleasure's a sin, and sometimes sin's a pleasure.” —“Lord” |
  `\  George Gordon Noel Byron, _Don Juan_ |
_o__)  |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Charles Plessy]

Le Thu, Mar 26, 2009 at 01:32:46AM -0500, Manoj Srivastava a écrit :
 
 Generally, the forum for discussion development for Debian is the
  debian-devel mailing list.  If we are having to move to some other
  forum, or wait around and not discuss this while something happens to a
  DEP, I think the DEP drivers have failed. 

Manoj,

-devel (or -project) is the right place for discussing the DEP. I have posted an
answer to the comments made on -mentors by Sune and have not got any reply yet,
so I suppose that people were satisfied and are now waiting for us to finish to 
clean
and slim down the proposal.

http://lists.debian.org/msgid-search/20090320092858.gd4...@kunpuu.plessy.org

If your are short of time, you will save some by patienting a few more days and
let us finish the rewriting. On the other hand, if you want to help us, your
propositions are of course welcome. Can you summarise them ?

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Manoj Srivastava sriva...@debian.org writes:

 Not currently seems to imply that at some point it will be
  mandatory at some point.  I find that somewhat presumptuous, but
  perhaps I am reading too much into the in this current time bit.  I
  would put it as this is a proposal. It is not, and will not become
  policy, unless something improves radically. Even so, it might never
  become policy, and at this point a proposal in good enough shape to
  even start discussing the merits of the idea does not exist.  When a
  proposal which is even maginally viable is licked into shape, it shall
  be brought forth to light again. And, if it is very good, it might live
  to see light in policy.

One intermediate way in which I could see this specification going into
Policy without it being required for anyone would be to add a subsection
of the copyright section that says you are not required to use any
particular format for debian/copyright, but if you *want* to use a
structured format, please use this one.  I can see some value in doing
that without requiring the format and I think it would fit into the
mandate of Policy to do so.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Lars Wirzenius]

ti, 2009-03-24 kello 17:50 -0500, Manoj Srivastava kirjoitti:
 I am expressing my opinion now, on a mailing list devoted to
  debian development.  I have not been keeping up witht eh bureaucratic
  rigmarole that seems to be being wrapped around discussions, not after
  we got the notice that there was a topic to be discussed, but we should
  not discuss it since the red-tape software was broken.

It's not very clearly written into DEP0, but it was always my intention,
I and think Zack's and Dato's (that is, the people who came up with DEP
in the first place), that the DEP process should introduce very low
levels of bureucracy, and that _all_ the bureaucracy would be handled by
the drivers. Indeed, as far as anyone else is concerned, the DEP might
not even exist.

 Whoever is drafting the draft ought to be paying attention to
  the feedback being generated now,  and create a better draft to start
  with.

I fully concur.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Lars Wirzenius]

ke, 2009-03-25 kello 01:32 +, Noah Slater kirjoitti:
 On Wed, Mar 25, 2009 at 12:39:46AM +, Steve McIntyre wrote:
  I'm curious... What do you think *is* the Debian way of doing things
  like this ?
 
 Manoj's email strongly implied that a DEP was needless bureaucracy.
 
 I'm hardly likely to argue with you about what constitutes the Debian way, but
 considering we've let a proposal stew on a wiki for over a year, have taken 
 some
 discussion over to the mailing list and are now working on a DEP, I find it 
 very
 confusing that it should be considered that we are somehow abusing the 
 process.

Speaking as one of the drivers of DEP0, I think you are misunderstanding
how DEPs should be driven. They should not be used to control the
discussion. They are, very fundamentally, a way to record consensus and
the state of the discussion. As a by-product, they hopefully produce a
document that will be useful later.

If the people participating in a discussion have to be aware that
something is discussed as part of a DEP, and have to adjust their
behavior accordingly, the drivers have failed.

(Also, DEPs are hardly the established Debian way of doing things.
There's only two accepted ones, and only six ones ever registered,
counting DEP0 itself. I hope that DEPs will some day be accepted, but
they won't be, if it's OK to use them as hitting implements.)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Wed, Mar 25 2009, Lars Wirzenius wrote:

 ke, 2009-03-25 kello 01:32 +, Noah Slater kirjoitti:
 On Wed, Mar 25, 2009 at 12:39:46AM +, Steve McIntyre wrote:
  I'm curious... What do you think *is* the Debian way of doing things
  like this ?
 
 Manoj's email strongly implied that a DEP was needless bureaucracy.

The recent memoranda about DEPs did lead me to believe
 that. However ...

 I'm hardly likely to argue with you about what constitutes the Debian
 way, but considering we've let a proposal stew on a wiki for over a
 year, have taken some discussion over to the mailing list and are now
 working on a DEP, I find it very confusing that it should be
 considered that we are somehow abusing the process.

 Speaking as one of the drivers of DEP0, I think you are misunderstanding
 how DEPs should be driven. They should not be used to control the
 discussion. They are, very fundamentally, a way to record consensus and
 the state of the discussion. As a by-product, they hopefully produce a
 document that will be useful later.

 If the people participating in a discussion have to be aware that
 something is discussed as part of a DEP, and have to adjust their
 behavior accordingly, the drivers have failed.

This paragraph, and this one

 It's not very clearly written into DEP0, but it was always my
 intention, I and think Zack's and Dato's (that is, the people who came
 up with DEP in the first place), that the DEP process should introduce
 very low levels of bureucracy, and that _all_ the bureaucracy would be
 handled by the drivers. Indeed, as far as anyone else is concerned,
 the DEP might not even exist.

make me view a DEP far more favourably. Using a process to track
 discussion, which does not impede said discussion, can only be
 positive. 

 (Also, DEPs are hardly the established Debian way of doing things.
 There's only two accepted ones, and only six ones ever registered,
 counting DEP0 itself. I hope that DEPs will some day be accepted, but
 they won't be, if it's OK to use them as hitting implements.)

  +1

manoj
-- 
The truth is rarely pure, and never simple. Oscar Wilde
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Mike Hommey]

On Sun, Mar 22, 2009 at 12:55:58PM -0700, Russ Allbery wrote:
 Well, the one thing that I think we need to clarify here is whether we
 need to list the licenses for files that aren't source code for what goes
 into the binary distribution, such as the build system.  The files from
 Autoconf and Automake have a bunch of different licenses and documenting
 them is a fair bit of work for each package.

Actually, thinking about it for a little while, I think we're all
missing the point.

Who cares that file foo.c is licensed under GPL and bar.c under BSD?
People that want to take the source and use it elsewhere. These people
are obviously looking at the sources, and don't really need
debian/copyright information.

But on the other hand, what are people looking at debian/copyright
probably expecting? (and all the use cases for a machine parseable format
I've seen quoted so far do respect this rule)
Licensing terms for the *binary* files. They don't care that file foo.c
is licensed under GPL and bar.c under BSD, they care that libfoo.so is
licensed under GPL and libbar.so under BSD, or that libfoobar.so is
under GPL/BSD, foo.h under GPL and bar.h under BSD...

Mike


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Steve Langasek]

On Sun, Mar 22, 2009 at 09:00:34PM +0100, Arthur de Jong wrote:
 On Sun, 2009-03-22 at 12:11 +, Noah Slater wrote:
  Firmly in my mind is the cost/benefit of this extra effort. If we
  succeed in integrating debian/copyright checks into lintian, or dpkg
  and it's front-ends, it seems reasonable to imagine that this effort
  would be a good trade-off.

 I have been reading this discussion a bit and I've been wondering what
 use-case you actually have for machine-readable debian/copyright files.

  This is quite different than having the *license terms* recorded in a
  machine-parseable format, which is potentially useful in lots of ways;
  e.g., license solvers, letting open source-friendly companies get a
  broad overview of what they're getting into when they consider deriving,
  and so on.

  http://lists.debian.org/debian-devel/2009/03/msg01116.html

I'll add to this that there are various tools out there capable of reporting
on the license status of works.  HP has a project that's doing this, and
there's also the 'licensecheck' tool in devscripts that can give you what it
thinks are the licenses for the files in your package.  Those are each
useful in their own right; but combined with a machine-parseable copyright
format, we have potential for scalable reporting about *discrepancies*
between what the automatic tools say and what the maintainer has asserted in
debian/copyright, making it much easier to identify possible bugs (wishlist,
serious, or otherwise) in one or the other.


Please don't reply with arguments why this isn't enough reason to make
maintainers do extra work.  I'm not trying to make any maintainers do extra
work; I'm pointing out reasons why having a consistent and machine-parseable
copyright format is useful, which is the question that was asked.  That
benefit is there even if only a subset of maintainers opt to use a
machine-parseable format; but given that there is interest in having such a
format, it's important that we come to some agreement on what that format
should be, so that we don't have a dozen incompatible formats running
around.

That's what we should be working on.  This thread with people refusing to
use a parseable format for debian/copyright, and arguing about whether using
the format does or does not provide assurances about the copyright status of
a work, is all an irrelevant (and irritating) distraction.

 This means that if you want to introduce a new format you have to
 convince the maintainer of a package that there is some benefit, be it
 in tools that make their life easier or some concrete benefit for our
 users.

Not really.  There is currently no format specified for debian/copyright,
only content.  That means maintainers can use whatever format they want; if
a number of maintainers choose to use a common and machine-parseable format,
they can do that without having to persuade anyone else of its utility.

On Mon, Mar 23, 2009 at 10:56:57PM +0100, Arthur de Jong wrote:
 The problem is that I don't see much use for a machine-parsable format
 though at this point.

 Firstly (and most importantly for me), there are no tools to support it
 so there is no immediate benefit (except the improvement in
 readability).

Of course there aren't.  Why spend time writing tools yet, when people keep
changing the format definition itself?

Once there's a stable spec that has a measure of consensus surrounding it,
instead of a wiki page that someone takes the liberty of rewriting every
month or two, that's when I would expect to see adoption of the format by
more folks writing tools.

 BTW, the use-case where you don't want to install FDL content and have
 some way for apt to warn you before doing so won't be solved by a new
 format because debian/copyright is written at the source-level and not
 on the binary package level (think -doc packages that have FDL stuff and
 -bin packages that have other-licensed stuff). (not that I've given this
 too much thought)

Well, aside from the section header, nothing in Debian Policy actually says
you need to have a per-source debian/copyright file; and you certainly can
have separate per-binary copyright files in your package that get installed
individually if you choose, there's nothing that prevents you from doing
that even though it's clearly not common practice today.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Julien BLACHE]

Mike Hommey m...@glandium.org wrote:

Hi,

 Who cares that file foo.c is licensed under GPL and bar.c under BSD?
 People that want to take the source and use it elsewhere. These people
 are obviously looking at the sources, and don't really need
 debian/copyright information.

Let's add that if you are reusing code, you have to do your own
assessment anyway. Of course you can decide to trust debian/copyright,
but there's no guarantee and you're taking the risk.

JB.

-- 
 Julien BLACHE - Debian  GNU/Linux Developer - jbla...@debian.org 
 
 Public key available on http://www.jblache.org - KeyID: F5D6 5169 
 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Tue, 24 Mar 2009 07:37:48 +0100
Mike Hommey m...@glandium.org wrote:

 On Sun, Mar 22, 2009 at 12:55:58PM -0700, Russ Allbery wrote:
  Well, the one thing that I think we need to clarify here is whether we
  need to list the licenses for files that aren't source code for what goes
  into the binary distribution, such as the build system.  The files from
  Autoconf and Automake have a bunch of different licenses and documenting
  them is a fair bit of work for each package.
 
 Actually, thinking about it for a little while, I think we're all
 missing the point.
 
 Who cares that file foo.c is licensed under GPL and bar.c under BSD?

Only if foo.c is compiled into libfoo and bar into an application
called bar - i.e. separate compiled objects like plugins or multiple
libraries per package. 

There is nothing in debian/copyright to help with that decision (nor
should there be, before anyone suggests it, because that doesn't scale
either).

 People that want to take the source and use it elsewhere. These people
 are obviously looking at the sources, and don't really need
 debian/copyright information.

Agreed.
 
 But on the other hand, what are people looking at debian/copyright
 probably expecting? (and all the use cases for a machine parseable format
 I've seen quoted so far do respect this rule)
 Licensing terms for the *binary* files. They don't care that file foo.c
 is licensed under GPL and bar.c under BSD, they care that libfoo.so is
 licensed under GPL and libbar.so under BSD, or that libfoobar.so is
 under GPL/BSD, foo.h under GPL and bar.h under BSD...

Exactly - but that is what debian/copyright does not provide and by
basing the proposed format on source files, there is nothing to gain
there either.

Identifying the licence of individual binary components of a package
requires detailed knowledge of the build systems - most packages are
relatively clean and try to keep one component to one sub-directory but
there are frequent cases of AM_CFLAGS having -I../../foo/ and LD_FLAGS
having -L../../foo/libfoo.la - correlating all those in even a medium
sized package would be a horrible burden - and, again, those linkages
can change more frequently than the licences themselves, especially in
the case of how an application links against private libraries where
there are no transitions to worry about. As with discussions about the
source code listings, this simply does not scale.

I could pick out the dependencies in an autotools package because I'm
familiar with autotools, but it would be much harder to identify what
was going on in Scons or CMake or other systems.

I fail to see any development use case for parsing debian/copyright that
does not inevitably lead to a detailed study of the source code in
order to actually make any real-life decision to do with whether to use
a particular package as a dependency of my own code - at which point
debian/copyright becomes irrelevant anyway.

The licence is always only one part of such a decision process - if the
functionality is not appropriate, it is better to use a different
library with a different licence, as long as the licences are strictly
compatible.

Vague ideas about users being extra-picky about the licences of
packages that they install from main seem completely impractical and the
likelihood of ever being able to convert Debian into GNewSense simply
by choosing licences at install time is unreasonably slim IMHO.
Principally this is because the existing licence information relates to
the source code, not the binaries and converting it to apply to
binaries is not scalable to Debian or particularly useful to
upstream developers.

Even lintian tests for licence incompatibilities are going to be very
hard to make reliable because lintian isn't going to know which source
files were compiled into which objects. Having a hotlist of libraries
that may require exceptions to be added to the GPL etc. is not
particularly easy to implement and would rely on objdump, not
debian/copyright.

Are we getting to the point of considering debian/copyright is largely
irrelevant to development/users and only really applies to distribution
of the binaries? If so, the sole arbiter of what goes into
debian/copyright should be ftp-master because it is only actions based
on distribution that have any real relevance to the contents of the
file and those considerations should be solely driven by the
requirements of the licence(s).

I must admit, when I'm doing upstream work and looking for libraries
that I can use to assist me, I have never ONCE looked at
debian/copyright for those packages - I have always gone to the
upstream source code. Each debian/copyright file I've written has been
written with the objective of meeting the requirements of ftp-master
and without any consideration of those who want to use the package in
development of other code, simply because I don't consider it wise to
base such decisions on debian/copyright and would be very surprised if
any other 

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Tue, 24 Mar 2009 09:18:41 +
Neil Williams codeh...@debian.org wrote:

 There is nothing in debian/copyright to help with that decision (nor
 should there be, before anyone suggests it, because that doesn't scale
 either).

Actually, I'm reconsidering that a bit - separate copyright files for
separate binary packages could be good for various reasons, unrelated
to the format of the files themselves. I must admit, I hadn't
considered that option - I was assuming all along that there would only
be one debian/copyright file and that it would remain tied to the
source package.

It could be good to split a 48kb copyright file into a number of
smaller files. (libx11-data has a 48kb copyright file)

 Identifying the licence of individual binary components of a package
 requires detailed knowledge of the build systems - most packages are
 relatively clean and try to keep one component to one sub-directory but
 there are frequent cases of AM_CFLAGS having -I../../foo/ and LD_FLAGS
 having -L../../foo/libfoo.la - correlating all those in even a medium
 sized package would be a horrible burden - and, again, those linkages
 can change more frequently than the licences themselves, especially in
 the case of how an application links against private libraries where
 there are no transitions to worry about. As with discussions about the
 source code listings, this simply does not scale.

That still applies though - some packages would have severe problems
implementing copyright files for specific binary packages.
 
 Are we getting to the point of considering debian/copyright is largely
 irrelevant to development/users and only really applies to distribution
 of the binaries? If so, the sole arbiter of what goes into
 debian/copyright should be ftp-master because it is only actions based
 on distribution that have any real relevance to the contents of the
 file and those considerations should be solely driven by the
 requirements of the licence(s).
 
 I must admit, when I'm doing upstream work and looking for libraries
 that I can use to assist me, I have never ONCE looked at
 debian/copyright for those packages - I have always gone to the
 upstream source code. Each debian/copyright file I've written has been
 written with the objective of meeting the requirements of ftp-master
 and without any consideration of those who want to use the package in
 development of other code, simply because I don't consider it wise to
 base such decisions on debian/copyright and would be very surprised if
 any other upstream developers would disagree.
 
 When I talk about readability of debian/copyright, I'm thinking solely
 of my work as a sponsor where I have to check that the file is (in my
 estimation) going to meet the requirements of ftp-master when I finally
 upload the package to NEW.
 
 So far, this thread has failed to identify a single real-world use case
 for debian/copyright that is not solely the remit of ftp-master.

(or people in a similar position who need to distribute parts of Debian)

 Unless ftp-master want a particular format, I'm not sure that there is
 any point choosing one version over another beyond human readability. I
 just want to be able to read debian/copyright in packages that I offer
 to sponsor and be sure that I can understand it and that I can satisfy
 myself that it will be OK for ftp-master. In that respect, I still
 consider the later revisions of the format to be unhelpful and I won't
 be using it or recommending it. If, when sponsoring, I find any
 debian/copyright file that I cannot read or understand, I will require
 changes to the file whether that breaks the format or not, until I'm
 happy that the file contains all information likely to be necessary for
 ftp-master.

As far as the format goes, that still stands - the use of per-binary
copyright files is (or can be) distinct from the format of those files.

-- 


Neil Williams
=
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/



pgpqupE4jnHgJ.pgp
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Tue, 24 Mar 2009 00:43:48 -0700
Steve Langasek vor...@debian.org wrote:

  I have been reading this discussion a bit and I've been wondering what
  use-case you actually have for machine-readable debian/copyright files.
 
   This is quite different than having the *license terms* recorded in a
   machine-parseable format, which is potentially useful in lots of ways;

The format would still need to match source code licence terms with
compiled objects that could include a variety of source files and have
to deal with changes in the linkages within a package that can change
during the lifetime of a package? There is no permanent/reliable link
between the licence of a source code file and the licence of a specific
compiled binary from the final package, only with the collection of
source code and the collection of binaries.

Even within a single .deb it might not be possible to identify exactly
which licences apply if the source package builds lots of variant
binary packages. Also, runtime information can be checked for some
simple .deb packages on the basis of all that the package contains but
development information about which licence applies to the source code
someone copies and pastes from the source package are entirely
separate. Other issues affect packages that build twice with different
options to ./configure that may or may not omit certain source code
files from one or other build.

If I have a modular source package that can enable or disable various
build options and various components and some of those components have
differing licences, it becomes very hard to track subtle changes
between builds that may or may not result in source code under licence
A being compiled into binary bar in some circumstances but not in
others. Individual versions of a package must build the same way on
each architecture but subsequent versions can change, making it hard
for the maintainer to track what is going on.

If such a modular source package (foo) builds a number of different
binary packages, how is the checker to know whether binary package bar,
linking against libfoo-with-baz is any different to linking against
libfoo-without-baz other than relying on the package names? Licence
incompatibilities between source packages are not the issue, AFAICT, if
only because the offending source code might not actually be being
compiled; incompatible licences between binaries linked at runtime are
the problem.

I'm not sure that any proposed format of debian/copyright would allow a
checker to be at all certain that a particular .so from package foo has
a compatible licence with a particular .so from package bar where both
foo and bar include multiple libraries, multiple binaries and multiple
linkages at build time. (debian/libfoo.copyright is a separate idea
with different problems, see later.)

Yes, the checker might be able to say that source package foo contains
code under licence A and source package bar contains code under licence
B and that a certain conflict might result but whether that is a real
problem or not still depends on exactly how the relevant code is
compiled and linked - something that can change much more frequently
than the licences themselves.

This is the problem with licensecheck - it relies on the source and
cannot hope to understand how the source becomes a binary.

I fear that such a checker would be very misleading and cause
unnecessary work dealing with the 'bugs' that could result.

(relocating from the end of Steve's message)
 Well, aside from the section header, nothing in Debian Policy actually says
 you need to have a per-source debian/copyright file; and you certainly can
 have separate per-binary copyright files in your package that get installed
 individually if you choose, there's nothing that prevents you from doing
 that even though it's clearly not common practice today.

Can't help thinking that the packages that would benefit from
debian/libfoo.copyright are the very ones where maintaining that file
will make the idea rather unappealing due to the issues above. However,
it is something I hadn't considered and there could be some mileage in
that for some packages, especially those with different licences for
the API documentation. It could make the main debian/copyright file
much cleaner and easier to read for a small number of packages.

I'm still not convinced that machine-parseable formats are genuinely
useful or maintainable and I feel that machine-parseable
requirements inevitably impair human readability of copyright files.
That's not a win, AFAICT.

 Please don't reply with arguments why this isn't enough reason to make
 maintainers do extra work.  I'm not trying to make any maintainers do extra
 work; I'm pointing out reasons why having a consistent and machine-parseable
 copyright format is useful, which is the question that was asked.  That
 benefit is there even if only a subset of maintainers opt to use a
 machine-parseable format; but given that there is 

Re: Sponsorship requirements and copyright files

[Rene Engelhard]

Giacomo A. Catenazzi wrote:
 Joerg Jaspert wrote:
 The real problem here is that FTP masters require the list of copyright
 holders to be up-to-date each time the package goes through NEW.
 Whatever justification exists for this requirement, I???m starting to find
 it unacceptable. If a package has to go through NEW, it takes about
 twice as much time to update this list than to do the actual packaging
 work.
 Why is this list needed? 
 Often the license requires it.  For instance the BSD license says,
 Redistributions in binary form must reproduce the above copyright.

 *binary*

But we do distribute binaries in the debs - and debian/copyright is
not only for the source but also ends up in the deb.

Grüße/Regards,

René
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  r...@debian.org | GnuPG-Key ID: 248AEB73
   `-   Fingerprint: 41FA F208 28D4 7CA5 19BB  7AD9 F859 90B0 248A EB73


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Giacomo A. Catenazzi]

Rene Engelhard wrote:

Giacomo A. Catenazzi wrote:

Joerg Jaspert wrote:

The real problem here is that FTP masters require the list of copyright
holders to be up-to-date each time the package goes through NEW.
Whatever justification exists for this requirement, I???m starting to find
it unacceptable. If a package has to go through NEW, it takes about
twice as much time to update this list than to do the actual packaging
work.
Why is this list needed? 

Often the license requires it.  For instance the BSD license says,
Redistributions in binary form must reproduce the above copyright.

*binary*


But we do distribute binaries in the debs - and debian/copyright is
not only for the source but also ends up in the deb.


Yes, or better debian/copyright is *only* for the binary [1].
The sources have the original license files and all legal notices
in the right place. Debian source format don't allow to remove
legal notices (but recreating the orig.tar).
Note: a insane developer could remove it in diff, but the
original notice is still distributed in the orig.tar.

The point was: we are mixing sources requirements (the part you did not
quoted) with binary requirement (the quoted part).

[1] Note: I did not write the license of binary. It is fine
to document all sources licenses, as an additional information for
the *binary*, but sources-only requirements are not necessary in
binary packages.

ciao
cate


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Tue, Mar 24, 2009 at 10:38:47AM +, Neil Williams wrote:
 I'm still not convinced that machine-parseable formats are genuinely
 useful or maintainable and I feel that machine-parseable
 requirements inevitably impair human readability of copyright files.
 That's not a win, AFAICT.

Don't use it then, I guess.

As Steve pointed out, we're working an a format that people can use voluntarily
if they wish. We are not suggesting that this format become mandatory at this
stage, at least not until it had seen widespread adoption. As someone who's been
maintaining several packages with this format for over a year, I am pleased to
tell you that I find it very useful and easily maintainable. YMMV, of course.

 Is it really useful to have only a subset of packages using the format?
 Isn't only going to be the small packages that have no particular
 licence problems that would adopt it because it's almost trivial to do
 so? Unless maintainers of complex packages or packages where licence
 problems are likely (those that need exceptions added to the GPL etc.)
 can implement the format cleanly, is there really any benefit?

You are using the Nirvana Fallacy in your argument.

Even if only one person finds the format helpful, there has been benefit. For
every additional person who finds this format helpful, even more benefit is had,
and each packages shares a consistent, readable, and parseable structure.

 There are elements of the format that aid human readability but making
 the format completely machine-parseable means making allowances for so
 many ifs and buts that the copyright files become only readable by
 machine.

Of course, this is not true. What a peculiar thing to say.

The format proposal follows debian/control, and is quite simple in structure.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Neil Williams codeh...@debian.org writes:

 Is it really useful to have only a subset of packages using the
 format? Isn't only going to be the small packages that have no
 particular licence problems that would adopt it because it's almost
 trivial to do so? Unless maintainers of complex packages or packages
 where licence problems are likely (those that need exceptions added
 to the GPL etc.) can implement the format cleanly, is there really
 any benefit?

Let's try it and find out.

-- 
 \ “If nothing changes, everything will remain the same.” —Barne's |
  `\   Law |
_o__)  |
Ben Finney


pgp2Zf7ktYiF4.pgp
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Sun, Mar 22 2009, Russ Allbery wrote:

 Neil Williams codeh...@debian.org writes:

 We also need clarity on why debian/copyright should have a higher level
 of scrutiny than the upstream itself. Debian does not hold copyright on
 most upstream source packages, why do we second-guess upstream teams?

 It's worth noting here that most upstreams distribute only source, and
 hence rely on the fact that the source carries the licenes and the
 copyright statement and they don't have to do anything special with it.
 When we compile that software and distribute only the binaries as a
 separate package, we've stripped off, say, a BSD license statement and its
 corresponding copyright statement from where upstream put it, and we do,
 under the license, have to preserve that somewhere in our derived work,
 including the corresponding copyright notice.  If upstream has a bunch of
 files under various varients of the BSD license, we are required by those
 licenses to preserve all of those notices in the binary package.

 This much is a very valid point which I was vaguely aware of but hadn't
 really thought about before this thread.

,
| 2. Redistributions in binary form must reproduce the above copyright
|notice, this list of conditions and the following disclaimer in the
|documentation and/or other materials provided with the distribution.
`

Do we ever distribute just the binary on our archives?  That
 would be illegal, yes. But, if in the *other materials* we distribute
 is the source tar ball, we a re all OK.

I think we have source areas of the archive, we have source CD
 iso's, we provide ways to get said other materials via apt-get
 source, and so we are all covered. There is not real reason to add all
 that into debian/copyright just to cater to the BSD license excerpted
 above. 

manoj
-- 
It is impossible to defend perfectly against the attack of those who
want to die.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Emilio Pozuelo Monfort]

Manoj Srivastava wrote:
 On Sun, Mar 22 2009, Russ Allbery wrote:
 
 Neil Williams codeh...@debian.org writes:

 We also need clarity on why debian/copyright should have a higher level
 of scrutiny than the upstream itself. Debian does not hold copyright on
 most upstream source packages, why do we second-guess upstream teams?
 It's worth noting here that most upstreams distribute only source, and
 hence rely on the fact that the source carries the licenes and the
 copyright statement and they don't have to do anything special with it.
 When we compile that software and distribute only the binaries as a
 separate package, we've stripped off, say, a BSD license statement and its
 corresponding copyright statement from where upstream put it, and we do,
 under the license, have to preserve that somewhere in our derived work,
 including the corresponding copyright notice.  If upstream has a bunch of
 files under various varients of the BSD license, we are required by those
 licenses to preserve all of those notices in the binary package.

 This much is a very valid point which I was vaguely aware of but hadn't
 really thought about before this thread.
 
 ,
 | 2. Redistributions in binary form must reproduce the above copyright
 |notice, this list of conditions and the following disclaimer in the
 |documentation and/or other materials provided with the distribution.
 `
 
 Do we ever distribute just the binary on our archives?  That
  would be illegal, yes. But, if in the *other materials* we distribute
  is the source tar ball, we a re all OK.
 
 I think we have source areas of the archive, we have source CD
  iso's, we provide ways to get said other materials via apt-get
  source, and so we are all covered. There is not real reason to add all
  that into debian/copyright just to cater to the BSD license excerpted
  above. 

And even if it was, there are binary packages whose /usr/share/doc/$pkg is a
symlink, so they have no copyright. Which is another reason why we don't it, at
least in the general case.

Emilio



signature.asc
Description: OpenPGP digital signature

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Manoj Srivastava sriva...@debian.org writes:

 ,
 | 2. Redistributions in binary form must reproduce the above copyright
 |notice, this list of conditions and the following disclaimer in the
 |documentation and/or other materials provided with the distribution.
 `

 Do we ever distribute just the binary on our archives?  That
  would be illegal, yes. But, if in the *other materials* we distribute
  is the source tar ball, we a re all OK.

Are we allowed to consider the source package materials we provide with
the distribution?  I was under the impression that we were not.  (The GPL
requirement, which I know we do satisfy, is somewhat weaker.)

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Emilio Pozuelo Monfort po...@ubuntu.com writes:

 And even if it was, there are binary packages whose /usr/share/doc/$pkg
 is a symlink, so they have no copyright.

All such binaries have a hard dependency on a package that does include
copyright, but that's a good point.  I don't know if legally that hard
dependency is stronger than the co-distribution of source packages in the
same archive area.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Bill Allombert]

On Tue, Mar 24, 2009 at 11:47:37AM +0100, Rene Engelhard wrote:
 Giacomo A. Catenazzi wrote:
  Joerg Jaspert wrote:
  The real problem here is that FTP masters require the list of copyright
  holders to be up-to-date each time the package goes through NEW.
  Whatever justification exists for this requirement, I???m starting to 
  find
  it unacceptable. If a package has to go through NEW, it takes about
  twice as much time to update this list than to do the actual packaging
  work.
  Why is this list needed? 
  Often the license requires it.  For instance the BSD license says,
  Redistributions in binary form must reproduce the above copyright.
 
  *binary*
 
 But we do distribute binaries in the debs - and debian/copyright is
 not only for the source but also ends up in the deb.

Actually, Policy does not make mandatory for the .deb file to contain
a copyright file at all:

 `/usr/share/doc/package' may be a symbolic link to another directory
 in `/usr/share/doc' only if the two packages both come from the same
 source and the first package Depends on the second.[2]

(I am not a fan of this particular paragraph of Policy, but that is
irrelevant, and there is a number of packages taking advantage of that)

Policy also allows package to refer to /usr/share/common-licenses (part of
base-files) for actual license texts (for a limited set of license).

So we already allow packages to reference other packages for license
informations. Binary package referencing its source package for detailed
license information is not quite a stretch.

Cheers,
-- 
Bill. ballo...@debian.org

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Mike O'Connor]

On Tue, Mar 24, 2009 at 01:32:40PM -0700, Russ Allbery wrote:
 Emilio Pozuelo Monfort po...@ubuntu.com writes:
 
  And even if it was, there are binary packages whose /usr/share/doc/$pkg
  is a symlink, so they have no copyright.
 
 All such binaries have a hard dependency on a package that does include
 copyright, but that's a good point. 

And all such symlinks are on another binary from the same source. (see
policy 12.3)

stew


signature.asc
Description: Digital signature

Re: Sponsorship requirements and copyright files

[Steve Langasek]

On Tue, Mar 24, 2009 at 09:19:36PM +0100, Bill Allombert wrote:
  But we do distribute binaries in the debs - and debian/copyright is
  not only for the source but also ends up in the deb.

 Actually, Policy does not make mandatory for the .deb file to contain
 a copyright file at all:

  `/usr/share/doc/package' may be a symbolic link to another directory
  in `/usr/share/doc' only if the two packages both come from the same
  source and the first package Depends on the second.[2]

 (I am not a fan of this particular paragraph of Policy, but that is
 irrelevant, and there is a number of packages taking advantage of that)

 Policy also allows package to refer to /usr/share/common-licenses (part of
 base-files) for actual license texts (for a limited set of license).

 So we already allow packages to reference other packages for license
 informations. Binary package referencing its source package for detailed
 license information is not quite a stretch.

There are some material differences that we should be sure of before
blessing such a change in policy.  So far, the exceptions preserve the
invariant that if the package is installed, the license is present in
/usr/share/doc/package/copyright or in a file referenced by that file.  If
we allow the license for our binary packages to be shipped in the source
only, then:

- Users who receive Debian preinstalled from the manufacturer will not have
  a copy of the license.
- Users who receive Debian as binary-only media with an offer to provide
  source upon request will not have a copy of the license.
- There will be a greater number of exceptions to the rule regarding what
  must be included in debian/copyright (since there are some licenses that
  do require specific information shipped with the binaries, and some that
  don't), bringing an increased risk of bugs.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Noah Slater wrote:

 On Tue, Mar 24, 2009 at 10:38:47AM +, Neil Williams wrote:
 I'm still not convinced that machine-parseable formats are genuinely
 useful or maintainable and I feel that machine-parseable
 requirements inevitably impair human readability of copyright files.
 That's not a win, AFAICT.

 Don't use it then, I guess.

 As Steve pointed out, we're working an a format that people can use
 voluntarily if they wish. We are not suggesting that this format
 become mandatory at this stage, at least not until it had seen
 widespread adoption.

At this stage? If you are not willing to listen to feedback,
 that had better be never.  If the intent is for this to be broadly
 adopted, the specification should be fixed as early as possible, and we
 should not adopt a flawed specification inder the guise that it is
 currently voluntary. Frankly, I think that the spec should have
 optional parts, and parts we need, and we should try to come to an
 consensus on the required part of the spec, and the optional parts
 should be clearly outlined in the specification.


 Even if only one person finds the format helpful, there has been
 benefit. For every additional person who finds this format helpful,
 even more benefit is had, and each packages shares a consistent,
 readable, and parseable structure.

Nice sound bite. But a spec or a standard's big value comes if
 it is fixed to be widely accepted, even if it means that some parts of
 the standard are optional.

manoj
-- 
Westheimer's Discovery: A couple of months in the laboratory can
frequently save a couple of hours in the library.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Russ Allbery wrote:

 Manoj Srivastava sriva...@debian.org writes:

 ,
 | 2. Redistributions in binary form must reproduce the above copyright
 |notice, this list of conditions and the following disclaimer in the
 |documentation and/or other materials provided with the distribution.
 `

 Do we ever distribute just the binary on our archives?  That
  would be illegal, yes. But, if in the *other materials* we distribute
  is the source tar ball, we a re all OK.

 Are we allowed to consider the source package materials we provide with
 the distribution?  I was under the impression that we were not.  (The GPL
 requirement, which I know we do satisfy, is somewhat weaker.)

Debian can. But that is not being very nice to people who
 preinstall debian on machines, or who just distribute the binary CD's
 only.

So, I am not opposed to people adding whatever they want to to
 the copyright file, but it is not, I think, a _requirement_ that we do
 so. We may want to do so to be nice to a subset of our downstream.
 There is a trade off involved in this trying to be nice to some
 downstreams and the time it takes away from working on actual problems
 in the package that affect _all_ downstream users. I'm happy to let my
 peer DD's determine where the line ought to be drawn for their
 packages. 

Also, I think if we are packaging something an upstream
 provides in binary form as well, we cna just look at what the binary
 package contains in terms of a copyright notice for a guideline.

manoj
-- 
The worst part of having success is trying to find someone who is happy
for you. Bette Midler
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Tue, Mar 24, 2009 at 04:26:43PM -0500, Manoj Srivastava wrote:
 At this stage? If you are not willing to listen to feedback,
  that had better be never.  If the intent is for this to be broadly
  adopted, the specification should be fixed as early as possible, and we
  should not adopt a flawed specification inder the guise that it is
  currently voluntary. Frankly, I think that the spec should have
  optional parts, and parts we need, and we should try to come to an
  consensus on the required part of the spec, and the optional parts
  should be clearly outlined in the specification.

We have been listening to feedback and commentary on the draft proposal for over
a year now, responding and modifying things as appropriate. That process broke
down some time ago, so we have opened dialogues on various mailing lists, and we
are starting DEP 5 to gather feedback.

 Nice sound bite. But a spec or a standard's big value comes if
  it is fixed to be widely accepted, even if it means that some parts of
  the standard are optional.

I hope that you will contribute your opinion when DEP 5 has a draft to review.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Noah Slater wrote:


 Nice sound bite. But a spec or a standard's big value comes if
  it is fixed to be widely accepted, even if it means that some parts of
  the standard are optional.

 I hope that you will contribute your opinion when DEP 5 has a draft to
 review. 

I am expressing my opinion now, on a mailing list devoted to
 debian development.  I have not been keeping up witht eh bureaucratic
 rigmarole that seems to be being wrapped around discussions, not after
 we got the notice that there was a topic to be discussed, but we should
 not discuss it since the red-tape software was broken.

Whoever is drafting the draft ought to be paying attention to
 the feedback being generated now,  and create a better draft to start
 with.

manoj
-- 
New Hampshire law forbids you to tap your feet, nod your head, or in any
way keep time to the music in a tavern, restaurant, or cafe.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Bill Allombert bill.allomb...@math.u-bordeaux1.fr writes:

 So we already allow packages to reference other packages for license
 informations.

With the important requirement that the referenced package that
contains the license information must also be installed on every
system where the referring package is installed (because of a
‘Depends’ relationship).

 Binary package referencing its source package for detailed license
 information is not quite a stretch.

Since this loses the above relationship, it's a stretch too far. I
consider it vital that *every* recipient of the package can easily
find out the license terms, and that's best satisfied by having them
installed as a predictably-located file along with the package in
every instance.

-- 
 \ “Pinky, are you pondering what I'm pondering?” “I think so, |
  `\  Brain, but what if the hippopotamus won't wear the beach |
_o__)   thong?” —_Pinky and The Brain_ |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Tue, Mar 24, 2009 at 05:50:26PM -0500, Manoj Srivastava wrote:
 I am expressing my opinion now, on a mailing list devoted to
  debian development.  I have not been keeping up witht eh bureaucratic
  rigmarole that seems to be being wrapped around discussions, not after
  we got the notice that there was a topic to be discussed, but we should
  not discuss it since the red-tape software was broken.

You used to be project secretary, and I am only a humble new maintainer.

Seems a bit weird to be criticising the Debian way of doing things like this.

 Whoever is drafting the draft ought to be paying attention to
  the feedback being generated now,  and create a better draft to start
  with.

Of course we are. :)

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Manoj Srivastava sriva...@debian.org writes:

 At this stage? If you are not willing to listen to feedback,
  that had better be never.

Feedback on the machine-parseable copyright specification is openly
solicited (though it is currently inefficiently gathered and
processed, and that needs to be addressed) and has driven the entire
formation of the specification to date.

 If the intent is for this to be broadly adopted, the specification
 should be fixed as early as possible, and we should not adopt a
 flawed specification inder the guise that it is currently
 voluntary.

I don't see what you're saying with this. Are you saying that it
should not be adopted by *anyone* to see how it works, until it
becomes mandatory? Or is there some specific “we” you're thinking
of?

Surely it's necessary for the specification to actually be implemented
in various real circumstances (which I can only see as meeting the
definition of “adopted” by those who choose to use it), to find and
fix the wrinkles *before* making it mandatory.

 Frankly, I think that the spec should have optional parts, and parts
 we need, and we should try to come to an consensus on the required
 part of the spec, and the optional parts should be clearly outlined
 in the specification.

Yes. I don't know anyone interested in this specification who has
proposed otherwise.

-- 
 \ “I have had a perfectly wonderful evening, but this wasn't it.” |
  `\ —Groucho Marx |
_o__)  |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Noah Slater wrote:

 On Tue, Mar 24, 2009 at 05:50:26PM -0500, Manoj Srivastava wrote:
 I am expressing my opinion now, on a mailing list devoted to
  debian development.  I have not been keeping up witht eh
  bureaucratic rigmarole that seems to be being wrapped around
  discussions, not after we got the notice that there was a topic to
  be discussed, but we should not discuss it since the red-tape
  software was broken.

 You used to be project secretary, and I am only a humble new maintainer.

 Seems a bit weird to be criticising the Debian way of doing things like this.

Oh, yes; you obviously know far better than I the Debian way of
 doing this.  And it happens to be *not* discussing it on debian-devel?

manoj
-- 
union, n.: A dues-paying club workers wield to strike management.
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Tue, Mar 24 2009, Ben Finney wrote:

 Manoj Srivastava sriva...@debian.org writes:

 At this stage? If you are not willing to listen to feedback,
  that had better be never.

 Feedback on the machine-parseable copyright specification is openly
 solicited (though it is currently inefficiently gathered and
 processed, and that needs to be addressed) and has driven the entire
 formation of the specification to date.

 If the intent is for this to be broadly adopted, the specification
 should be fixed as early as possible, and we should not adopt a
 flawed specification inder the guise that it is currently
 voluntary.

 I don't see what you're saying with this. Are you saying that it
 should not be adopted by *anyone* to see how it works, until it
 becomes mandatory? Or is there some specific “we” you're thinking
 of?

If the spec is being bruited under the understanding that the
 flaws do not matter, only people who like it will adopt it, flaws and
 all, and at some later date it shall be made into policy (by somehow
 magically getting widely adopted), there is a logc flaw in there
 somewhere. 

So answering criticism of the current spec with well, it is not
 going to be policy any time soon, so just urn your attention elsewhere
 seems a little --- suboptimal.  If that is not the intent, why answer
 criticisms of the unviability of the current mechanism with Oh, it is
 not going to be policy anytime soon?

 Surely it's necessary for the specification to actually be implemented
 in various real circumstances (which I can only see as meeting the
 definition of “adopted” by those who choose to use it), to find and
 fix the wrinkles *before* making it mandatory.

There are wrinkles being pointed out already. One deas not need
 to eat the egg to know it is rotten. Ignoring what people are pointing
 out as major drawbacks, or dismissing these issues with well, you
 don't have to adopt it then rather than trying to fix it, leads to
 partial adoption of a bad spec.

manoj
-- 
If Machiavelli were a hacker, he'd have worked for the CSSG. Phil
Lapsley
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Steve McIntyre]

Noah Slater wrote:
On Tue, Mar 24, 2009 at 05:50:26PM -0500, Manoj Srivastava wrote:
 I am expressing my opinion now, on a mailing list devoted to
  debian development.  I have not been keeping up witht eh bureaucratic
  rigmarole that seems to be being wrapped around discussions, not after
  we got the notice that there was a topic to be discussed, but we should
  not discuss it since the red-tape software was broken.

You used to be project secretary, and I am only a humble new maintainer.

Seems a bit weird to be criticising the Debian way of doing things like this.

I'm curious... What do you think *is* the Debian way of doing things
like this ?

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
Because heaters aren't purple! -- Catherine Pitt


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Wed, Mar 25, 2009 at 12:39:46AM +, Steve McIntyre wrote:
 I'm curious... What do you think *is* the Debian way of doing things
 like this ?

Manoj's email strongly implied that a DEP was needless bureaucracy.

I'm hardly likely to argue with you about what constitutes the Debian way, but
considering we've let a proposal stew on a wiki for over a year, have taken some
discussion over to the mailing list and are now working on a DEP, I find it very
confusing that it should be considered that we are somehow abusing the process.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Manoj Srivastava sriva...@debian.org writes:

 On Tue, Mar 24 2009, Ben Finney wrote:
 
 If the spec is being bruited under the understanding that
  the flaws do not matter

Who's doing that? Of course the flaws matter.

 So answering criticism of the current spec with well, it is not
  going to be policy any time soon, so just urn your attention elsewhere

If you got that impression, I can only say I don't think it's
accurate. Try this:

The machine-parseable copyright format is still in draft form and is
not currently mandatory, so no-one is forced to use it.

Those who don't like the form it's currently in are welcome to discuss
it, once the discussion moves to a forum more amenable to actually
building on what is discussed. I believe this is in progress with a
DEP under way.

Those who don't like the very *idea* of a machine-parseable format for
‘debian/copyright’ apparently exist, but I don't understand their
position yet :-)

 There are wrinkles being pointed out already.

Sure. I eagerly await the appearance of the DEP so the discussion can
properly get underway; as it is, this is currently far more heat than
light.

-- 
 \  “What we usually pray to God is not that His will be done, but |
  `\   that He approve ours.” —Helga Bergold Gross |
_o__)  |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Scott Kitterman]

On Wed, 25 Mar 2009 13:22:04 +1100 Ben Finney ben+deb...@benfinney.id.au 
wrote:
...
Those who don't like the very *idea* of a machine-parseable format for
 .debian/copyright  apparently exist, but I don't understand their
position yet :-)

I'd be one of those.

Whenever you add new structural rules on a file it creates more things one 
needs to know, more things to get wrong, and more work.  This is inevitable.

To counter this, I see some very minor potential benefit.  IANADD, so I 
don't get a vote, but if I did, I'd be against it.

The cost/benefit ratio of the proposal is certainly open to reasonably 
varying opinions, so I don't expect arguing over different perceptions to 
have a lot of benefit.  I do think it's worth (once) pointing out why I 
don't like the concept.

I'll convert my packages when it's required by policy.

Scott K


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Ben Finney]

Scott Kitterman deb...@kitterman.com writes:

 On Wed, 25 Mar 2009 13:22:04 +1100 Ben Finney ben+deb...@benfinney.id.au 
 wrote:
 ...
 Those who don't like the very *idea* of a machine-parseable format
 for .debian/copyright ? apparently exist, but I don't understand
 their position yet :-)
 
 I'd be one of those.

Thank you for your explanation; after reading it, I would not actually
classify your position as stated above :-)

 Whenever you add new structural rules on a file it creates more
 things one needs to know, more things to get wrong, and more work.
 This is inevitable.

Yes.

 To counter this, I see some very minor potential benefit. IANADD, so
 I don't get a vote, but if I did, I'd be against it.

Okay, so it's not that you're against having a machine-parseable
format for the file, but that you don't yet see that the benefit
outweighs the cost.

 The cost/benefit ratio of the proposal is certainly open to
 reasonably varying opinions, so I don't expect arguing over
 different perceptions to have a lot of benefit. I do think it's
 worth (once) pointing out why I don't like the concept.

As I understand your position, it's not the concept that you don't
like, but your perception of the cost:benefit ratio. Is that a fair
restatement?

 I'll convert my packages when it's required by policy.

Okay. Certainly I would hope there will be demonstrable (as opposed to
the merely potential) benefits to such a format, before anyone
considers making it mandatory.

-- 
 \ “I wrote a song, but I can't read music so I don't know what it |
  `\is. Every once in a while I'll be listening to the radio and I |
_o__)say, ‘I think I might have written that.’” —Steven Wright |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Scott Kitterman]

On Wed, 25 Mar 2009 15:44:20 +1100 Ben Finney ben+deb...@benfinney.id.au 
wrote:
Scott Kitterman deb...@kitterman.com writes:

 On Wed, 25 Mar 2009 13:22:04 +1100 Ben Finney 
ben+deb...@benfinney.id.au 
 wrote:
 ...
 Those who don't like the very *idea* of a machine-parseable format
 for .debian/copyright ? apparently exist, but I don't understand
 their position yet :-)
 
 I'd be one of those.

Thank you for your explanation; after reading it, I would not actually
classify your position as stated above :-)

 Whenever you add new structural rules on a file it creates more
 things one needs to know, more things to get wrong, and more work.
 This is inevitable.

Yes.

 To counter this, I see some very minor potential benefit. IANADD, so
 I don't get a vote, but if I did, I'd be against it.

Okay, so it's not that you're against having a machine-parseable
format for the file, but that you don't yet see that the benefit
outweighs the cost.

Yes.  I'm against adding requirements for work with a negative value.

 The cost/benefit ratio of the proposal is certainly open to
 reasonably varying opinions, so I don't expect arguing over
 different perceptions to have a lot of benefit. I do think it's
 worth (once) pointing out why I don't like the concept.

As I understand your position, it's not the concept that you don't
like, but your perception of the cost:benefit ratio. Is that a fair
restatement?

Yes, but given that I see the potential benefit (so far) as close to nil, 
I'm not particularly expecting this to change.  There may be some great use 
case that really suprises me, but I'm not seeing it so far.

 I'll convert my packages when it's required by policy.

Okay. Certainly I would hope there will be demonstrable (as opposed to
the merely potential) benefits to such a format, before anyone
considers making it mandatory.

There are also inherent negatives to adding more strctural requirments.  
One that particularly concerns me about this one is that it adds to the 
mountain of stuff new developers have to learn.  It's hard enough to teach 
people to accurately get all the currently required elements into 
debian/copyright that I don't relish adding to it No, that can't be a 
dash, it has to be a colon types of issues.

In Debian (and Ubuntu) it's not rare for me to see enthusiastic new 
contributors get discouraged and give up over the existing mountain of 
requirements.  I don't like adding more without a really good reason (yes, 
I know this isn't required anytime soon, but to be truly effective it will 
have to be eventually).

I hope that clarifies my perspective.

Scott K


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Giacomo A. Catenazzi]

Joerg Jaspert wrote:

The real problem here is that FTP masters require the list of copyright
holders to be up-to-date each time the package goes through NEW.
Whatever justification exists for this requirement, I???m starting to find
it unacceptable. If a package has to go through NEW, it takes about
twice as much time to update this list than to do the actual packaging
work.
Why is this list needed? 

Often the license requires it.  For instance the BSD license says,
Redistributions in binary form must reproduce the above copyright.


*binary*


Even the GPL tells you to. § 4. Conveying Verbatim Copies (which is then
mentioned in the source/binary paragraphs):
--8schnipp-8---
  You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
--8schnapp-8---


*source code* (BTW the section about distribution of unmodified sources).

so not for debian/copyright

ciao
cate


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Mike Hommey]

On Sat, Mar 21, 2009 at 12:49:12PM -0700, Russ Allbery wrote:
 Jonas Meurer jo...@freesources.org writes:
  On 21/03/2009 Mike Hommey wrote:
  On Sat, Mar 21, 2009 at 03:58:34PM +0100, Joerg Jaspert wrote:
 
  Honestly, if you cant deal with listing the Authors/(C) holders - dont
  maintain a package. It is not much work to list them. (It might be a
  lot of work using the new format, but noone *requires* this format,
  especially not ftpmaster. It has *no* gain for us at all, we couldnt
  care less if you use it or not).
 
  You win.
 
  I hereby orphan xulrunner and iceape. As for iceweasel and webkit,
  there is a comaintainer on both, so that's up to them.
 
  I cannot believe that. Despite deeply appreciating your decision, it
  makes me very sad to see another complex and important package losing
  its competent and valuable maintainer.
 
  Joerg, please don't you see the consequences of your harsh discussion
  style? I've quite the feeling that with getting more and more important
  within debian you get more and more authoritarian as well.  sorry for
  these straight words. it's not that i wouldn't appreciate your valuable
  work for debian, but please refrain from exploiting the power you got.
 
 Personally, I'm rather annoyed at both of them.  There are people in the
 project who are willing to invest time and energy into finding mutually
 agreeable solutions and talking through problems, but if people explode as
 soon as the discussion gets heated and make drastic decisions before
 anyone even has a chance to mediate, what's the point?

In the context of the current discussion, and in the context of my
current work, I *do* have a good reason to explode, *now*.

I just started to work on xulrunner 1.9.1, which will require an upload
through NEW, and I now know that ftpmasters will REJECT the package on
grounds of the debian/copyright file not containing copyright holders
names, nor containing precise licensing information per file. And if
they wouldn't reject it, then that would be pretty lame double-standards.

I'm actually glad it happened now, before I spend tens of hours on that
work.

I do hope things will change, but until then, don't count on me for
anything related to big packages. That will finally give me some time
to finish those zfs-fuse packages...

Mike


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Andrew McMillan]

On Sun, 2009-03-22 at 03:34 +, Noah Slater wrote:
 On Sat, Mar 21, 2009 at 08:07:23PM -0700, Russ Allbery wrote:
  NEW rejections are even stronger than an RC bug.  Apart from questions of
  whether that's useful documentation for users, I have a hard time seeing
  either of your reasons stated above as being RC-level bugs.
 
 You don't think that possible DFSG problems are RC bugs? :/

Do you mean as in guilty until proven innocent?

Cheers,
Andrew.

andrew (AT) morphoss (DOT) com+64(272)DEBIAN
  You are fairminded, just and loving.




-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Sun, 22 Mar 2009 02:53:51 +
Noah Slater nsla...@tumbolia.org wrote:

 On Sat, Mar 21, 2009 at 09:42:35AM -0500, Manoj Srivastava wrote:
  Why do they have to? I know, the ftp team made it up. But there
   is no reason in policy or in copyright law for such copying to
   occur. But it would be nice to know why it is needed.
 
 I can think of a few desirable reasons:
 
   * To show the FTP masters that they have thoroughly checked the licensing.
 
   * To provide concise information for our users.

That does not need a complete list, it merely needs a statement that
this has been done. Either way, the result has to be taken on trust
unless someone else spends the time to verify the result for each
package upload - that is where the workload becomes an issue. People
are complaining because these wishlist problems are being elevated to a
severity higher than RC in packages that have thousands of contributors
and where even upstream probably doesn't know exactly how many exist.
What matters is not missing out any licences, missing out a few names
and email addresses is minor.

How many users are ever going to want this information *duplicating
anything already in the source package*?? How many of those users are
only complaining because it is their name that got left out? Is their
vanity sufficiently important to block acceptance of the entire
package? If there is an AUTHORS file in the source package and the
debian packaging has a clear attribution, why is it necessary to list
everyone else? It's a bug in the source package if it is a problem at
all. (And if anyone files a bug like that against one of my source
packages, it will be wishlist severity and no higher. I may even ignore
it for a few upstream releases just to make the point.)

Besides, various packages already include a statement like and anyone
else I've forgotten in the AUTHORS file.

I try to cover everyone in small to medium sized packages - it is just a
nice thing to do but it is no more than that. Being nice to people does
not require listing thousands and having packages REJECTED because one
got missed - that isn't being nice to the maintainer. 

Actually, as this is a signed document verifiable as coming from
me, I might as well state that if any package contains material that
is under my copyright but has left my copyright details out of
debian/copyright by accident or by intent, then that is fine, don't
worry about it. If you feel like adding it later, that's fine by me. I
will not make any list that attempts to be a complete list of projects
in which I may have material under my copyright because I'm not sure I
could remember (but it's not that many). If there is a statement
somewhere in the source to the effect that the copyright includes other
contributors whose names may have been forgotten, then I consider that
as acceptable. However, if any package containing material under my
copyright tries to change the licence or misses out the licence details
or wilfully violates the licence or deliberately removes from the
source code a copyright notice that I have manually inserted at an
earlier date, then I reserve the right to insist on such an issue being
fixed.

I would expect that a lot of upstream contributors would feel similarly
- retain the listings that the copyright holder has made themselves
but do not assume that the copyright holder requires such attributions
to be duplicated anywhere else.

That is the rub - what matters are licences and licences are only
enforceable by the copyright holders. As long as there is one copyright
holder who is able to pursue licence violations then the list of
copyright holders is sufficient.

So why do we insist on names and email addresses? The only possible
reason I can see is that Debian wants to be able to relicence stuff and
needs to constantly retain an impossibly ambitious list of copyright
holders that is self-evidently incomplete, just in case one of the
thousands of source packages needs to be relicenced and we want to
contact every copyright holder. Ummm, am I the only one who thinks that
is going just a tad too far?

Yes, we had problems with iceweasel, a certain package I won't mention
and possibly other packages over time but those are individual cases
and things get sufficiently involved during those episodes that there
certainly *IS* time to thoroughly review the source code of the entire
package in question in order to ascertain what we can only hope is as
complete a list as we can manage.

IMHO it is about not getting hung up on the process but considering the
reasoning behind the process. AFAICT, there is no good reason to
document every single copyright holder but there are very good reasons
to document every applicable LICENCE.

As a sponsor, I do *not* require that every single copyright holder is
listed in debian/copyright. I *do* require that every file in the
source package has been checked for the applicable LICENCE and that all
such LICENCES are declared 

Re: Sponsorship requirements and copyright files

[Neil McGovern]

On Sun, Mar 22, 2009 at 02:47:04AM +, Noah Slater wrote:
 This has clear advantages for being able to post-process, check, search, and
 navigate copyright information using whatever tools the community decides 
 would
 be profitable.
 

I'm not quite clear as to why this is an advantage yet Currently, this
seems to have been designed to provide interfaces for future tools to
use, while not regarding whether or not people want those tools.

Could you provide a use case or two to help clarify things? The main
one I see is for an end user to look at a packages copyright file and
say 'yes, I can use it for $foo', which is a case that's detracted from
in the proposal.

Neil
-- 
blarson I use three different operating systems: Sarge, Etch, and Sid.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Sun, 22 Mar 2009 02:47:04 +
Noah Slater nsla...@tumbolia.org wrote:

 On Sat, Mar 21, 2009 at 03:58:34PM +0100, Joerg Jaspert wrote:
  Honestly, if you cant deal with listing the Authors/(C) holders - dont
  maintain a package. It is not much work to list them. (It might be a lot
  of work using the new format, but noone *requires* this format, especially
  not ftpmaster. It has *no* gain for us at all, we couldnt care less if
  you use it or not).
 
 I resent the implication in this remark. 

Then reconsider the remark. The proposed format is more work for many
overworked maintainers, it presents no clear gain for those maintainers,
it overly complicates the file and file handling. There is no point
arguing about these facts, overworked maintainers have made their
feelings clear and no amount of bleating from those supporting the
proposal will now change their minds. Only a complete restart will be
acceptable.

I, for one, would rather see the entire proposal backported to revision
50 or thereabouts and left at that. I refuse to use later revisions as
a basis for my own packages and I will not sponsor packages that, in my
own view, overly complicate debian/copyright by using this proposal as
a template for their own packages. The proposal, as it stands, is
insane and anyone recommending it needs to review the reasons for
recommending such a grandiose waste of my time.

 The copyright proposal is not complex,
 not verbose, and does not require any extra information from developers. The
 only thing it does is to mandate a machine readable format, in a similar vein 
 as
 debian/control, for whatever information you might have already been using.

No, the current proposal is overtly complex, unnecessarily verbose,
requires enormous amounts of extra time from maintainers, the proposal
itself still has no clear structure and is completely unusable. The
machine readable format is not human readable and bears no comparison
with the clarity of debian/control.

 This has clear advantages for being able to post-process, check, search, and
 navigate copyright information using whatever tools the community decides 
 would
 be profitable.

It has many clear disadvantages in wasting maintainer's time,
unnecessarily complicating a free form file and making it harder for
humans (i.e. us, the ones who need to understand copyright data in the
package) to read the data. Machine readable copyright data is not the
aim in and of itself. The aim has to be to make it easier to maintainers
to maintain debian/copyright and easier to build tools that support such
efforts. The current proposal makes that HARDER, not easier and it is
not surprising that no such tools have been devised. IMNSHO, the only
logical step for the progression of the current proposal is the
conversion of debian/copyright to a binary file that needs a parser to
be made human-readable as that illustrates just how insane the proposal
has become.

The proposal has been drowned in pointless edits and is unworthy of
further consideration, IMHO. Either backport to a point where the idea
is once again deemed sane by those maintainers who would most benefit
from tools to support updates of debian/copyright or abandon the entire
proposal as a good idea gone bad.

Maybe someone else can look at it after Squeeze and raise version 2.0
from the ashes.

-- 


Neil Williams
=
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/



pgpVfSlmID6PH.pgp
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Joerg Jaspert]

First, let me apologize for my last mail in this thread, it had been a
little too rude/harsh/direct. My fault, sorry. (We all should calm down,
flaming won't help)

On 11696 March 1977, Russ Allbery wrote:
 Joerg Jaspert jo...@debian.org writes:
 We require, and have seen nothing to convince us otherwise, that Debian
 maintainers need to do the basic work of listing each copyright holder
 in debian/copyright, as seen in the source files and AUTHORS list or
 equivalent (if any).
 So, the question being raised on this thread is why?  What purpose does
 this work serve?

Multiple, honestly. One is that there is one place where to look for
that information. Thats a minor thing, really, but one.
Then there is following Debians policy.
And then we also follow the licenses, especially those that require it.

Also, keep in mind what Mark wrote elsewhere. He asked the DPL to let
SPI get us some lawyers input on the question. Thats probably the best course.

 The argument against doing it is that it takes increased time over just
 verifying the licenses of every file and requires ongoing maintenance that
 could be spent on tasks more directly related to improving the
 software.

You do have to check every file anyway, otherwise you can't be sure
about your copyright file listing all the licenses your package
uses. And I sincerely hope noone will contest the need to list the
various licenses a package uses?

 If the argument in favor is just that Policy says something along those
 lines, well, as discussed in this thread, I want to revise that Policy
 section anyway.

Feel free to. :)

 Is the reason that you feel most licenses require preservation of the
 copyright notice and it's easier to enforce it uniformly for all copyright
 files?  Is there some other larger reason why is this important for the
 project?  (Please note that I'm not assuming that you have no reason.  I
 just don't understand, from the discussion so far, what it is.  We can't
 really have a meaningful discussion until we're all on the same page)

Yes, thats definitely part of the reason. Also, if people would look at
how NEW had been handled in the past up to now, instead of purely
exaggerating and taking actions from there, they would have found out
that we are usually pretty lenient with this enforcement. We do mention
it when we see it and whenever we do have a reject anyway, like when
people forgot to mention a license at all. Rejection solely based on
missing (C) notices might (have) happen(ed), but should be seldom and
when there are lots of them with a license requiring them.

Also, if just a small set is missing and nothing else would block
accepting the package, we quite often accept the package and send a
comment to the maintainer saying that the following couple of lines
should be added at the next upload.

-- 
bye, Joerg
Some AM after a mistake:
Sigh.  One shouldn't AM in the early AM, as it were.  grin


pgpVldCkf57Ku.pgp
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 08:13:54PM +1300, Andrew McMillan wrote:
 On Sun, 2009-03-22 at 03:34 +, Noah Slater wrote:
  On Sat, Mar 21, 2009 at 08:07:23PM -0700, Russ Allbery wrote:
   NEW rejections are even stronger than an RC bug.  Apart from questions of
   whether that's useful documentation for users, I have a hard time seeing
   either of your reasons stated above as being RC-level bugs.
 
  You don't think that possible DFSG problems are RC bugs? :/

 Do you mean as in guilty until proven innocent?

No, because that's a horrendous framing of the issue.

However, with licensing and the DFSG, things are a little different. It is our
responsibility to thoroughly check a package before we upload it, and that
usually means checking every single file. I would like to think that no one is
uploading packages with the *hope* that they are DFSG free.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sat, Mar 21, 2009 at 08:42:12PM -0700, Russ Allbery wrote:
 Could you explain to me how the lack of those two things is a possible
 DFSG problem?  I assume that this is based on the first, but that seems
 like quite a stretch to me.  The same assurance, for what good there is in
 it, could be drived from a statement in debian/copyright saying I checked
 every file in this package for DFSG licensing problems.

Okay, just to get it straight. I have made it clear that the copyright proposal
makes no pronouncements about how it should be used. We are only discussing the
orthogonal topic of how much information to include in this file, regardless of
whatever format the package uses.

I am not convinced either way, because my packages are probably relatively small
compared to some. This has been an interesting discussion primarily because we
have had the opportunity to shake out arguments from both sides.

Having said that, I am thinking that fully documenting the license of each file
provides a handy way to ensure that developers are thoroughly checking the
package for licensing problems. It is not inconceivable that we could add a
lintian check which does some fuzzy guesswork to see if it can spot any probably
missed files based on parsing the debian/copyright file. It could also prove
handy to the FTP masters who wish to check the quality of work.

 Also, no, I definitely do not think that a possible DFSG problem is an RC
 bug.  I think that an *actual* DFSG problem is an RC bug.  A possible DFSG
 problem is only a possible RC bug.  Surely this is obvious?

Sure thing. My point was that not checking every file seems like sloppy work to
me, for a distribution that places such an emphasis on licensing, and can lead
to many problems. I have been the unfortunate victim of my own laziness in this
regard, so at least I am speaking from guilty experience.

Regardless of format, caveat a machine readable format being available to
lintian for some rudimentary checks, a requirement for developers to document
the licensing checks in debian/copyright could (not would) go a long way towards
preventing DFSG problems in future uploads. Preventative measures seem a lot
better than reactionary ones in this regard.

Best,

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sat, Mar 21, 2009 at 08:45:55PM -0700, Russ Allbery wrote:
 Given that many people have already said that it is, perhaps this is the
 point where you should just accept that they're not lying to you and
 instead you're suffering from a failure of imagination?

 I know from personal experience (having done this as an experiment for
 several packages of mine, including some fairly large ones) that it is
 indeed quite a bit of extra effort.  This is for several reasons,
 including the simple fact that I read a lot faster than I type.

Sure, I accept your points, and I apologise for my sloppy wording.

Firmly in my mind is the cost/benefit of this extra effort. If we succeed in
integrating debian/copyright checks into lintian, or dpkg and it's front-ends,
it seems reasonable to imagine that this effort would be a good trade-off.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 11:35:02AM +, Neil Williams wrote:
 IMHO it is about not getting hung up on the process but considering the
 reasoning behind the process. AFAICT, there is no good reason to
 document every single copyright holder but there are very good reasons
 to document every applicable LICENCE.

 As a sponsor, I do *not* require that every single copyright holder is
 listed in debian/copyright. I *do* require that every file in the
 source package has been checked for the applicable LICENCE and that all
 such LICENCES are declared in debian/copyright along with clear
 identification of which files use which licence. Where there is a clear
 division between copyright holders and licences, I would expect that
 the sections of debian/copyright dealing with files under that licence
 specify that the files are Copyright foo rather than Copyright bar
 that applies elsewhere. If some names and / or email addresses fall
 through the gaps, so be it.

This seems entirely reasonable.

If we can include copyright holder names without much trouble then I think we
should out of courtesy, but I shouldn't imagine that it must be a requirement.
There is no reason why you couldn't adopt this approach with the proposal.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Sun, 22 Mar 2009 12:56:06 +0100
Joerg Jaspert jo...@debian.org wrote:

 First, let me apologize for my last mail in this thread, it had been a
 little too rude/harsh/direct. My fault, sorry. (We all should calm down,
 flaming won't help)

/me calms down too.
 
 On 11696 March 1977, Russ Allbery wrote:
  Joerg Jaspert jo...@debian.org writes:
  We require, and have seen nothing to convince us otherwise, that Debian
  maintainers need to do the basic work of listing each copyright holder
  in debian/copyright, as seen in the source files and AUTHORS list or
  equivalent (if any).
  So, the question being raised on this thread is why?  What purpose does
  this work serve?
 
 Multiple, honestly. One is that there is one place where to look for
 that information. Thats a minor thing, really, but one.

True, minor.

 Then there is following Debians policy.

which can be modified if necessary

 And then we also follow the licenses, especially those that require it.
 Also, keep in mind what Mark wrote elsewhere. He asked the DPL to let
 SPI get us some lawyers input on the question. Thats probably the best course.

So we need clarity on precisely which licences require the list of
copyright holders but we also need clarity on whether such requirements
mean:

1. the list of copyright holders that upstream make available in
AUTHORS or similar files, or

2. some wider list that is constantly harvested from the source code by
some means not used by upstream which may or may not include or
duplicate existing information elsewhere in the upstream source, and

3. whether the list must be absolutely and 100% complete at all
times, even if such completeness is not easily achievable.

We also need clarity on why debian/copyright should have a higher level
of scrutiny than the upstream itself. Debian does not hold copyright on
most upstream source packages, why do we second-guess upstream teams?

If there have been instances in the past, do those (presumably few
instances) warrant the imposition of unnecessary work onto all
packages? (Unnecessary in the sense that there is no evidence that the
upstream listings are actually incomplete.)

It is the expectation that debian/copyright be continuously updated
with names and email addresses independent of changes made by upstream
to files like AUTHORS that is irksome.

Is it acceptable to mimic the actual copyright holders and say:
and anyone else we might have forgotten? If not, why not?

  The argument against doing it is that it takes increased time over just
  verifying the licenses of every file and requires ongoing maintenance that
  could be spent on tasks more directly related to improving the
  software.
 
 You do have to check every file anyway, otherwise you can't be sure
 about your copyright file listing all the licenses your package
 uses. And I sincerely hope noone will contest the need to list the
 various licenses a package uses?

Agreed - except copyright holder details change *far* more frequently
than licences.

That is a key point for me. The entire source package does need to be
checked for LICENCE details, I don't think anyone disputes that. What
does become a problem is *then* requiring that after the licences are
checked, that the entire list of copyright holders is run through a
separate parsing process to work out who isn't listed in which section
of debian/copyright.

It is a separate process - it has to be if debian/copyright is to
remain sane. We can't simply copy the entire copyright section of every
source file, there has to be some form of uniqueness sorting, some
filtering of duplicates and repetition. (Upstreams have a noticeable
tendency to wrap and modify copyright statements in such ways as to
make regular expression matching across the entire set of source
packages in Debian almost impossible and frequently unreliable).

Ally that with the frequent additions of new copyright holders to some
source files and not to others and you have a vast increase in the
workload for subsequent versions, despite absolutely no changes in the
actual licences being used or to the listing of which files use which
licences.

  Is the reason that you feel most licenses require preservation of the
  copyright notice and it's easier to enforce it uniformly for all copyright
  files?  Is there some other larger reason why is this important for the
  project?  (Please note that I'm not assuming that you have no reason.  I
  just don't understand, from the discussion so far, what it is.  We can't
  really have a meaningful discussion until we're all on the same page)
 
 Yes, thats definitely part of the reason. Also, if people would look at
 how NEW had been handled in the past up to now, instead of purely
 exaggerating and taking actions from there, they would have found out
 that we are usually pretty lenient with this enforcement. We do mention
 it when we see it and whenever we do have a reject anyway, like when
 people forgot to mention a license at all. 

Re: Sponsorship requirements and copyright files

[Neil Williams]

On Sun, 22 Mar 2009 12:16:10 +
Noah Slater nsla...@tumbolia.org wrote:

 On Sun, Mar 22, 2009 at 11:35:02AM +, Neil Williams wrote:
  IMHO it is about not getting hung up on the process but considering the
  reasoning behind the process. AFAICT, there is no good reason to
  document every single copyright holder but there are very good reasons
  to document every applicable LICENCE.
 
  As a sponsor, I do *not* require that every single copyright holder is
  listed in debian/copyright. I *do* require that every file in the
  source package has been checked for the applicable LICENCE and that all
  such LICENCES are declared in debian/copyright along with clear
  identification of which files use which licence. Where there is a clear
  division between copyright holders and licences, I would expect that
  the sections of debian/copyright dealing with files under that licence
  specify that the files are Copyright foo rather than Copyright bar
  that applies elsewhere. If some names and / or email addresses fall
  through the gaps, so be it.
 
 This seems entirely reasonable.
 
 If we can include copyright holder names without much trouble then I think we
 should out of courtesy, but I shouldn't imagine that it must be a requirement.
 There is no reason why you couldn't adopt this approach with the proposal.

At last, some sanity. Thanks.

By allowing for the listings of names and email addresses to be based
on a) clear divisions between licences and b) courtesy for the rest, we
can avoid the majority of the workload for maintainers of large
packages where the licence changes infrequently but the contributors
change frequently. In the vast majority of cases, the AUTHORS file will
be packaged anyway and if a copyright holder isn't listed in AUTHORS, it
is up to the copyright holder to decide whether that is something
he/she wants to raise with upstream, not with Debian.

In practice, at least as far as my own experience, an explicit listing
in AUTHORS is *granted* by your peers in the upstream team, not
requested, usually on the basis of the scope and importance of your
contribution(s). Hence the rider at the end including anyone else not
specifically listed already.

I really do think Debian should leave such decisions to the upstream
team - we don't really have a need to add new listings to what already
exists in the upstream package and listing people who are not
considered as core developers or who upstream do not consider to
have made significant amounts of copyrighted contributions, is
pointless effort for no gain. (Other than the vanity of those people,
but then they are better off making more contributions upstream so that
they earn a listing in AUTHORS directly.)

-- 


Neil Williams
=
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/



pgpavs6DWjEBU.pgp
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 11:42:29AM +, Neil McGovern wrote:
 I'm not quite clear as to why this is an advantage yet Currently, this
 seems to have been designed to provide interfaces for future tools to
 use, while not regarding whether or not people want those tools.

 Could you provide a use case or two to help clarify things? The main
 one I see is for an end user to look at a packages copyright file and
 say 'yes, I can use it for $foo', which is a case that's detracted from
 in the proposal.

Listing the licences (not necessarily copyright holders) in a machine readable
format would allow lintian checks to be developed, and maybe even automatic
license compatibility checks to be performed.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 11:54:49AM +, Neil Williams wrote:
 Then reconsider the remark. The proposed format is more work for many
 overworked maintainers, it presents no clear gain for those maintainers,
 it overly complicates the file and file handling. There is no point
 arguing about these facts, overworked maintainers have made their
 feelings clear and no amount of bleating from those supporting the
 proposal will now change their minds. Only a complete restart will be
 acceptable.

Remember that the format can be used however we decide is best for Debian, even
if that includes the recent discussion on omitting full copyright holder
details. As a machine readable format, that allows us to potentially integrate
this into lintian, and any number of dpkg tools that might want to perform
license compatibility checks. You seem to be arguing that most people dislike
the format, perhaps as a concept and not in its current grotesque incarnation,
which I would contend given it's large, and voluntary, uptake.

 I, for one, would rather see the entire proposal backported to revision
 50 or thereabouts and left at that. I refuse to use later revisions as
 a basis for my own packages and I will not sponsor packages that, in my
 own view, overly complicate debian/copyright by using this proposal as
 a template for their own packages. The proposal, as it stands, is
 insane and anyone recommending it needs to review the reasons for
 recommending such a grandiose waste of my time.

Yes, the proposal is pretty absurd at the moment. I believe this has been
mentioned already in this thread. At some point, the benefits of the wiki
process were overshadowed by the problems it created coordinating the effort. As
a result, many of the core drivers (myself included) backed away from doing any
repair work, and have been waiting until after Lenny to restart the effort using
a proper method and mailing list for communication.

I too use an old version for my packages, because I dislike the current one.

 No, the current proposal is overtly complex, unnecessarily verbose,
 requires enormous amounts of extra time from maintainers, the proposal
 itself still has no clear structure and is completely unusable. The
 machine readable format is not human readable and bears no comparison
 with the clarity of debian/control.

I think this is going over the top, a little. But for the most part I agree.

Like we've previous stated, we do not want the current proposal evaluated. We
have plans to restart the effort, collaborating via reasoned discussion on some
mailing list, and then present a polished version for wider discussion.

The aim of this proposal, at least from my perspective, was achieving machine
readability in a similar vein to debian/control in the least possible intrusive
way. The current proposal falls short of this by a large margin. As you seem to
have considered this in some depth, it would be great to get your collaboration
when we take a hatchet to it for version 2 as you put it.

 The proposal has been drowned in pointless edits and is unworthy of
 further consideration, IMHO. Either backport to a point where the idea
 is once again deemed sane by those maintainers who would most benefit
 from tools to support updates of debian/copyright or abandon the entire
 proposal as a good idea gone bad.

 Maybe someone else can look at it after Squeeze and raise version 2.0
 from the ashes.

It seems we are in violent agreement.

Best,

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Neil McGovern]

On Sun, Mar 22, 2009 at 01:45:18PM +, Noah Slater wrote:
 On Sun, Mar 22, 2009 at 11:42:29AM +, Neil McGovern wrote:
  I'm not quite clear as to why this is an advantage yet Currently, this
  seems to have been designed to provide interfaces for future tools to
  use, while not regarding whether or not people want those tools.
 
  Could you provide a use case or two to help clarify things? The main
  one I see is for an end user to look at a packages copyright file and
  say 'yes, I can use it for $foo', which is a case that's detracted from
  in the proposal.
 
 Listing the licences (not necessarily copyright holders) in a machine readable
 format would allow lintian checks to be developed, and maybe even automatic
 license compatibility checks to be performed.
 

Perhaps this is where we're not quite seeing eye-to-eye. I know that
machine readable copyright files would allow lintian checks. But what
would those checks be, and what would be the point of them?

All I've personally seen so far is 'it makes data mining easier', which
although could be a goal in itself, doesn't improve the quality of
packages.

Neil
-- 
twb I don't see why anyone would want to cyber with a 16yo.  IME none of
them can spell, and they probably haven't had the relevant experience to
write convincing prose.  It's not like their ASCII is going to be any 
more
supple for them being sixteen.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Peter Palfrader]

On Sun, 22 Mar 2009, Noah Slater wrote:

  I'm not quite clear as to why this is an advantage yet Currently, this
  seems to have been designed to provide interfaces for future tools to
  use, while not regarding whether or not people want those tools.
 
  Could you provide a use case or two to help clarify things? The main
  one I see is for an end user to look at a packages copyright file and
  say 'yes, I can use it for $foo', which is a case that's detracted from
  in the proposal.
 
 Listing the licences (not necessarily copyright holders) in a machine readable
 format would allow lintian checks to be developed, and maybe even automatic
 license compatibility checks to be performed.

The way this process should work is that you (or somebody) writes those
tools.

Then, if DDs see that those tools are useful they will convert their
debian/copyright files to take advantage of those tools all by
themselves.  No one will have to force them.

If people don't consider those new tools useful enough to invest the
work into converting then this means that those tools probably are not
of sufficient help and no amount of proof by authority or handwaving
will change this.
-- 
   |  .''`.  ** Debian GNU/Linux **
  Peter Palfrader  | : :' :  The  universal
 http://www.palfrader.org/ | `. `'  Operating System
   |   `-http://www.debian.org/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Florian Weimer]

* Noah Slater:

 If you're telling me that the FTP masters would be happy with blanket license
 statements for a package, what is stopping you from using the existing format 
 to
 say something along the lines of:

   Files: *
   Copyright: Copyright 2008, Damien Katz dam...@apache.org
Copyright 2008, Jan Lehnardt j...@apache.org
Copyright 2008, Christopher Lenz cml...@apache.org
Copyright 2008, Noah Slater nsla...@apache.org
   License: Apache-2.0
On Debian systems the full text of the Apache License (Version 2) can be 
 found
in the `/usr/share/common-licenses/Apache-2.0' file.

Files: share/www/script/json.js
License: PD
 In the public domain.

This file does not exist.

The file NOTICE contains this hint:

| This product includes software developed at
| The Apache Software Foundation (http://www.apache.org/).

I'm wondering if this should be reflected in the copyright file (and
if the NOTICE file should be installed in the binary package, in case
the binary package ends up on different media than the sources).

I don't think this is a significant problem, but it probably means
that the machine-readable copyright file format is, in itself, not a
solution.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Romain Beauxis]

Le Sunday 22 March 2009 14:45:18 Noah Slater, vous avez écrit :
  Could you provide a use case or two to help clarify things? The main
  one I see is for an end user to look at a packages copyright file and
  say 'yes, I can use it for $foo', which is a case that's detracted from
  in the proposal.

 Listing the licences (not necessarily copyright holders) in a machine
 readable format would allow lintian checks to be developed, and maybe even
 automatic license compatibility checks to be performed.

I find it somehow ironic that you overlook the human trust between developpers 
but would follow automated test done by a machine.



Romain


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 03:47:39PM +0100, Romain Beauxis wrote:
 Le Sunday 22 March 2009 14:45:18 Noah Slater, vous avez écrit :
   Could you provide a use case or two to help clarify things? The main
   one I see is for an end user to look at a packages copyright file and
   say 'yes, I can use it for $foo', which is a case that's detracted from
   in the proposal.
 
  Listing the licences (not necessarily copyright holders) in a machine
  readable format would allow lintian checks to be developed, and maybe even
  automatic license compatibility checks to be performed.

 I find it somehow ironic that you overlook the human trust between developpers
 but would follow automated test done by a machine.

Please don't put words into my mouth.

I never said I overlooked anything, only that it might be nice to augment 
things.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 03:35:13PM +0100, Florian Weimer wrote:
 Files: share/www/script/json.js
 License: PD
  In the public domain.

 This file does not exist.

Yes, it seems the file is:

  share/www/script/jso2.js

 The file NOTICE contains this hint:

 | This product includes software developed at
 | The Apache Software Foundation (http://www.apache.org/).

 I'm wondering if this should be reflected in the copyright file (and
 if the NOTICE file should be installed in the binary package, in case
 the binary package ends up on different media than the sources).

The ASF does not take copyright assignments, so it's unimportant.

If you find problems in my packages, please file bugs.

 I don't think this is a significant problem, but it probably means
 that the machine-readable copyright file format is, in itself, not a
 solution.

I hardly see that me making a typo constitutes a failure of the format.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 02:13:20PM +, Neil McGovern wrote:
 Perhaps this is where we're not quite seeing eye-to-eye. I know that
 machine readable copyright files would allow lintian checks. But what
 would those checks be, and what would be the point of them?

I believe there has been so discussion of this already.

I invite whomever has looked at this to speak up abut their plans.

 All I've personally seen so far is 'it makes data mining easier', which
 although could be a goal in itself, doesn't improve the quality of
 packages.

But could improve the quality/utility of Debian as a whole, right?

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 03:27:46PM +0100, Peter Palfrader wrote:
 The way this process should work is that you (or somebody) writes those
 tools.

 Then, if DDs see that those tools are useful they will convert their
 debian/copyright files to take advantage of those tools all by
 themselves.  No one will have to force them.

 If people don't consider those new tools useful enough to invest the
 work into converting then this means that those tools probably are not
 of sufficient help and no amount of proof by authority or handwaving
 will change this.

Sounds like a fine idea to me.

Please note, no one is suggesting that the copyright proposal be enforced either
as it currently stands or immediately. The purpose of us rebooting the effort is
to make the existing mess sane again, and to get some tooling developed around
it exactly as you suggest.

Only then would we put it forward for proper consideration.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Florian Weimer f...@deneb.enyo.de writes:

 The file NOTICE contains this hint:

 | This product includes software developed at
 | The Apache Software Foundation (http://www.apache.org/).

 I'm wondering if this should be reflected in the copyright file (and
 if the NOTICE file should be installed in the binary package, in case
 the binary package ends up on different media than the sources).

For packages that are covered by the Apache 2.0 license, I always install
the NOTICE file in every generated binary package.  I believe this is
required by the Apache 2.0 license:

  (d) If the Work includes a NOTICE text file as part of its
  distribution, then any Derivative Works that You distribute must
  include a readable copy of the attribution notices contained
  within such NOTICE file, excluding those notices that do not
  pertain to any part of the Derivative Works, in at least one
  of the following places: within a NOTICE text file distributed
  as part of the Derivative Works; within the Source form or
  documentation, if provided along with the Derivative Works; or,
  within a display generated by the Derivative Works, if and
  wherever such third-party notices normally appear. The contents
  of the NOTICE file are for informational purposes only and
  do not modify the License. You may add Your own attribution
  notices within Derivative Works that You distribute, alongside
  or as an addendum to the NOTICE text from the Work, provided
  that such additional attribution notices cannot be construed
  as modifying the License.

I could see an argument that putting the contents of NOTICE into
debian/copyright satisfies the second possibility -- within the ...
documentation, if provided along with the Derivative works -- but I think
just installing the NOTICE file is more obviously safe.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Julien Cristau]

On Sat, 2009-03-21 at 15:58 +0100, Joerg Jaspert wrote:
 Honestly, if you cant deal with listing the Authors/(C) holders - dont
 maintain a package.

Is this you volunteering to maintain X?

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 11:35:26AM -0700, Russ Allbery wrote:
 I could see an argument that putting the contents of NOTICE into
 debian/copyright satisfies the second possibility -- within the ...
 documentation, if provided along with the Derivative works -- but I think
 just installing the NOTICE file is more obviously safe.

CouchDB should be doing a 0.9 this week, so I'll take a look. Thanks.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Sune Vuorela]

On 2009-03-22, Noah Slater nsla...@tumbolia.org wrote:
 On Sun, Mar 22, 2009 at 04:31:58AM +0100, Josselin Mouette wrote:
 Le dimanche 22 mars 2009 à 02:58 +, Noah Slater a écrit :
  Again, while the documentation of individual licenses may not be policy, 
  it is
  certainly policy for each package to be thoroughly checked for licensing 
  issues.
  As this necessarily involves looking at each file, I don't see why it 
  should be
  considered that much extra effort documenting the process.
 
  Ensuring DFSG compatibility is hardly administrative fluff.

 Please read what people write, otherwise it???s getting pretty insulting.

 No one here is questioning the importance and the usefulness of the
 licensing check.

 I don't understand the disconnect here.

 A license check must, by definition, involve each file in the package.

 As re-quoted from the quote you previously quoted:

   I don't see why it should be considered that much extra effort documenting
   the process.

 Best,

Please try it then.

take the kdelibs source package, start with taking time on how long it
takes to verify that everything is gpl compatible and then afterwards
try list every single copyright holder and put it in the proposed
copyright file and also measure the time spent on that.

It *does* *not* scale.

/Sune


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Cyril Brulebois]

Jonas Meurer jo...@freesources.org (21/03/2009):
 Joerg, please don't you see the consequences of your harsh discussion
 style?

You can cross out “discussion” here.

Mraw,
KiBi.


signature.asc
Description: Digital signature

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Noah Slater nsla...@tumbolia.org writes:

 Having said that, I am thinking that fully documenting the license of
 each file provides a handy way to ensure that developers are thoroughly
 checking the package for licensing problems.

Did you mean copyright here?  No one is disputing the need to document
the license of every file that goes into forming the contents of the
binary package.

I have a serious conceptual problem with requiring work in order to ensure
that people are doing some other piece of work that's only partly related.
The actual *requirement* here is that packages be audited for license
problems.  For me at least, copying and pasting copyright notices to
create a collective notice for packages that track separate copyright for
all contributors takes at least three times longer than just checking each
file for unexpected licensing.  I can more easily do the audit without
doing that work.

I'm really not enthused at the idea of having to do a bunch of copy and
paste work just to prove to someone that I've looked at every file.  It
feels like the sort of make-work assignment that I had to tolerate in
grade school.  One nice thing about being an adult is that I don't have to
put up with that sort of thing any more.  :)

 It is not inconceivable that we could add a lintian check which does
 some fuzzy guesswork to see if it can spot any probably missed files
 based on parsing the debian/copyright file. It could also prove handy to
 the FTP masters who wish to check the quality of work.

In all of the packages for which I've implemented the new copyright
format, which is more than a dozen now, I've always used a catch-all
stanza with the main package license.  I have a hard time imagining when I
ever *wouldn't* do that.  This means that such a Lintian check is going to
be pretty worthless in practice, unless I'm missing some approach that's
more than just making sure each file in the source tree has a matching
stanza in copyright.

 Sure thing. My point was that not checking every file seems like sloppy
 work to me, for a distribution that places such an emphasis on
 licensing, and can lead to many problems.  I have been the unfortunate
 victim of my own laziness in this regard, so at least I am speaking from
 guilty experience.

I'm finding it a bit frustrating that your wording here seems to treat
copying and pasting all the copyright files as if it's synonymous with
checking every file and seems to assume that people who don't do the
copying and pasting aren't checking every file.  They truly are not the
same thing.

 Regardless of format, caveat a machine readable format being available
 to lintian for some rudimentary checks, a requirement for developers to
 document the licensing checks in debian/copyright could (not would) go a
 long way towards preventing DFSG problems in future uploads.

We already *do* require that developers document the results of the
*license* audit.  I don't think anyone is disputing that (although it's
painfully tedious for large packages, and it would be really nice if the
people who are deeply concerned that Debian always do this would volunteer
to help the Iceweasel, Linux kernel, KDE, and X maintainers, among others,
with doing this work).

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Joerg Jaspert jo...@debian.org writes:

 Also, keep in mind what Mark wrote elsewhere. He asked the DPL to let
 SPI get us some lawyers input on the question. Thats probably the best
 course.

Yes.  I'm wholeheartedly in favor of this, and I think we should hold any
resolution of this discussion for the results of that.  There are a
surprising number of gotchas hidden in licenses that people think are
straightforward and read past, and it would be nice to know what our basic
legal requirements are.

I agree that we need to duplicate the copyright statement that's written
above a BSD-style license that contains a clause like:

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
[...]
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

or:

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
Software), to deal in the Software without restriction, [...]
subject to the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

If the license is stated in those files, then it applies to the copyright
notice in that file and hence we have to duplicate it.

I'd like to get an answer about what we have to do with GPL notices.
Hopefully we can get a legal evaluation for that.  (I'm curious whether we
can safely combine copyright notices -- merging together ones with
disjoint dates, for instance -- and still satisfy this requirement.)

However, there are a lot of upstreams that stick copyright notices in
files but don't duplicate license terms or that just stick authorship
information in files without making it a copyright notice and then just
have a single license notice somewhere, like README.  Those are the cases
where I don't see a legal need for duplicating the copyright statements.

 You do have to check every file anyway, otherwise you can't be sure
 about your copyright file listing all the licenses your package
 uses. And I sincerely hope noone will contest the need to list the
 various licenses a package uses?

Well, the one thing that I think we need to clarify here is whether we
need to list the licenses for files that aren't source code for what goes
into the binary distribution, such as the build system.  The files from
Autoconf and Automake have a bunch of different licenses and documenting
them is a fair bit of work for each package.

Looking at one of mine where I did that work, I have four different
sections for every package using Autoconf and Automake: one for
Makefile.in and aclocal.m4, one for configure, one for config.* and some
Automake and libtool helpers, and one for install-sh.  They all have
different licenses.  If I had to include only the exact copyright notice
that's in each file, that would quickly turn into about ten different
sections since there are slightly different years listed.  This is pretty
annoying work.

Clearly, all build support files have to be under a DFSG-free license.
But as long as that's the case, I'm not sure we should be requiring people
to document the licenses of files used only in the build system or in bits
of software that aren't included in the final binaries (such as the test
suite, which even in FSF software sometimes includes tons of different
copyright holders since the FSF doesn't always require copyright
assignment for test suites).

But I don't think anyone is contesting that we have to document the
license of every file that goes into the binary software that we're
distributing in the *.deb package.

 If the argument in favor is just that Policy says something along those
 lines, well, as discussed in this thread, I want to revise that Policy
 section anyway.

 Feel free to. :)

Okay, I may propose some tentative text in the next few days, with the
caveat that it may change based on the resolution of the legal
investigation.

 Yes, thats definitely part of the reason. Also, if people would look at
 how NEW had been handled in the past up to now, instead of purely
 exaggerating and taking actions from there, they would have found out
 that we are usually pretty lenient with this enforcement. We do mention
 it when we see it and whenever we do have a reject anyway, like when
 people forgot to mention a license at all. Rejection solely based on
 missing (C) notices might (have) happen(ed), but should be seldom and
 when there are lots of them with a license requiring them.

 Also, if just a small set is missing and nothing else would block
 accepting the package, we quite often accept the package and send a
 comment to the maintainer saying that the following couple of lines
 should 

Re: Sponsorship requirements and copyright files

[Russ Allbery]

Neil Williams codeh...@debian.org writes:

 We also need clarity on why debian/copyright should have a higher level
 of scrutiny than the upstream itself. Debian does not hold copyright on
 most upstream source packages, why do we second-guess upstream teams?

It's worth noting here that most upstreams distribute only source, and
hence rely on the fact that the source carries the licenes and the
copyright statement and they don't have to do anything special with it.
When we compile that software and distribute only the binaries as a
separate package, we've stripped off, say, a BSD license statement and its
corresponding copyright statement from where upstream put it, and we do,
under the license, have to preserve that somewhere in our derived work,
including the corresponding copyright notice.  If upstream has a bunch of
files under various varients of the BSD license, we are required by those
licenses to preserve all of those notices in the binary package.

This much is a very valid point which I was vaguely aware of but hadn't
really thought about before this thread.

Yes, in practice, it's very unlikely that anyone's going to sue anyone
over this, and it's probably not *that* big of a deal if we don't do it,
but I do agree that we should follow licenses as written even if no one's
going to sue us if we don't.

 Is it acceptable to mimic the actual copyright holders and say:  and
 anyone else we might have forgotten? If not, why not?

I do agree that if upstream distributes a file with a license statement
like (from INN):

   Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009
   by Internet Systems Consortium, Inc. (ISC)
   Copyright (c) 1991, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
   2002, 2003 by The Internet Software Consortium and Rich Salz

   This code is derived from software contributed to the Internet Software
   Consortium by Rich Salz.

   Permission to use, copy, modify, and distribute this software for any
   purpose with or without fee is hereby granted, provided that the above
   copyright notice and this permission notice appear in all copies.

   THE SOFTWARE IS PROVIDED AS IS AND ISC DISCLAIMS ALL WARRANTIES WITH
   REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY
   SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

we can just copy that notice, ignoring the fact that ISC doesn't do
copyright assignment and the actual copyrights are held by way more
different people than are explicitly mentioned there.  I don't think
there's any utility in duplicating the INN CONTRIBUTORS file in
debian/copyright.

 Agreed - except copyright holder details change *far* more frequently
 than licences.

Yes.  That's a lot of what makes accumulating copyright notices so
annoying.

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 07:10:46PM +, Sune Vuorela wrote:
  A license check must, by definition, involve each file in the package.
 
  As re-quoted from the quote you previously quoted:
 
I don't see why it should be considered that much extra effort 
  documenting
the process.
 
  Best,

 Please try it then.

 take the kdelibs source package, start with taking time on how long it
 takes to verify that everything is gpl compatible and then afterwards
 try list every single copyright holder and put it in the proposed
 copyright file and also measure the time spent on that.

Two errors here:

  * I didn't include the time of checking each file, which you should be doing
anyway. No doubt this can take a long time sometimes. I was only talking
about the additional work of noting each license down.

  * I have made it perfectly clear that noting copyright holders was not
something I was talking about. Please do not mangle my position like this.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Arthur de Jong]

On Sun, 2009-03-22 at 12:11 +, Noah Slater wrote:
 Firmly in my mind is the cost/benefit of this extra effort. If we
 succeed in integrating debian/copyright checks into lintian, or dpkg
 and it's front-ends, it seems reasonable to imagine that this effort
 would be a good trade-off.

I have been reading this discussion a bit and I've been wondering what
use-case you actually have for machine-readable debian/copyright files.

FTP masters have indicated that they don't care about the format. This
seems logical because they don't trust what the maintainer put in
debian/copyright and need to review the source by hand anyway.

As a package maintainer I don't see much benefit for my work with this
new format. My packages are extremely simple when copyright is concerned
though.

As a user I hardly ever look at /usr/share/doc/*/copyright. If the
package is in main I consider that enough information for just using it.

If I'm developing software and I want to use another piece of software
(e.g. library, framework or component) I check the license (I don't care
about the copyright holders btw.) and perhaps sometimes I check the
copyright file but most of the time I just check what upstream put on
their website. For these seldom uses a common format or tools wouldn't
help me much.

So for me debian/copyright is mostly a write-only file.

I can understand there may be benefits of a parsable format but I don't
directly see enough gain. On the other hand there seems to be a lot of
(perceived) cost involved (maintainer work).

This means that if you want to introduce a new format you have to
convince the maintainer of a package that there is some benefit, be it
in tools that make their life easier or some concrete benefit for our
users.

Anyway, thanks for the work on the format. To me it seems to probably be
a good thing. I hope this mail wasn't too negative.

-- 
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --


signature.asc
Description: This is a digitally signed message part

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 12:29:37PM -0700, Russ Allbery wrote:
 Noah Slater nsla...@tumbolia.org writes:

  Having said that, I am thinking that fully documenting the license of
  each file provides a handy way to ensure that developers are thoroughly
  checking the package for licensing problems.

 Did you mean copyright here?  No one is disputing the need to document
 the license of every file that goes into forming the contents of the
 binary package.

No, I meant license.

It seems people ARE disputing that licenses be fully documented.

 I have a serious conceptual problem with requiring work in order to ensure
 that people are doing some other piece of work that's only partly related.
 The actual *requirement* here is that packages be audited for license
 problems.  For me at least, copying and pasting copyright notices to
 create a collective notice for packages that track separate copyright for
 all contributors takes at least three times longer than just checking each
 file for unexpected licensing.  I can more easily do the audit without
 doing that work.

I have already made it explicit that I was not talking about copyright holders.

 I'm really not enthused at the idea of having to do a bunch of copy and
 paste work just to prove to someone that I've looked at every file.  It
 feels like the sort of make-work assignment that I had to tolerate in
 grade school.  One nice thing about being an adult is that I don't have to
 put up with that sort of thing any more.  :)

In the context of documenting licenses, it's more for our own sake than anything
else. Like unit tests for code to make sure everything is in order. This would
be more clear if we had developed lintian checks already.

 In all of the packages for which I've implemented the new copyright
 format, which is more than a dozen now, I've always used a catch-all
 stanza with the main package license.  I have a hard time imagining when I
 ever *wouldn't* do that.  This means that such a Lintian check is going to
 be pretty worthless in practice, unless I'm missing some approach that's
 more than just making sure each file in the source tree has a matching
 stanza in copyright.

Me too.

Perhaps there is a way of catching boilerplate patterns and checking to see if
they are matched in debian/copyright. It wouldn't be an exact science, but it
might be helpful in some way.

  Sure thing. My point was that not checking every file seems like sloppy
  work to me, for a distribution that places such an emphasis on
  licensing, and can lead to many problems.  I have been the unfortunate
  victim of my own laziness in this regard, so at least I am speaking from
  guilty experience.

 I'm finding it a bit frustrating that your wording here seems to treat
 copying and pasting all the copyright files as if it's synonymous with
 checking every file and seems to assume that people who don't do the
 copying and pasting aren't checking every file.  They truly are not the
 same thing.

I'm not sure I follow, sorry.

  Regardless of format, caveat a machine readable format being available
  to lintian for some rudimentary checks, a requirement for developers to
  document the licensing checks in debian/copyright could (not would) go a
  long way towards preventing DFSG problems in future uploads.

 We already *do* require that developers document the results of the
 *license* audit.  I don't think anyone is disputing that (although it's
 painfully tedious for large packages, and it would be really nice if the
 people who are deeply concerned that Debian always do this would volunteer
 to help the Iceweasel, Linux kernel, KDE, and X maintainers, among others,
 with doing this work).

Well, there seems to be some confusion then. I have made it explicit in this
thread that I don't really see it as necessary that each copyright holder be
listed, and that we only do it where necessary. It is my understanding that
people have still raised objections about documenting every license in
debian/copyright, for example Autoconf and other generated files.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 12:55:58PM -0700, Russ Allbery wrote:
 I think part of the problem right now is that people aren't sure what to
 expect and are feeling like this review is somewhat unpredictable.  This
 is what I'm hoping to be able to help with by revising the Policy section.
 If we can break this down into must, should, and best practice, then
 people can understand that they'll get a reject for breaking a must, maybe
 a reject for being particularly sloppy about shoulds, and just get notes
 about best practices, as with most of the other things in NEW review.

And once this is complete, the proposed copyright format would sit on top of
that nicely, assuming it is accepted by the community. I want to keep all policy
decisions away from the format proposal.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 01:02:22PM -0700, Russ Allbery wrote:
 we can just copy that notice, ignoring the fact that ISC doesn't do
 copyright assignment and the actual copyrights are held by way more
 different people than are explicitly mentioned there.  I don't think
 there's any utility in duplicating the INN CONTRIBUTORS file in
 debian/copyright.

+1

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 09:00:34PM +0100, Arthur de Jong wrote:
 I can understand there may be benefits of a parsable format but I don't
 directly see enough gain. On the other hand there seems to be a lot of
 (perceived) cost involved (maintainer work).

Implicit in your email is the idea that the copyright proposal is complicated.

  Files: *
  Licence: BSD

I can imagine that being valid syntax for the final format. Hardly a chore!

 This means that if you want to introduce a new format you have to
 convince the maintainer of a package that there is some benefit, be it
 in tools that make their life easier or some concrete benefit for our
 users.

Agreed.

Clearly, given the successful uptake of the proposal given it's draft nature,
people are already seeing value. Perhaps like me, one of those values is having
a consistent way of laying out the file, without having to worry about
inventing your own consistent formatting style.

Maybe that's just my mild OCD speaking though. Heh.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Julien Cristau]

On Sun, Mar 22, 2009 at 02:47:04 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 02:53:51 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 02:55:47 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 02:58:56 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 03:02:51 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 03:34:35 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 03:35:40 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 03:36:55 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 12:03:23 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 12:09:54 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 12:11:50 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 12:16:10 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 13:45:18 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 13:55:42 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 15:42:00 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 15:44:40 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 15:46:04 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 15:47:28 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 18:58:04 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 20:05:33 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 20:11:15 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 20:14:34 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 20:15:38 +, Noah Slater wrote:
On Sun, Mar 22, 2009 at 20:19:56 +, Noah Slater wrote:

may I suggest you stop doing that?

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[David Paleino]

On Sun, 22 Mar 2009 21:24:51 +0100, Julien Cristau wrote:

 On Sun, Mar 22, 2009 at 02:47:04 +, Noah Slater wrote:
 [21 times]
 On Sun, Mar 22, 2009 at 20:19:56 +, Noah Slater wrote:
 
 may I suggest you stop doing that?

What's wrong with properly replying without breaking threads? Yes, he could've
sent one mail quoting different texts, but that's weird IMVHO.

David

-- 
 . ''`.  Debian maintainer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 | http://snipr.com/qa_page
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174


signature.asc
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Raphael Hertzog]

On Sun, 22 Mar 2009, David Paleino wrote:
 On Sun, 22 Mar 2009 21:24:51 +0100, Julien Cristau wrote:
 
  On Sun, Mar 22, 2009 at 02:47:04 +, Noah Slater wrote:
  [21 times]
  On Sun, Mar 22, 2009 at 20:19:56 +, Noah Slater wrote:
  
  may I suggest you stop doing that?
 
 What's wrong with properly replying without breaking threads? Yes, he could've
 sent one mail quoting different texts, but that's weird IMVHO.

He is monopolizing the discussion. He should let some time pass between
replies to take into account the opinions of others. Furthermore, by
replying too fast he is actively making the discussion non-followable by
many persons that don't want to spend an afternoon on this topic.

Having a constructive discussion is difficult and requires everybody to
sit back and let others take part in it.

Cheers,
-- 
Raphaël Hertzog

Contribuez à Debian et gagnez un cahier de l'admin Debian Lenny :
http://www.ouaza.com/wp/2009/03/02/contribuer-a-debian-gagner-un-livre/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 09:55:10PM +0100, Raphael Hertzog wrote:
 He is monopolizing the discussion. He should let some time pass between
 replies to take into account the opinions of others. Furthermore, by
 replying too fast he is actively making the discussion non-followable by
 many persons that don't want to spend an afternoon on this topic.

Am I the cat's mother? I'm not sure which is more rude, replying to emails
faster than other people or criticising someone's behaviour in a public forum.
If you think I reply to emails too fast, please do so in private in the future.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Sun, Mar 22, 2009 at 09:08:54PM +, Noah Slater wrote:
 Am I the cat's mother? I'm not sure which is more rude, replying to emails
 faster than other people or criticising someone's behaviour in a public forum.
 If you think I reply to emails too fast, please do so in private in the 
 future.

Please TELL me in private, heh.

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Moritz Muehlenhoff]

Joerg Jaspert wrote:

 No. It is not up to the Debian maintainer to decide that some
 contributor has written enough of the code to also be mentioned in the
 (C) lines in a particular file. But as soon as upstream lists them
 either in a file header or the AUTHORS file the Debian maintainer has to
 copy that information into debian/copyright.
 This is an absolute waste of time.

 As your mail is.

 Honestly, if you cant deal with listing the Authors/(C) holders - dont
 maintain a package. It is not much work to list them. 

Of course it is, take for an example #486340, which took 3-4 hours. And 
the Intel-Xserver is tiny in comparison to xulrunner or KDE.

You fail to give a rationale why it's actually needed. In the above example
even a company-driven upstream (Intel, VA Linux, Tungsten) didn't bother
to collect copyright information, so WTF should we do it?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Josselin Mouette]

Le dimanche 22 mars 2009 à 20:11 +, Noah Slater a écrit :
  Did you mean copyright here?  No one is disputing the need to document
  the license of every file that goes into forming the contents of the
  binary package.
 
 No, I meant license.
 
 It seems people ARE disputing that licenses be fully documented.

Who? I haven’t seen a single message disputing this in the current
discussion.

-- 
 .''`.  Debian 5.0 Lenny has been released!
: :' :
`. `'   Last night, Darth Vader came down from planet Vulcan and told
  `-me that if you don't install Lenny, he'd melt your brain.


signature.asc
Description: Ceci est une partie de message numériquement signée

Re: Sponsorship requirements and copyright files

[Ben Finney]

Peter Palfrader wea...@debian.org writes:

 On Sun, 22 Mar 2009, Noah Slater wrote:
 
  Listing the licences (not necessarily copyright holders) in a
  machine readable format would allow lintian checks to be
  developed, and maybe even automatic license compatibility checks
  to be performed.
 
 The way this process should work is that you (or somebody) writes
 those tools.

In the absence of a format? Please remember that, for most of its
lifetime, the proposed format has been undergoing changes that would
invalidate such tools; it's still a draft proposal.

 Then, if DDs see that those tools are useful they will convert their
 debian/copyright files to take advantage of those tools all by
 themselves. No one will have to force them.

Certainly, no one has proposed forcing use of the machine-parseable
format in anything like the foreseeable future. One constant on the
page for the draft proposal is the statement that it is *not* yet a
proposal to change policy.

To repeat what Noah has said elsewhere: Please separate any talk of
policy requirements about “what information must go into the
‘debian/copyright’ file”, from work on making that file
machine-parseable. The two issues are orthogonal.

-- 
 \   “The best is the enemy of the good.” —Voltaire, _Dictionnaire |
  `\Philosophique_ |
_o__)  |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Michael Banck]

On Sun, Mar 22, 2009 at 09:00:34PM +0100, Arthur de Jong wrote:
 On Sun, 2009-03-22 at 12:11 +, Noah Slater wrote:
  Firmly in my mind is the cost/benefit of this extra effort. If we
  succeed in integrating debian/copyright checks into lintian, or dpkg
  and it's front-ends, it seems reasonable to imagine that this effort
  would be a good trade-off.
 
 I have been reading this discussion a bit and I've been wondering what
 use-case you actually have for machine-readable debian/copyright files.

I find debian/copyright in general be useful if the package has no
Homepage: line in control yet.


Michael


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Daniel Dickinson]

On Sat, 21 Mar 2009 15:00:00 -0700
Steve Langasek vor...@debian.org wrote:

 
  No. It is not up to the Debian maintainer to decide that some
  contributor has written enough of the code to also be mentioned in
  the (C) lines in a particular file. But as soon as upstream lists
  them either in a file header or the AUTHORS file the Debian
  maintainer has to copy that information into debian/copyright.
 
 So it's not up to the Debian maintainer, but it is up to the ftp team?
 Why?
 

I'm not ftpmaster, but I can guess.  You yourself have said there is
not Debian entity, which means that ftpmaster is *personally* liable
for legal actions take as a result of problems with the archive.  As
the ones personally liable they make any final decision about what goes
in the archive and what doesn't.


Regards,

Daniel

-- 
And that's my crabbing done for the day.  Got it out of the way early, 
now I have the rest of the afternoon to sniff fragrant tea-roses or 
strangle cute bunnies or something.   -- Michael Devore
GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C  http://gnupg.org


signature.asc
Description: PGP signature

Re: Sponsorship requirements and copyright files

[Gustavo Noronha]

On Sat, 2009-03-21 at 16:24 +0100, Josselin Mouette wrote:
 Le samedi 21 mars 2009 à 15:58 +0100, Joerg Jaspert a écrit :
  Honestly, if you cant deal with listing the Authors/(C) holders - dont
  maintain a package. It is not much work to list them. 
 
 Bullshit. The last time FTP masters REJECTed a package because of that,
 I spent more than an hour to get the list right, for a package that took
 only a few minutes to update. I can hardly imagine how fun it must be
 for a big package.

FWIW, ~3 hours of intensive work on webkit last time I did it

-- 
Gustavo Noronha k...@debian.org
Debian Project


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Noah Slater]

On Fri, Mar 20, 2009 at 11:33:32PM -0500, Manoj Srivastava wrote:
 Now, some of the objections you have heard is because of the
  hard line you have been taking in this discussion about  looking for
  and adding copyright holders is not, as far as I can see, reflected in
  current policy.

 And telling people they are doing a bad job and need to either
  shape up or change policy does not actually seem to be corroborated by
  policy, unless I am missing chunks.

Yeah, I apologise for this. This had been my understanding. Sorry.

 BTW, to your list of solutions, I can add another one:
  + realize this is busy work with little value in the common case, and
prefer to spend time otherwise improving the package.

On the other hand, I think this needs to be clarified.

I only maintain a small number of packages, but even then, I have regularly
found files contained within those packages which were included for various
reasons by upstream under a different license. In the case of planet-venus, I
remove a not insignificant number of these for the DFSG. Clearly, some amount of
checking each file is a good thing, so why not be explicit about what is
required of a developer for this?

Best,

-- 
Noah Slater, http://tumbolia.org/nslater


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Thomas Viehmann]

Hi Manoj,

Manoj Srivastava wrote:
  o)  It should name the original authors -- which, in my view, is
  distinct from every subsequent contributor. This can bea matter of
  subjective interpretation, though.

Allow me to disagree. While in common language original can be used in
the sense of initial as your interpretation seems to suggest, this is
clearly and consistently not the case in the context of copyright. In
fact, original author is a something of a technical term in this
domain. A definition capturing the common meaning of this term can be
found e.g. in the CC licenses. In CC 3.0 it starts with
  Original Author means, in the case of a literary or artistic work,
  the individual, individuals, entity or entities who created the Work
  ...
The works Debian distributes are more often than not the result of a
collaborative effort. As such, anyone with a (original, i.e. creative)
contribution to the work is an original author, and not just whoever
started a project.

Debian sees increased enforcement of properly documenting copyright
status because the people who recently joined the FTP team were
instructed to check for this and pointed to the publicly available
reject faq and the two announcements on debian-devel-announce that
explicitly state that copyright notices must be listed and have not been
met with opposition when they were posted five and again three years ago.

Properly documenting the copyright license well includes listing the
licensor and the basis of the license, i.e. including the copyright
notice. If Debian absolutely wants to decide it does not care about who
grants the copyright license, then it has to do so. It might not,
however, be quite necessary to pretend that the ftp team who try to
diligently do the job that has been entrusted to them, including
(manually, mostly, not that much less tedious as compiling them)
double-check that the stuff put on Debian mirrors is prima facie legally
distributable is getting fun out of making up reject reasons.

I do not envy anyone to have to wade through things to collect these
notices and looking at hundreds of license boilerplates but having found
stuff like proprietary property of IBM in openjdk (probably vetted by
people paid to know what they are doing) or KDE themes with an PNGs from
a KDE icon collection and the express clarification that GPL requires
distributing SVG source with any pixel formats, I can assure you that if
Debian is interested in credibly attempting to ensure that the stuff put
on mirrors is legal to distribute someone has to look at every file in
the tarballs.

Kind regards

T.
-- 
Thomas Viehmann, http://thomas.viehmann.net/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Joerg Jaspert]

 The real problem here is that FTP masters require the list of copyright
 holders to be up-to-date each time the package goes through NEW.
 Whatever justification exists for this requirement, I???m starting to find
 it unacceptable. If a package has to go through NEW, it takes about
 twice as much time to update this list than to do the actual packaging
 work.
 Why is this list needed? 
 Often the license requires it.  For instance the BSD license says,
 Redistributions in binary form must reproduce the above copyright.

Even the GPL tells you to. § 4. Conveying Verbatim Copies (which is then
mentioned in the source/binary paragraphs):
--8schnipp-8---
  You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
--8schnapp-8---

 To me, it seems like since one has to go through all of the source files
 anyway, creating a list of copyright holders while you are doing it is a
 trivial task.  I don't see why making this list takes any time at all
 really.  Unless you are not actually looking at the code you upload,
 which would worry me for other reasons as well.
 I think it means what is says. The *ABOVE* copyright notice must
  be reproduced. That does not mean you have to hunt down every person
  with a Signed-Off-By header in the log, or every person who made an
  more than 10 line (non-trivial) patch submission to the project (and
  yes, most of these people also hold copyright -- how are you gonna find
  out all such names?)

No. It is not up to the Debian maintainer to decide that some
contributor has written enough of the code to also be mentioned in the
(C) lines in a particular file. But as soon as upstream lists them
either in a file header or the AUTHORS file the Debian maintainer has to
copy that information into debian/copyright.

 Frankly, at this point, I am not seeing a need to track down or
  verify the completeness of my list of copyright holders, since it is
  almost impossible to do so, or very time consuming, and I see limited
  returns for time invested.

We do not require people to wade through $VCS commit logs or mailinglist
threads to find out who wrote each single line of code.

We require, and have seen nothing to convince us otherwise, that Debian
maintainers need to do the basic work of listing each copyright holder in
debian/copyright, as seen in the source files and AUTHORS list or
equivalent (if any).

-- 
bye, Joerg
  I. What would you do if a package has no sane default configuration?
 (There is *no* default configuration that works on most systems!)
   The best thing to do would be to add such a default configuration.
[... ARGS ...]


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Lars Wirzenius]

la, 2009-03-21 kello 15:04 +0100, Joerg Jaspert kirjoitti:
 We require, and have seen nothing to convince us otherwise, that
 Debian
 maintainers need to do the basic work of listing each copyright holder in
 debian/copyright, as seen in the source files and AUTHORS list or
 equivalent (if any).

It would, of course, help, if at least most upstreams would adopt some
systematic way of marking such. Could we push the machine-readable
debian/copyright file upstream? :)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Josselin Mouette]

Le samedi 21 mars 2009 à 15:04 +0100, Joerg Jaspert a écrit :
 No. It is not up to the Debian maintainer to decide that some
 contributor has written enough of the code to also be mentioned in the
 (C) lines in a particular file. But as soon as upstream lists them
 either in a file header or the AUTHORS file the Debian maintainer has to
 copy that information into debian/copyright.

This is an absolute waste of time.

Lots of time.

Valuable time.

-- 
 .''`.  Debian 5.0 Lenny has been released!
: :' :
`. `'   Last night, Darth Vader came down from planet Vulcan and told
  `-me that if you don't install Lenny, he'd melt your brain.


signature.asc
Description: Ceci est une partie de message numériquement signée

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Sat, Mar 21 2009, Thomas Viehmann wrote:

 Hi Manoj,

 Manoj Srivastava wrote:
  o)  It should name the original authors -- which, in my view, is
  distinct from every subsequent contributor. This can bea matter of
  subjective interpretation, though.

 Allow me to disagree. While in common language original can be used in
 the sense of initial as your interpretation seems to suggest, this is
 clearly and consistently not the case in the context of copyright. In
 fact, original author is a something of a technical term in this
 domain. A definition capturing the common meaning of this term can be
 found e.g. in the CC licenses. In CC 3.0 it starts with
   Original Author means, in the case of a literary or artistic work,
   the individual, individuals, entity or entities who created the Work
   ...
 The works Debian distributes are more often than not the result of a
 collaborative effort. As such, anyone with a (original, i.e. creative)
 contribution to the work is an original author, and not just whoever
 started a project.

Had Debian policy been written by copyright lawyers, you might
 have had a point. The  wording in policy was vetted by us non-lawyers;
 and, in fact, was last modified in a commit made by me, on
 2005-06-16.  I certainly did not mean the original in the sense you say
 it means in copyright law.

Putting busy work into a publicly available and documented
 policy makes it no less busy work, and a partial list of copyright
 owners (since the list of copyright owners is largter thatn the ones in
 the copyright notices on files) serves little  purpose, apart from hand
 wavy ones that applaud us for putting in extra, albeit mostly useless,
 effort.

manoj
-- 
An exception TESTS a rule; it NEVER proves it.  -- Edmund C. Berkeley
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Sat, Mar 21 2009, Noah Slater wrote:


 I only maintain a small number of packages, but even then, I have
 regularly found files contained within those packages which were
 included for various reasons by upstream under a different license. In
 the case of planet-venus, I remove a not insignificant number of these
 for the DFSG. Clearly, some amount of checking each file is a good
 thing, so why not be explicit about what is required of a developer
 for this?

I do a license check, yes. But that does not mean I record the
 author names, no. So, making sure that you cover all licenses the
 package comes with is required, but there is no reason to create a
 partial list of copyright holders --- until there is need to.

manoj
-- 
Loyalty to petrified opinion never broke a chain or freed a human
soul. Mark Twain
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Sponsorship requirements and copyright files

[Manoj Srivastava]

On Sat, Mar 21 2009, Thomas Viehmann wrote:

 Hi Manoj,

 Manoj Srivastava wrote:
  o)  It should name the original authors -- which, in my view, is
  distinct from every subsequent contributor. This can bea matter of
  subjective interpretation, though.

 Allow me to disagree. While in common language original can be used in
 the sense of initial as your interpretation seems to suggest, this is
 clearly and consistently not the case in the context of copyright. In
 fact, original author is a something of a technical term in this
 domain. A definition capturing the common meaning of this term can be
 found e.g. in the CC licenses. In CC 3.0 it starts with
   Original Author means, in the case of a literary or artistic work,
   the individual, individuals, entity or entities who created the Work
   ...
 The works Debian distributes are more often than not the result of a
 collaborative effort. As such, anyone with a (original, i.e. creative)
 contribution to the work is an original author, and not just whoever
 started a project.

Had Debian policy been written by copyright lawyers, you might
 have had a point. The  wording in policy was vetted by us non-lawyers;
 and, in fact, was last modified in a commit made by me, on
 2005-06-16.  I certainly did not mean the original in the sense you say
 it means in copyright law.

Putting busy work into a publicly available and documented
 policy makes it no less busy work, and a partial list of copyright
 owners (since the list of copyright owners is largter thatn the ones in
 the copyright notices on files) serves little  purpose, apart from hand
 wavy ones that applaud us for putting in extra, albeit mostly useless,
 effort.

manoj
-- 
An exception TESTS a rule; it NEVER proves it.  -- Edmund C. Berkeley
Manoj Srivastava sriva...@debian.org http://www.debian.org/~srivasta/  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org