Re: License of binary packages
Francesco Poli invernom...@paranoici.org writes: I am not aware of any update on the matter: I suppose the determination of the effective licenses of binary packages is still something to be done manually. I hope this answers Ole's question, although maybe in a disappointing way... I am not sure if this is legally so simple: As far as I understand licensing, it is the way to allow others to use the product (sorry for unprofessional wording here; I am not at all a specialist in that). That means, that as long as we don't allow someone to use a binary package, he is neither allowed to copy it, nor to use it in any way. We (Debian) must grant him some rights. Currently, I don't see that we do that anywhere. debian/copyright refers only to sources, not to binaries. Also, the license of the binary is not (always) an unambigious result of the source packages: a BSD only licensed source file may also end up in a GPL licensed binary. or the binary of a GPL-2+ source could itseld licensed as GPL-3+. Generally, Debian may add additional restrictions to a binary, as long as they are conform to the source license(s) and the DFSG. My personal understanding of Debian liberalism is that we don't, but I couldn't find a definitive statement for that. So, I think, of we offer binary packages, we must clearly define the conditions of this offer Otherwise the offer is not (legally) valid. Or am I too naive here? Best regards Ole -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87tx22p51v@news.ole.ath.cx
Re: License of binary packages
On 14/11/14 19:19, Ole Streicher wrote: Francesco Poli invernom...@paranoici.org writes: I am not aware of any update on the matter: I suppose the determination of the effective licenses of binary packages is still something to be done manually. I hope this answers Ole's question, although maybe in a disappointing way... I am not sure if this is legally so simple: As far as I understand licensing, it is the way to allow others to use the product (sorry for unprofessional wording here; I am not at all a specialist in that). That means, that as long as we don't allow someone to use a binary package, he is neither allowed to copy it, nor to use it in any way. We (Debian) must grant him some rights. Currently, I don't see that we do that anywhere. debian/copyright refers only to sources, not to binaries. Also, the license of the binary is not (always) an unambigious result of the source packages: a BSD only licensed source file may also end up in a GPL licensed binary. or the binary of a GPL-2+ source could itseld licensed as GPL-3+. Generally, Debian may add additional restrictions to a binary, as long as they are conform to the source license(s) and the DFSG. My personal understanding of Debian liberalism is that we don't, but I couldn't find a definitive statement for that. So, I think, of we offer binary packages, we must clearly define the conditions of this offer Otherwise the offer is not (legally) valid. Or am I too naive here? I don't think that simply using a compiler would be classed as sufficient creativity for Debian to have any copyright interest in the binaries. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546669cb.90...@bitmessage.ch
Re: License of binary packages
Ole Streicher oleb...@debian.org writes: I am not sure if this is legally so simple: As far as I understand licensing, it is the way to allow others to use the product (sorry for unprofessional wording here; I am not at all a specialist in that). Good enough; I'd just replace the term “use” with something more precise, like “exercise rights reserved to the copyright holder by default”. That means, that as long as we don't allow someone to use a binary package, he is neither allowed to copy it, nor to use it in any way. We (Debian) must grant him some rights. It is the copyright holder that, through the grant of license, allows the recipient to exercise certain rights. The Debian project is not the copyright holder for the majority of this work, and can only grant license for work in which the Debian Project holds copyright. Currently, I don't see that we do that anywhere. debian/copyright refers only to sources, not to binaries. The binary form of a work is generated entirely mechanically, from the source. The governing theory, IIUC, is that a right granted in one form of a work obtains in that work even when it undergoes wholly-mechanical (i.e. non-creative) transformations. Suc transoration include mechanical flipping of all the bits, or mechanical chopping into 100-byte files, or rendering a source document to a PDF, or compiling source code to bytecode. So, a license granted in the source form of a work is also granted in that exact same work in some other form, where “non-creative mechanical transformation” is included in “other form of the work”. This is why we speak of “source form of the work” ad “non-source form” and “preferred form of the work for making modifications”, etc.; the concept is that a work remains the same work even when it undergoes a mechanical non-creative transformation. Also, the license of the binary is not (always) an unambigious result of the source packages: a BSD only licensed source file may also end up in a GPL licensed binary. Yes, and the license for the combined work is the superset of both licenses. To exercise an action, it must be done in compliance with both licenses simultaneously. Generally, Debian may add additional restrictions to a binary, as long as they are conform to the source license(s) and the DFSG. My personal understanding of Debian liberalism is that we don't, but I couldn't find a definitive statement for that. I'd say that the Debian project doesn't impose further restrictions on anything in which copyright is held by others. We don't have that right. So, I think, of we offer binary packages, we must clearly define the conditions of this offer Otherwise the offer is not (legally) valid. Or am I too naive here? You seem to be arrogating more to copyright than its power allows. Unless *I'm* being too naive :-) -- \ “One of the most important things you learn from the internet | `\ is that there is no ‘them’ out there. It's just an awful lot of | _o__)‘us’.” —Douglas Adams | Ben Finney -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85y4rd2r89@benfinney.id.au
License of binary packages
Hi, I asked this question already some months ago in debian-mentors, but didn't get an answer: How is the license of a binary Debian package determined? The file debian/copyright only contains the license of the sources; however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. Since Debian is a binary distribution, I am wondering if there is any canonical way to get the license of a (binary) package? Best regards Ole -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4rfoy8b@news.ole.ath.cx
Re: License of binary packages
How is the license of a binary Debian package determined? The file debian/copyright only contains the license of the sources; however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. I'd say that it would probably be a matter of checking the license for all of the sources that were used to make the particular binary that you are concerned about - and then, checking the Debian dependencies for packages which your binary links to, in case there is a GPL-like linking clause. Since Debian is a binary distribution, I am wondering if there is any canonical way to get the license of a (binary) package? Not that I know of, unfortunately. Hopefully someone else will have an idea. That being said, if you distribute all packages with their sources and dependencies (and possibly a copy of /usr/share/common-licenses), you should probably be okay. (Of course, packages marked essential do not need to be included in the list of dependencies, so that could be a problem as well.) Honestly, though, I doubt that anyone is going to take legal action over something like this. They'd probably just ask you to change the license notice. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546511bc.4030...@bitmessage.ch
Re: License of binary packages
Ole Streicher oleb...@debian.org writes: How is the license of a binary Debian package determined? The file debian/copyright only contains the license of the sources; Not true. The ‘debian/copyright’ file is installed by each binary package ‘foopackage’ as the ‘/usr/share/doc/foopackage/copyright’ file, and constitutes the copyright information for that binary package. however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. Right, so the source package should have a ‘debian/copyright’ which specifies copyright information for all binary packages generated from that source. Since Debian is a binary distribution Debian consists of both source and binary packages equally, so I don't know what you are characterising there. I am wondering if there is any canonical way to get the license of a (binary) package? The binary package ‘foopackage’, once installed, has its copyright information at ‘/usr/share/doc/foopackage/copyright’. -- \ “I bought some batteries, but they weren't included; so I had | `\to buy them again.” —Steven Wright | _o__) | Ben Finney -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/854mu26dn7@benfinney.id.au
Re: License of binary packages
however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. Right, so the source package should have a ‘debian/copyright’ which specifies copyright information for all binary packages generated from that source. ftp depends on libreadline6, which is under the GPL. However, ftp's debian/copyright file only lists BSD licenses. -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546517ac.7020...@bitmessage.ch
Re: License of binary packages
On Fri, 14 Nov 2014 07:17:00 +1100 Riley Baird wrote: How is the license of a binary Debian package determined? The file debian/copyright only contains the license of the sources; however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. I'd say that it would probably be a matter of checking the license for all of the sources that were used to make the particular binary that you are concerned about - and then, checking the Debian dependencies for packages which your binary links to, in case there is a GPL-like linking clause. That's the way to go, as far as I know. Unfortunately, it may be tedious and time consuming in some cases... :-( Since Debian is a binary distribution, I am wondering if there is any canonical way to get the license of a (binary) package? Not that I know of, unfortunately. Hopefully someone else will have an idea. [...] I am not aware of any requirement (in the current Debian Policy) to document the effective license for binary packages. The debian/copyright file is intended for clearly documenting the licensing status of source packages, not the effective licenses of binary packages built from them. You may want to take a look at: https://bugs.debian.org/694657#45 https://bugs.debian.org/694657#130 The whole bug log could be an interesting read, but it's quite long, so please check it out only if you are searching for a way to kill time! ;-) I am not aware of any update on the matter: I suppose the determination of the effective licenses of binary packages is still something to be done manually. I hope this answers Ole's question, although maybe in a disappointing way... -- http://www.inventati.org/frx/ fsck is a four letter word... . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpiotTKIbsUR.pgp Description: PGP signature
Re: License of binary packages
On Thu, 13 Nov 2014 21:43:10 +0100 Francesco Poli wrote: [...] The debian/copyright file is intended for clearly documenting the licensing status of source packages, not the effective licenses of binary packages built from them. [...] Mmmmh, I wrote this too fast, on the basis of what was said in the cited bug log (#694657)... :-( But I've just remembered another thread about this same issue: https://lists.debian.org/debian-legal/2013/01/msg7.html (with all its direct and indirect replies) In that thread it is claimed that the Debian Policy is to be interpreted as requiring that the licensing status of *binary* packages be documented. However, in practice, it turns out that this is not always done thoroughly, whenever the binary licensing differs from the source licensing... :-/ -- http://www.inventati.org/frx/ fsck is a four letter word... . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgposzTXWjCbb.pgp Description: PGP signature
Re: License of binary packages
Le Thu, Nov 13, 2014 at 05:35:00PM +0100, Ole Streicher a écrit : I asked this question already some months ago in debian-mentors, but didn't get an answer: How is the license of a binary Debian package determined? The file debian/copyright only contains the license of the sources; however the binary license may differ -- f.e. when a BSD source is linked to a GPL library. Also there is usually more than one license used in the sources. Hi Ole, in some packages I maintain, I put such information in the debian/copyright file (in the License field of the header, as I am using the machine-readable format). However, it is not canonical, nor automated. Have a nice day, -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141113223947.ga23...@falafel.plessy.net
Re: License of binary packages
Hi, Le 13/11/2014 16:37, Ben Finney a écrit : The file debian/copyright only contains the license of the sources; Not true. That’s a strong affirmation. Policy 4.5 may deserve some clarification, but I wouldn’t be so affirmative (or negative). https://www.debian.org/doc/debian-policy/ch-source.html#s-dpkgcopyright The ‘debian/copyright’ file is installed by each binary package ‘foopackage’ as the ‘/usr/share/doc/foopackage/copyright’ file, and constitutes the copyright information for that binary package. That’s an incomplete description of how dh_installchangelogs works, more information is available in dh_installchangelogs(1) (e.g., you’re free to provides the debian/foopackage.copyright file in the source that will be installed in /usr/share/doc/foopackage/copyright, but you can also override it or not use debhelper at all). Regards David signature.asc Description: OpenPGP digital signature
Re: License of binary packages
David Prévot taf...@debian.org writes: Le 13/11/2014 16:37, Ben Finney a écrit : The ‘debian/copyright’ file is installed by each binary package ‘foopackage’ as the ‘/usr/share/doc/foopackage/copyright’ file, and constitutes the copyright information for that binary package. That’s an incomplete description of how dh_installchangelogs works, more information is available in dh_installchangelogs(1) (e.g., you’re free to provides the debian/foopackage.copyright file in the source that will be installed in /usr/share/doc/foopackage/copyright, but you can also override it or not use debhelper at all). True, my apologies. I was mistakenly assuming the package in question uses Debhelper to install copyright files. Nonetheless, the copyright for each binary package is in the source package, in the vast majority of Debian packages. -- \ “Don't be misled by the enormous flow of money into bad defacto | `\standards for unsophisticated buyers using poor adaptations of | _o__) incomplete ideas.” —Alan Kay | Ben Finney -- To UNSUBSCRIBE, email to debian-legal-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/85389m4ele@benfinney.id.au