On Wed 2016-06-08 04:57:21 -0400, Mathieu Malaterre wrote: > Package: debian-keyring > Version: 2016.04.22 > > Currently the package copyright file states: > > [...] > The keys in the keyrings don't fall under any copyright. > [...] > > this is inaccurate as key(s) can have JPEG copyright strings attached.
fwiw, the copyrights in the JPEGs are often embedded color profiles. The fact that the color profiles are copyrighted doesn't mean they are not DFSG-free, though; it just means we need to figure out what the licenses are for those copyrights. have you scanned other JPEGs in the debian archive for these embedded profiles? if those color profiles are actually not considered DFSG-free, this may turn out to be a larger project than expected. fwiw, i suppose one could argue that the images in the user attributes (the attached keys) themselves (regardless of embedded color profile) are under some form of copyright protection that could make them not dfsg-free unless they have an appropriately-stated license. See for example: https://commons.wikimedia.org/wiki/Commons:Exif#ExifTool_how-to This seems a bit silly, but hey, copyright law might actually turn out to be silly sometimes. I see a few possible options: 0) stop distributing User Attributes in debian-keyring entirely (this would avoid dealing with any questions about embedded color profiles or jpeg copyright) 1) stop distributing User Attributes with embedded copyrighted color profiles that are not explicitly licensed with a DFSG-free license. 2) stop distributing User Attributes that contain JPEGs that do not have a DFSG-friendly Copyright tag. (licensing ≠copyright, so putting licensing information in a Copyright tag is also silly; but it's no sillier than putting licensing information in a file named debian/copyright… oh well) (0) is certainly the easiest approach for the maintainers of debian-keyring. --dkg
