Hi Florian: On Tue, Aug 13, 2019 at 9:05 PM Florian Weimer <[email protected]> wrote: > > * Philippe Ombredanne: > > > Background/original message > > ======================= > > python-debian is the canonical library to handle debian files. It is > > GPL-licensed yet also used as a library by quite a few tools [2] that > > are not GPL-licensed but rather ISC, MIT, Apache and similar both at > > debian and elsewhere. > > > > Would the copyleft of python-debian flow to a tool or library that is > > calling and using python-debian as a library? > > > > If yes, could it make sense to consider some sorts of licensing update > > either for all these FOSS libraries or rather for python-debian proper > > such that the effective licensing of these tools may not be impacted? > > > > PS: I am maintaining origin and license code scanning tools written in > > Python [3] and I am considering to add a dependency on python-debian to > > export valid machine readable copyright files created from a scancode > > license and copyright file [4]. The licensed toolkit is Apache-licensed. > > I don't really see where this is coming from. I do not see any > practical problems with a copyleft license for a Python script. > Compliance with the GPLv2+ terms is about as difficult as complying > with the MIT license, so why bother changing the licensing?
The way I understand it, the copyleft from python-debian would extend to the calling code (e.g. another program that would use python-debian as a library). There are a few such programs calling pytho-debian today (I listed some in my initial email) out there that use non-copyleft permissive licenses and I was considering using python-debian in an Apache-license application, therefore having an alternative license such as an LGPL or an exception add to the GPL or some permissive license would be better IMHO for these cases, much the same way for instance librpm was made LGPL to enable building RPM-based tools under any FOSS license [1] > In any case, my contributions to python-debian were probably copied > from the Debian security tracker project, so you'd need to check what > exactly was copied from there and who contributed to the copied code > portion. Your copyright shows up in debian_support.py as added by James Westby about 13 years ago on 2006-08-16 [2] and indeed was exactly copied from the security tracker at this commit [3]. The trail of commits before [4] and after [5] that is clean and clear. FWIW, it looks like the only part being used elsewhere in python-debian is the "debian_support.Version" class: I guess the rest of the code is API code for library users to call. [1] https://github.com/rpm-software-management/rpm/blob/7faf8eda1358f8a877b9b3d6e1197b814e80b50b/COPYING#L11 [2] https://salsa.debian.org/python-debian-team/python-debian/blob/75d12ca851d7ce92cbef9b06e0702f86a858433a/debian_bundle/debian_support.py [3] https://salsa.debian.org/security-tracker-team/security-tracker/blob/66cf8c9da465dd52b5cc32c0e3c9ba8f663e8b70/lib/python/debian_support.py [4] https://salsa.debian.org/security-tracker-team/security-tracker/commits/master/lib/python/debian_support.py [5] https://salsa.debian.org/python-debian-team/python-debian/commits/master/lib/debian/debian_support.py -- Cordially Philippe Ombredanne -- https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-python-debian-maint
