Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Sean Whitton]

Dear Yao,

On Tue, Dec 12 2017, Yao Wei wrote:

> Built-Using doesn't contain copyright notice and license info, for
> example Expat has the following clause:
>
> The above copyright notice and this permission notice shall be
> included in all copies or substantial portions of the Software.

Okay, I see what you're saying.

We don't add new fields to Policy until they see use in the archive (for
example, in #786470 we are discussing adding License-Grant: because it
is already being used in some packages).  So this bug should wait until
at least a handful of packages are using the field.

But secondly, you are surely not the first person to come across this
issue.  We need to determine how this has been handled before, and
whether the ftp-masters have even permitted packages with the situation
you describe into the archive.

I'll leave this bug tagged moreinfo until the above are determined.  Per
the Policy Changes Process the bug may be closed if the info is not
forthcoming in 30 days; don't be discouraged by this, because you can
always file a new bug when

- we have figured out what the best practice actually is here
- some packages are using that best practice.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Yao Wei]

Hi Sean,

Built-Using doesn't contain copyright notice and license info, for example
Expat has the following clause:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

Yao Wei
On Tue, 12 Dec 2017 at 09:47 Sean Whitton  wrote:

> Hello Yao,
>
> On Tue, Dec 12 2017, Yao Wei wrote:
>
> > My problem is roughly case 1 (and for me, to solve case 2). However as
> > a requirement of some licenses the file must come with the copyright
> > notice, and I am afraid if generates files which it's source comes
> > from another package cannot comply with such requirements.
>
> Can you explain why the Built-Using: field doesn't satisfy this?  AIUI,
> this case is precisely what the Built-Using: field is for.
>
> (I thought that this wasn't an issue with the Expat license, anyway;
> only the GPL, but I'm not sure)
>
> --
> Sean Whitton
>

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Sean Whitton]

Hello Yao,

On Tue, Dec 12 2017, Yao Wei wrote:

> My problem is roughly case 1 (and for me, to solve case 2). However as
> a requirement of some licenses the file must come with the copyright
> notice, and I am afraid if generates files which it's source comes
> from another package cannot comply with such requirements.

Can you explain why the Built-Using: field doesn't satisfy this?  AIUI,
this case is precisely what the Built-Using: field is for.

(I thought that this wasn't an issue with the Expat license, anyway;
only the GPL, but I'm not sure)

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Yao Wei]

Hi Sean,

My problem is roughly case 1 (and for me, to solve case 2). However as a
requirement of some licenses the file must come with the copyright notice,
and I am afraid if generates files which it's source comes from another
package cannot comply with such requirements.

The generated file inside the upstream package does have a copy of Expat
license and copyright notice in the file, but the generated file doesn't
include them.

It might be only build dependency but not runtime dependency and the
copyright notice should be carried by the binary package.

Yao Wei
On Tue, 12 Dec 2017 at 09:01 Sean Whitton  wrote:

> Hello Yao,
>
> On Mon, Dec 11 2017, Yao Wei wrote:
>
> > Files-Binary would be package name and file path to the files which its
> > copyright is not in source package but in binary package.  For example:
> >
> >   Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
> >   Copyright:2038 John Doe
> >   License:  Expat
> >
> > ---
> >
> > Another solution to this problem is mark certain file which is generated
> > using what source package inside the header, and during build process
> > the copyright information requires to be attached in the binary package.
> > This should introduce another tag "Depends", like:
> >
> >   Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
> >   Depends:  package-b
>
> Thank you for taking the time to write this up!
>
> If I understand correctly, the use case is when your package contains a
> file, but the source is in another package?
>
> I think there are two subcases.  Either
>
> 1. your binary package contains a file, and the source is in another
>package (your source package does NOT contain the file; it is
>generated/copied during build)
> 2. your source package (and maybe also your binary package) contains a
>file, and the source is in another package.
>
> Case (1) is (roughly) what the Built-Using field is for.
>
> The ftp-masters have indicated that case (2) is not acceptable.[1]
> CCing them in case they want to expand on that.
>
> So I don't think there is a use case for this.  But please let me know
> if I've misunderstood.
>
> [1]  https://bugs.debian.org/882723#35
>
> --
> Sean Whitton
>

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Sean Whitton]

Hello Yao,

On Mon, Dec 11 2017, Yao Wei wrote:

> Files-Binary would be package name and file path to the files which its
> copyright is not in source package but in binary package.  For example:
>
>   Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
>   Copyright:2038 John Doe
>   License:  Expat
>
> ---
>
> Another solution to this problem is mark certain file which is generated
> using what source package inside the header, and during build process
> the copyright information requires to be attached in the binary package.
> This should introduce another tag "Depends", like:
>
>   Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
>   Depends:  package-b

Thank you for taking the time to write this up!

If I understand correctly, the use case is when your package contains a
file, but the source is in another package?

I think there are two subcases.  Either

1. your binary package contains a file, and the source is in another
   package (your source package does NOT contain the file; it is
   generated/copied during build)
2. your source package (and maybe also your binary package) contains a
   file, and the source is in another package.

Case (1) is (roughly) what the Built-Using field is for.

The ftp-masters have indicated that case (2) is not acceptable.[1]
CCing them in case they want to expand on that.

So I don't think there is a use case for this.  But please let me know
if I've misunderstood.

[1]  https://bugs.debian.org/882723#35

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Yao Wei]

On Sun, Dec 10, 2017 at 10:46:12AM -0700, Sean Whitton wrote:
> > One of the files inside Package A is generated during build time.
> > However, the generation of the file requires Package B which has
> > different copyright, and the generated file in Package A is basically
> > a format conversion of the file in Package B, and the copyright needs
> > to be retained per license of Package B.  It could be copyright
> > violation of Package B if copyright status and requirements is not
> > fulfilled in Package A and we redistribute Package A.
> >
> > I would suggest a tag "Files-Binary" in copyright-format to fulfill
> > this situation.
> 
> What would the definition of this field be?  It is not clear from your
> example.

Files-Binary would be package name and file path to the files which its
copyright is not in source package but in binary package.  For example:

  Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
  Copyright:2038 John Doe
  License:  Expat

---

Another solution to this problem is mark certain file which is generated
using what source package inside the header, and during build process
the copyright information requires to be attached in the binary package.
This should introduce another tag "Depends", like:

  Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
  Depends:  package-b

If the maintainer knows what specific file in package-b it requires,
they can specify it like:

  Files-Binary: package-a-data, usr/share/package-a-data/file-in-question
  Depends:  package-b, data/orig-file

And if the specified file in package-b has the same problem of
package-a, as it only exists in binary package, it can be like this:

  Files-Binary:   package-a-data, usr/share/package-a-data/file-in-question
  Depends-Binary: package-b-data, usr/share/package-b-data/orig-file

---

For real-world use case, I am packaging glyphslib, which has above
problem for a stripped file which needs to be generated from source:

  https://anonscm.debian.org/cgit/pkg-fonts/glyphslib.git/tree/debian/copyright

Please comment or propose another idea if the use case of them is not
clear.

Yao Wei


signature.asc
Description: PGP signature

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[Sean Whitton]

control: tag -1 +moreinfo

Dear Yao,

On Sun, Dec 10 2017, Yao Wei (魏銘廷) wrote:

> One of the files inside Package A is generated during build time.
> However, the generation of the file requires Package B which has
> different copyright, and the generated file in Package A is basically
> a format conversion of the file in Package B, and the copyright needs
> to be retained per license of Package B.  It could be copyright
> violation of Package B if copyright status and requirements is not
> fulfilled in Package A and we redistribute Package A.
>
> I would suggest a tag "Files-Binary" in copyright-format to fulfill
> this situation.

What would the definition of this field be?  It is not clear from your
example.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#884006: copyright-format: Documenting copyrights not in source package but in binary package

[魏銘廷]

Package: debian-policy
Version: 4.1.2
Severity: normal

Dear Maintainer,

Considering the following case:

One of the files inside Package A is generated during build time.
However, the generation of the file requires Package B which has
different copyright, and the generated file in Package A is basically a
format conversion of the file in Package B, and the copyright needs to
be retained per license of Package B.  It could be copyright violation
of Package B if copyright status and requirements is not fulfilled in
Package A and we redistribute Package A.

I would suggest a tag "Files-Binary" in copyright-format to fulfill this
situation.

Yao Wei


signature.asc
Description: PGP signature