Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)

2017-07-29 Thread Jonas Smedegaard 
Quoting umlae...@debian.org (2017-07-29 17:20:53)
> Zitat von Jonas Smedegaard :
> >> >
> >> > These drumkits are in upstream metadata listed _without_ license:
> >> >
> >> > ColomboAcousticDrumkit (sf)
> >> > EasternHop (sf)
> >> > Electric Empire (sf)
> >> > HardElectro (sf)
> >> > HipHop-1 (sf)
> >> > HipHop-2 (sf)
> >> > Millo's MultiLayered 2 (sf)
> >> > Synthie-1 (sf)
> >> > VariBreaks (sf)
> >> >
> >> > In Debian copyright file those are listed as licensed GPL-2.
> >>
> >> The fact that the metadata doesn't contain a license, does not imply
> >> that these files are not GPL-2. Have you actually checked the license
> >> of any of these?
> >
> > The issue here is that information about licensing is unavailable in the
> > source package.  Title now rephrased to not avoid assumption.
> >
> > If licensing is based on external information and/or guesswork, then
> > that should be documented in debian/copyright.
> 
> hmm.
> 
> the "orig.tar.gz" contains this information, since it includes  
> "drumkits.json" which includes the licenses for each drumkit as  
> specified by (their) upstream(s) (which is mostly a casual short name,  
> rather than the full license text; however, this doesn't make the  
> licenses any less valid).
> 
> since "drumkits.json" is generated by a script in debian/ this might  
> require some additional information, so:
> 
> the licenses are obtained from the same source as the information on  
> how to obtain the drumkits:
> "their drumkit feed" (as it is called in debian/README.source).
> with "them" being upstream (hydrogen), and their "drumkit feed" being  
> http://www.hydrogen-music.org/feeds/drumkit_list.php
> it is my understanding that this feed is generated from information  
> that has been directly entered by the upstreams' of the various  
> drumkits. i have no reason to distrust this source of information.
> 
> therefore, for me the license information *has* been added by  
> upstream, albeit on a separate channel, and i don't see any problem  
> with the licenses as stated in d/copyright)
> 
> i agree, this should probably be added to the d/README.source

A week ago I updated debian/copyright in git to elaborate on origin of 
copyright and licensing as best as I could - which took XML feed into 
account.  In that process, I relicensed some of the drumkits as I found 
no evidence of the stated licensing but evidence of another.

I have failed to identify a source of copyright + licensing for the 
following, however: EasternHop-1 HipHop-1 HipHop-2 Synthie-1.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)

2017-07-29 Thread umlaeute 

Zitat von Jonas Smedegaard :

>
> These drumkits are in upstream metadata listed _without_ license:
>
> ColomboAcousticDrumkit (sf)
> EasternHop (sf)
> Electric Empire (sf)
> HardElectro (sf)
> HipHop-1 (sf)
> HipHop-2 (sf)
> Millo's MultiLayered 2 (sf)
> Synthie-1 (sf)
> VariBreaks (sf)
>
> In Debian copyright file those are listed as licensed GPL-2.

The fact that the metadata doesn't contain a license, does not imply
that these files are not GPL-2. Have you actually checked the license
of any of these?


The issue here is that information about licensing is unavailable in the
source package.  Title now rephrased to not avoid assumption.

If licensing is based on external information and/or guesswork, then
that should be documented in debian/copyright.


hmm.

the "orig.tar.gz" contains this information, since it includes  
"drumkits.json" which includes the licenses for each drumkit as  
specified by (their) upstream(s) (which is mostly a casual short name,  
rather than the full license text; however, this doesn't make the  
licenses any less valid).


since "drumkits.json" is generated by a script in debian/ this might  
require some additional information, so:


the licenses are obtained from the same source as the information on  
how to obtain the drumkits:

"their drumkit feed" (as it is called in debian/README.source).
with "them" being upstream (hydrogen), and their "drumkit feed" being  
http://www.hydrogen-music.org/feeds/drumkit_list.php
it is my understanding that this feed is generated from information  
that has been directly entered by the upstreams' of the various  
drumkits. i have no reason to distrust this source of information.


therefore, for me the license information *has* been added by  
upstream, albeit on a separate channel, and i don't see any problem  
with the licenses as stated in d/copyright)


i agree, this should probably be added to the d/README.source

Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)

2017-07-21 Thread Jonas Smedegaard 
Control: retitle -1 src:hydrogen-drumkits: Some sources lack licensing

Quoting James Cowgill (2017-07-21 11:56:15)
> On 21/07/17 10:49, Jonas Smedegaard wrote:
> > Package: src:hydrogen-drumkits
> > Version: 2015.09.28-1
> > Severity: serious
> > Justification: Policy 2.2.1
> > 
> > These drumkits are in upstream metadata listed _without_ license:
> > 
> > ColomboAcousticDrumkit (sf)
> > EasternHop (sf)
> > Electric Empire (sf)
> > HardElectro (sf)
> > HipHop-1 (sf)
> > HipHop-2 (sf)
> > Millo's MultiLayered 2 (sf)
> > Synthie-1 (sf)
> > VariBreaks (sf)
> > 
> > In Debian copyright file those are listed as licensed GPL-2.
> 
> The fact that the metadata doesn't contain a license, does not imply 
> that these files are not GPL-2. Have you actually checked the license 
> of any of these?

The issue here is that information about licensing is unavailable in the 
source package.  Title now rephrased to not avoid assumption.

If licensing is based on external information and/or guesswork, then 
that should be documented in debian/copyright.


> For instance, a brief google search seems to indicate that the first one
> on your list (ColomboAcousticDrumkit) is GPL-2 licensed:
> http://freepats.zenvoid.org/Percussion/acoustic-drum-kit.html

Thanks for the valuable info - now added to debian/copyright.

Do you have similar info for the other sources?


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)

2017-07-21 Thread James Cowgill 
Hi,

On 21/07/17 10:49, Jonas Smedegaard wrote:
> Package: src:hydrogen-drumkits
> Version: 2015.09.28-1
> Severity: serious
> Justification: Policy 2.2.1
> 
> These drumkits are in upstream metadata listed _without_ license:
> 
> ColomboAcousticDrumkit (sf)
> EasternHop (sf)
> Electric Empire (sf)
> HardElectro (sf)
> HipHop-1 (sf)
> HipHop-2 (sf)
> Millo's MultiLayered 2 (sf)
> Synthie-1 (sf)
> VariBreaks (sf)
> 
> In Debian copyright file those are listed as licensed GPL-2.

The fact that the metadata doesn't contain a license, does not imply
that these files are not GPL-2. Have you actually checked the license of
any of these?

For instance, a brief google search seems to indicate that the first one
on your list (ColomboAcousticDrumkit) is GPL-2 licensed:
http://freepats.zenvoid.org/Percussion/acoustic-drum-kit.html

James



signature.asc
Description: OpenPGP digital signature

Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)

2017-07-21 Thread Jonas Smedegaard 
Package: src:hydrogen-drumkits
Version: 2015.09.28-1
Severity: serious
Justification: Policy 2.2.1

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

These drumkits are in upstream metadata listed _without_ license:

ColomboAcousticDrumkit (sf)
EasternHop (sf)
Electric Empire (sf)
HardElectro (sf)
HipHop-1 (sf)
HipHop-2 (sf)
Millo's MultiLayered 2 (sf)
Synthie-1 (sf)
VariBreaks (sf)

In Debian copyright file those are listed as licensed GPL-2.

 - Jonas

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAllxzkMACgkQLHwxRsGg
ASElKBAApwwOF1ii7YQvV3qaTvt6MwfMUkARW4+FII9CEsqf2UQEbNUwm7oN07jL
4faAXhQ94Xdb1NwmTKmq82QmmD9y8MuaEps8EvfLn5cvML21+54Kwr5upt8uEnF+
wKFKD/6nRqab8qGnu0u6cryGKFLE6jyV7dEGYrh4NB0DKcpv6f322c970v9p9wqK
tx8hBklGm+cWH9aZ/91avuAQJQ/wLhEESKohWTGfUSWQJn6bw0gEgqw+xI1QCi04
L+6brY7cck5T0ZomebDOfCcm05fshBsi7XuYxL4WnVtDGcwiDWkhEvTIDXcVPUbN
WzVyhn78e1aCtZ5wGT73OmaJXMhHzM1N3dRxg9JY+uB2I6uA65bxIj6EAkxXDMge
3lZUgO6ETSQS250AH4k2jcEMC6FPIK/KEEI7iWWa/7jIvT7uhM3cchs2fQZXxFLy
EgL2RCn/sGtPHvaefCyMNYFPhZDcGYPeGCONKPzg9y+K35iihc7BM0KmVwHSUQ9r
ScaUdOuUWUg9RocpAEKbVTxkn5E0ygrtH7eIb/GBK/qJVoRh1+xKOjp9BqYgHVHe
eGsEvSV1WIACzc3XU8uLa0NmInPbSGtKNMGbfT7MCrrtwtSSEFsuoHL4pRcibs1v
Z3ooVdnfz9K4Serzd4+o2+2E9ZBrpyQ9L3CDuLlHwEV0Hkn1lSM=
=YS/0
-END PGP SIGNATURE-