Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)
Quoting umlae...@debian.org (2017-07-29 17:20:53) > Zitat von Jonas Smedegaard: > >> > > >> > These drumkits are in upstream metadata listed _without_ license: > >> > > >> > ColomboAcousticDrumkit (sf) > >> > EasternHop (sf) > >> > Electric Empire (sf) > >> > HardElectro (sf) > >> > HipHop-1 (sf) > >> > HipHop-2 (sf) > >> > Millo's MultiLayered 2 (sf) > >> > Synthie-1 (sf) > >> > VariBreaks (sf) > >> > > >> > In Debian copyright file those are listed as licensed GPL-2. > >> > >> The fact that the metadata doesn't contain a license, does not imply > >> that these files are not GPL-2. Have you actually checked the license > >> of any of these? > > > > The issue here is that information about licensing is unavailable in the > > source package. Title now rephrased to not avoid assumption. > > > > If licensing is based on external information and/or guesswork, then > > that should be documented in debian/copyright. > > hmm. > > the "orig.tar.gz" contains this information, since it includes > "drumkits.json" which includes the licenses for each drumkit as > specified by (their) upstream(s) (which is mostly a casual short name, > rather than the full license text; however, this doesn't make the > licenses any less valid). > > since "drumkits.json" is generated by a script in debian/ this might > require some additional information, so: > > the licenses are obtained from the same source as the information on > how to obtain the drumkits: > "their drumkit feed" (as it is called in debian/README.source). > with "them" being upstream (hydrogen), and their "drumkit feed" being > http://www.hydrogen-music.org/feeds/drumkit_list.php > it is my understanding that this feed is generated from information > that has been directly entered by the upstreams' of the various > drumkits. i have no reason to distrust this source of information. > > therefore, for me the license information *has* been added by > upstream, albeit on a separate channel, and i don't see any problem > with the licenses as stated in d/copyright) > > i agree, this should probably be added to the d/README.source A week ago I updated debian/copyright in git to elaborate on origin of copyright and licensing as best as I could - which took XML feed into account. In that process, I relicensed some of the drumkits as I found no evidence of the stated licensing but evidence of another. I have failed to identify a source of copyright + licensing for the following, however: EasternHop-1 HipHop-1 HipHop-2 Synthie-1. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)
Zitat von Jonas Smedegaard: > > These drumkits are in upstream metadata listed _without_ license: > > ColomboAcousticDrumkit (sf) > EasternHop (sf) > Electric Empire (sf) > HardElectro (sf) > HipHop-1 (sf) > HipHop-2 (sf) > Millo's MultiLayered 2 (sf) > Synthie-1 (sf) > VariBreaks (sf) > > In Debian copyright file those are listed as licensed GPL-2. The fact that the metadata doesn't contain a license, does not imply that these files are not GPL-2. Have you actually checked the license of any of these? The issue here is that information about licensing is unavailable in the source package. Title now rephrased to not avoid assumption. If licensing is based on external information and/or guesswork, then that should be documented in debian/copyright. hmm. the "orig.tar.gz" contains this information, since it includes "drumkits.json" which includes the licenses for each drumkit as specified by (their) upstream(s) (which is mostly a casual short name, rather than the full license text; however, this doesn't make the licenses any less valid). since "drumkits.json" is generated by a script in debian/ this might require some additional information, so: the licenses are obtained from the same source as the information on how to obtain the drumkits: "their drumkit feed" (as it is called in debian/README.source). with "them" being upstream (hydrogen), and their "drumkit feed" being http://www.hydrogen-music.org/feeds/drumkit_list.php it is my understanding that this feed is generated from information that has been directly entered by the upstreams' of the various drumkits. i have no reason to distrust this source of information. therefore, for me the license information *has* been added by upstream, albeit on a separate channel, and i don't see any problem with the licenses as stated in d/copyright) i agree, this should probably be added to the d/README.source
Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)
Control: retitle -1 src:hydrogen-drumkits: Some sources lack licensing Quoting James Cowgill (2017-07-21 11:56:15) > On 21/07/17 10:49, Jonas Smedegaard wrote: > > Package: src:hydrogen-drumkits > > Version: 2015.09.28-1 > > Severity: serious > > Justification: Policy 2.2.1 > > > > These drumkits are in upstream metadata listed _without_ license: > > > > ColomboAcousticDrumkit (sf) > > EasternHop (sf) > > Electric Empire (sf) > > HardElectro (sf) > > HipHop-1 (sf) > > HipHop-2 (sf) > > Millo's MultiLayered 2 (sf) > > Synthie-1 (sf) > > VariBreaks (sf) > > > > In Debian copyright file those are listed as licensed GPL-2. > > The fact that the metadata doesn't contain a license, does not imply > that these files are not GPL-2. Have you actually checked the license > of any of these? The issue here is that information about licensing is unavailable in the source package. Title now rephrased to not avoid assumption. If licensing is based on external information and/or guesswork, then that should be documented in debian/copyright. > For instance, a brief google search seems to indicate that the first one > on your list (ColomboAcousticDrumkit) is GPL-2 licensed: > http://freepats.zenvoid.org/Percussion/acoustic-drum-kit.html Thanks for the valuable info - now added to debian/copyright. Do you have similar info for the other sources? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)
Hi, On 21/07/17 10:49, Jonas Smedegaard wrote: > Package: src:hydrogen-drumkits > Version: 2015.09.28-1 > Severity: serious > Justification: Policy 2.2.1 > > These drumkits are in upstream metadata listed _without_ license: > > ColomboAcousticDrumkit (sf) > EasternHop (sf) > Electric Empire (sf) > HardElectro (sf) > HipHop-1 (sf) > HipHop-2 (sf) > Millo's MultiLayered 2 (sf) > Synthie-1 (sf) > VariBreaks (sf) > > In Debian copyright file those are listed as licensed GPL-2. The fact that the metadata doesn't contain a license, does not imply that these files are not GPL-2. Have you actually checked the license of any of these? For instance, a brief google search seems to indicate that the first one on your list (ColomboAcousticDrumkit) is GPL-2 licensed: http://freepats.zenvoid.org/Percussion/acoustic-drum-kit.html James signature.asc Description: OpenPGP digital signature
Bug#869180: src:hydrogen-drumkits: source contains unlicensed material (bogusly treated as GPL-2)
Package: src:hydrogen-drumkits Version: 2015.09.28-1 Severity: serious Justification: Policy 2.2.1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 These drumkits are in upstream metadata listed _without_ license: ColomboAcousticDrumkit (sf) EasternHop (sf) Electric Empire (sf) HardElectro (sf) HipHop-1 (sf) HipHop-2 (sf) Millo's MultiLayered 2 (sf) Synthie-1 (sf) VariBreaks (sf) In Debian copyright file those are listed as licensed GPL-2. - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAllxzkMACgkQLHwxRsGg ASElKBAApwwOF1ii7YQvV3qaTvt6MwfMUkARW4+FII9CEsqf2UQEbNUwm7oN07jL 4faAXhQ94Xdb1NwmTKmq82QmmD9y8MuaEps8EvfLn5cvML21+54Kwr5upt8uEnF+ wKFKD/6nRqab8qGnu0u6cryGKFLE6jyV7dEGYrh4NB0DKcpv6f322c970v9p9wqK tx8hBklGm+cWH9aZ/91avuAQJQ/wLhEESKohWTGfUSWQJn6bw0gEgqw+xI1QCi04 L+6brY7cck5T0ZomebDOfCcm05fshBsi7XuYxL4WnVtDGcwiDWkhEvTIDXcVPUbN WzVyhn78e1aCtZ5wGT73OmaJXMhHzM1N3dRxg9JY+uB2I6uA65bxIj6EAkxXDMge 3lZUgO6ETSQS250AH4k2jcEMC6FPIK/KEEI7iWWa/7jIvT7uhM3cchs2fQZXxFLy EgL2RCn/sGtPHvaefCyMNYFPhZDcGYPeGCONKPzg9y+K35iihc7BM0KmVwHSUQ9r ScaUdOuUWUg9RocpAEKbVTxkn5E0ygrtH7eIb/GBK/qJVoRh1+xKOjp9BqYgHVHe eGsEvSV1WIACzc3XU8uLa0NmInPbSGtKNMGbfT7MCrrtwtSSEFsuoHL4pRcibs1v Z3ooVdnfz9K4Serzd4+o2+2E9ZBrpyQ9L3CDuLlHwEV0Hkn1lSM= =YS/0 -END PGP SIGNATURE-