Bug#944571: mmdebstrap: the license is not the actual Expat license

2019-11-13 Thread Francesco Poli 
On Wed, 13 Nov 2019 11:55:12 +0100 Johannes Schauer wrote:

> Control: tag -1 + pending
> 
> Hi,
> 
> the bug is now fixed upstream:
> 
> https://gitlab.mister-muffin.de/josch/mmdebstrap/commit/bc423e6ab63f7db04ef3deefe40a0068442ac7a5
> 
> Thanks!

Thanks to you!   :-)


-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgp7KXsQSQHdg.pgp
Description: PGP signature

Bug#944571: mmdebstrap: the license is not the actual Expat license

2019-11-13 Thread Johannes Schauer 
Control: tag -1 + pending

Hi,

the bug is now fixed upstream:

https://gitlab.mister-muffin.de/josch/mmdebstrap/commit/bc423e6ab63f7db04ef3deefe40a0068442ac7a5

Thanks!

cheers, josch


signature.asc
Description: signature

Bug#944571: mmdebstrap: the license is not the actual Expat license

2019-11-12 Thread Francesco Poli 
On Tue, 12 Nov 2019 04:59:52 +0100 Johannes Schauer wrote:

[...]
> Quoting Francesco Poli (wintermute) (2019-11-12 00:03:52)
[...]
> > The disclaimer of warranty and limitation of liability are important
> > (above all, they protect the authors and copyright holders): I would
> > strongly recommend adding them as soon as possible, thus effectively
> > changing the license of mmdebstrap (this can be easily done, as long
> > as there's only one copyright holder).
> 
> the warranty part does not change any of the terms under which the software 
> can
> be used or distributed. Thus I don't think it would need coordination with any
> copyright holder.

But it may change the implied warranty or liability that the copyright
holders are providing.

I think there are (or can be) jurisdictions where some form of "basic"
warranty is implicitly granted, unless explicitly disclaimed.
And perhaps some form of liability is implicitly accepted, unless
explicitly limited.
As far as I can say, that's the reason why most (if not nearly all!)
free software licenses include a disclaimer of warranty and limitation
of liability, in order to protect the authors / copyright holders.

> 
> Furthermore, the Expat License clearly states:
> 
> > The above copyright notice and this permission notice shall be included in
> > all copies or substantial portions of the Software.
> 
> Indeed the *above* notice was kept intact. The expat license says nothing 
> about
> keeping the text intact that follows, namely the warranty part.

I think "this permission notice" could be interpreted as including
the disclaimer of warranty and limitation of liability, hence I still
believe that calling that text "Expat license" may be considered as
incorrect license naming...

> 
> Lastly, the warranty part is not required at all in my jurisdiction.

I assume you mean the German jurisdiction.

I am not familiar enough with German law to know, hence I am asking you:
do you have information that, with no disclaimer of warranty or
limitation of liability, you are *not* implicitly granting some form
of warranty (e.g. that the software is reasonably free of defects)
or implicitly accepting some form of liability (e.g. for damages
arising from the use of the software)?

And anyway, not everybody lives in the same jurisdiction.
Potential contributors could be scared away from contributing patches
under the same license as the one you adopted, because of the lack of
disclaimer of warranty and limitation of liability that may be useful
in their own jurisdictions!

I still recommend that you add that disclaimer of warranty and
limitation of liability to the upstream license, so that it matches
the canonical Expat license text and makes many people more comfortable
with it...

> Are there
> important jurisdictions where the Debian project as a whole cares that it is
> needed?

Most free software licenses include such a disclaimer.
Most free software licenses originated from the USA.
I guess... probably the U.S. jurisdiction?!?;-)
And possibly other jurisdictions, as well...

Please note that I am not especially enthusiast about OSI, but they
have lawyers look into licenses. While talking about
[public domain], they state:

[...]
| open source licenses usually have a strong disclaimer of liability
| for the copyright holder — but we don't know how or whether the author
| would be protected from liability for software released into the
| public domain in various jurisdictions
[...]

[public domain]: 

mmdebstrap is not in the public domain, but lacks any disclaimer of
warranty or limitation of liability, just like public domain software...

> 
> If the Debian project cares about the disclaimer of warranty, then it can just
> easily be added into debian/copyright so that all recipients of the software
> via Debian receive it together with the disclaimer. As I explained above, I
> don't think that this requires a change of the upstream license.

I don't think that would work... Debian Policy (section 2.3) insists
that the debian/copyright file include a verbatim copy of the upstream
license: adding a disclaimer not present in the upstream license
would be really confusing (if not a plain Debian Policy violation).
Do you agree?




-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpN3Ii3VjYq7.pgp
Description: PGP signature

Bug#944571: mmdebstrap: the license is not the actual Expat license

2019-11-11 Thread Johannes Schauer 
Hi,

Quoting Francesco Poli (wintermute) (2019-11-12 00:03:52)
> I've just noticed that the mmdebstrap package [claims] to be released
> under the terms of the Expat license, but this is not really the
> case, since the license text (in both the debian/copyright file
> and the upstream source code) lacks an important part, namely
> the disclaimer of warranty and limitation of liability (the part
> in upper case)!
> Please compare with the canonical [Expat] license text.
> 
> [claims]: 
> 
> [Expat]: 
> 
> The disclaimer of warranty and limitation of liability are important
> (above all, they protect the authors and copyright holders): I would
> strongly recommend adding them as soon as possible, thus effectively
> changing the license of mmdebstrap (this can be easily done, as long
> as there's only one copyright holder).

the warranty part does not change any of the terms under which the software can
be used or distributed. Thus I don't think it would need coordination with any
copyright holder.

Furthermore, the Expat License clearly states:

> The above copyright notice and this permission notice shall be included in
> all copies or substantial portions of the Software.

Indeed the *above* notice was kept intact. The expat license says nothing about
keeping the text intact that follows, namely the warranty part.

Lastly, the warranty part is not required at all in my jurisdiction. Are there
important jurisdictions where the Debian project as a whole cares that it is
needed?

If the Debian project cares about the disclaimer of warranty, then it can just
easily be added into debian/copyright so that all recipients of the software
via Debian receive it together with the disclaimer. As I explained above, I
don't think that this requires a change of the upstream license.

Thanks!

cheers, josch


signature.asc
Description: signature

Bug#944571: mmdebstrap: the license is not the actual Expat license

2019-11-11 Thread Francesco Poli (wintermute) 
Package: mmdebstrap
Version: 0.5.1-2
Severity: normal

Hello!
I've just noticed that the mmdebstrap package [claims] to be released
under the terms of the Expat license, but this is not really the
case, since the license text (in both the debian/copyright file
and the upstream source code) lacks an important part, namely
the disclaimer of warranty and limitation of liability (the part
in upper case)!
Please compare with the canonical [Expat] license text.

[claims]: 

[Expat]: 

The disclaimer of warranty and limitation of liability are important
(above all, they protect the authors and copyright holders): I would
strongly recommend adding them as soon as possible, thus effectively
changing the license of mmdebstrap (this can be easily done, as long
as there's only one copyright holder).

Please fix this issue.
Thanks for your time!


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mmdebstrap depends on:
ii  apt   1.8.4
ii  perl  5.30.0-9
ii  perl-doc  5.30.0-9

Versions of packages mmdebstrap recommends:
ii  arch-test   0.16-2
ii  fakechroot  2.19-3.2
ii  fakeroot1.24-1
ii  mount   2.34-0.1
ii  uidmap  1:4.7-2

Versions of packages mmdebstrap suggests:
pn  binfmt-support
ii  dpkg-dev  1.19.7
pn  proot 
pn  qemu-user 
pn  qemu-user-static  

-- no debconf information