DEP 5 is a DEP currently in CANDIDATE stage.
It is being developed within the DEP process and it is available at its canonical web address http://dep.debian.net/deps/dep5
Contents
Archived discussion
Prior to 2009-03-25, the proposal was being developed on this wiki-page. Discussions that were ongoing on this wiki from that point in time archived at Proposals/CopyrightFormat/Archive.
Open topics for DEP-5
The DEP-5 drivers use this wiki page to manage the "to do" list for it. Please don't edit it in a way that will confuse them. This page is public in the interest of transparency. If you have opinions or suggestions or patches, please bring them up on the debian-project mailing list. Thanks.
Success criteria for DEP-5:
- people no longer find things to argue about on an ongoing basis
Current topics:
- There are no current topics.
Things that need to be done before DEP-5 is ready:
- Ask SPDX to drop spurious trailing .0 from version numbers.
SPDX response: we looked at this, and have been trying to follow what the original sites or OSI have up as links. Adding the .0 when there were multiple and it existed on the website of the original seemed the lesser of the evils. For example: http://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
- Integrate the spec into debian-policy, and update it to have a stable Format URL.
Things that might be good to have at some point, outside of the spec text:
- lintian warning for malformed DEP-5 files
- lintian info level message for non-DEP-5 files
- something to track DEP-5 adoption (perhaps by counting the non-DEP-5 lintian tag on lintian.debian.org?)
- a tool to check that all files in a source package are covered by debian/copyright
Differences between DEP5 and SPDX
With current suggestions for what to do.
- SPDX sometimes adds a license version, when we don't, or adds a ".0" to license version
- ignore? the difference should not matter much
- maybe suggest to SPDX they drop the ".0"
SPDX response: will consider it on a selective basis if it conforms with what is recorded on the original site. Most original sites seem to put a following O if there are multiple versions.
- SPDX does not have some licenses we do (CC0, Expat, Perl, GFDL without invariants)
- ignore: it's OK for us to have names for more licenses
- but remove Perl as a shortname in DEP5
SPDX response: If there are some key licenses that are in common use and should be added to the list, let us know and we will try to add them.
- SPDX has BSD 3 and 4 clause licenses with placeholders
- ignore: we'll just have many variants of BSD (called other-FOO or whatever)
- BSD license versions
- adopt SPDX naming: BSD-2-clause (from FreeBSD), BSD-3-clause, BSD-4-clause (do dashes clash with license version syntax?)
- SPDX represents "or later" as a different license, where we have a generic syntax, but end result is same
- ignore
- SPDX treats each GPL exception as a separate license
- ignore, and suggest to SPDX they adopt DEP5 approach
- LGPL+ means in SPDX that no version was specified, but no such convention for the GPL
- ignore, it's their problem, our syntax supports it anyway
SPDX response: current list is at: http://spdx.org/licenses/, but there's currently no LGPL+ on the list.
- ignore, it's their problem, our syntax supports it anyway
- SPDX calls it FDL, DEP5 calls it GFDL
- ask SPDX to rename, since GFDL is the logical name, otherwise maintain a mapping table
SPDX response: its been renamed. see: http://spdx.org/licenses/
- ask SPDX to rename, since GFDL is the logical name, otherwise maintain a mapping table
- SPDX calls it Python and Python-CNRI, DEP5 calls it PSF
- rename in DEP5
- SPDX calls them EFL, W3C, Zlib
- rename in DEP5
SPDX links to http://www.opensource.org/licenses/mit-license.html
- add link to DEP5
Implementations
(Tentative) index of DEP5 implementations:
Perl's Config::Model description (provides validation command line and graphical editor with libconfig-model-tkui-perl)
- libconfig-model-perl 1.226-1 in unstable parses older draft.
lintian support: 478930
CDBS support: licensecheck2dep5, used by copyright-check.mk snippet
- cdbs 0.4.89 in testing generates older draft.
- cdbs 0.4.90 in experimental generates current draft (at the time of DEP5 CANDIDATE status)
- dh-make-perl creates debian/copyright files in DEP5 format (older draft)