Differences between revisions 20 and 21
Revision 20 as of 2006-10-26 03:18:36
Size: 15941
Editor: BenFinney
Comment: no need to mention "intellectual property"; re-word run-on sentence
Revision 21 as of 2006-10-26 03:20:26
Size: 15924
Editor: BenFinney
Comment: simplify mention of Expat license: there is no single "MIT license"
Deletions are marked like this. Additions are marked like this.
Line 172: Line 172:
 * the Expat/MIT license
 * the Expat license

This page provides information on IETF RFC/I-Ds within Debian.


The majority of IETF documents, such as RFCs, are not licensed under DFSG-free terms, and should thus not be included in Debian's main. However, RFC documents are frequently included in many packages that would otherwise be free software. Some care is required to remove then when packaging software for Debian.

Some links to discussion of the license problems:

Some general background:

In particular, the etch_rc_policy.txt document above says:

  1. DFSG-freeness
    • All content in main and contrib must meet the DFSG, both in .debs and in the source (including the .orig.tar.gz)


All non-free RFC files in non-source packages are believed to be reported, see:

Currently I'm investigating source packages too. A list of packages with non-free files in them are found at:

On 2006-10-16, I sent bug reports for RFC/I-Ds in source packages too. They will eventually show up under the first link in this section too.

Some raised a concern that there may be false positives in the list. I modified the script (see last on this page) to compute MD5's on the RFC in the source packages, and run diff+cmp on the files if the MD5 doesn't match. The output from the script is published at:

There doesn't seem to be any false positives, but I'm going through the MISMATCHES one by one.

Known exceptions

These documents have been made available under a free license:

The following may hold but is questionable:

  • US-authored RFCs earlier than RFC around RFC 1000-1100.
    • These did not carry a copyright notice, and since the US did not sign the Berne convention until 1989, they are in the public domain.

      The RFC editor has something else to say on this

      From: RFC Editor <rfc-editor@rfc-editor.org>
      Subject: Re: Copyright and copying conditions for RFC 1510?
      To: Simon Josefsson <jas@extundo.com>
      Cc: RFC Editor <rfc-editor@rfc-editor.org>
      Date: Mon, 16 Dec 2002 11:07:28 -0800
      The copyright statement applies retroactively.  Please follow the
      instructions as stated at:
      Thank you.
      RFC Editor
      On Sun, Dec 15, 2002 at 10:38:30AM +0100, Simon Josefsson wrote:
      > rfc1510.txt does not mention copyright or copying condition. Does the
      > copyright notice in
      > ftp://ftp.rfc-editor.org/in-notes/rfc-editor/rfc-copyright-story
      > apply retroactively?  If not, do you know who owns the copyright of
      > the document and what the copying conditions are?
      > Thanks.

Template for RFC authors to release additional rights

If you as a RFC editor wish to grant additional rights within the document directly, to avoid having the Debian community ask you for additional rights later on, you may include the following text in the document. Similar text has been approved in RFCs before (e.g., RFC 3492, RFC 4501) and the IETF do not appear to object to this practice.

x. Copying conditions

        The author(s) agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works do not contain misleading
        author, version, name of work, or endorsement information.

The text is derived from draft-josefsson-ipr-notice-update.

Template requesting additional rights from RFC authors

This is based on RFC 4663 and draft-josefsson-ipr-rules-update (see <http://josefsson.org/bcp78broken/>).

Subject: Requesting additional rights to RFC xxxx

Dear Author,

The Debian GNU/Linux distribution wishes to incorporate the
IETF RFC xxxx as part of its distribution, and to allow
users to develop, modify and evolve the document.

Under IETF policies that were in effect during the development of
RFC xxxx, the authors of contributions to the IETF standards retain
copyright with respect to such contributions. Because you are an
author of said document, the Debian community hereby requests that
you kindly agree to release your contributions in RFC xxxx under
the license below, for inclusion in Debian.

        I agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works:

             (a) do not contain misleading author, version, name
                 of work, or endorsement information, and

             (b) do not claim endorsement of the modified work by
                 the Contributor, or any organization the
                 Contributor belongs to, the Internet Engineering
                 Task Force (IETF), Internet Research Task Force
                 (IRTF), Internet Engineering Steering Group
                 (IESG), Internet Architecture Board (IAB),
                 Internet Assigned Numbers Authority (IANA),
                 Internet Society (ISOC), Request For Comments
                 (RFC) Editor, or any combination or variation of
                 such terms (including without limitation the
                 IETF "4 diamonds" logo), or any terms that are
                 confusingly similar thereto, and

             (c) remove any claims of status as an Internet
                 Standard, including without limitation removing
                 the RFC boilerplate.

        The IETF suggests that any citation or excerpt of
        unmodified text reference the RFC or other document from
        which the text is derived.

To indicate that you agree to these terms, please reply to this e-mail
and quote the license above and indicate that you agree to this.

If you prefer another widely recognized free license instead, the
following ones are also fine:
 * the 3-clause BSD license
 * the GNU GPL version 2
 * the Expat license

 Sincerely yours,
   Simon Josefsson

Bug report template

This will be used for the reports on non-free RFCs in source packages.

{{{ Subject: Source package contains non-free IETF RFC Severity: serious Package: [package] Version: [version] Hi!

This bug has been filed on multiple packages, and general discussions are kindly requested to take place on debian-legal or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in source packages".

It seems this source package contains the following files from the IETF under non-free license terms:

FILES The license on RFC/I-Ds is not DFSG-free, see:

The etch release policy says binary and source packages must each be free:

The severity is serious, because this violates the Debian policy:

There are (at least) three ways to fix this problem. In order of preference:

1. Ask the author of the RFC to re-license the RFC under a free

2. Remove the non-free material from the source, e.g., by re-packaging

  • the upstream archive and adding a 'dfsg' version name to it.

3. Move the package to non-free.

I went over many packages looking for names of likely non-free files, and there may be false positives. If this is the case for your package, I'm sorry for the noise. I'll modify the scripts to take into account false positives when I learn of them, and publish the list of exceptions under "Known exceptions" at <http://wiki.debian.org/NonFreeIETFDocuments>.

Thanks, Simon }}}

Theory of operation

1. Rsync the Debian repository.

# Mirror a Debian repository exluding non-i386 architectures.

# Written by Simon Josefsson <simon@josefsson.org> during September
# 2006.  Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


rsync -av --exclude Sources.diff $MIRROR/dists/testing/main/source \
rsync -av --exclude Packages.diff $MIRROR/dists/testing/main/binary-i386 \
rsync -av --exclude Sources.diff $MIRROR/dists/unstable/main/source \
rsync -av --exclude Packages.diff $MIRROR/dists/unstable/main/binary-i386 \

LIST=$(rsync $MIRROR/pool/main/ \
    | grep '^drwx' \
    | awk '{print $5}' \
    | grep -v -e '^.$')

for i in $LIST; do
    echo Working in $i...
    rsync -av --delete --delete-excluded \
        --exclude '*.udeb' \
        --exclude '*_alpha.deb' \
        --exclude '*_amd64.deb' \
        --exclude '*_arm.deb' \
        --exclude '*_hppa.deb' \
        --exclude '*_hurd-i386.deb' \
        --exclude '*_ia64.deb' \
        --exclude '*_m68k.deb' \
        --exclude '*_mips.deb' \
        --exclude '*_mipsel.deb' \
        --exclude '*_powerpc.deb' \
        --exclude '*_s390.deb' \
        --exclude '*_sparc.deb' \
        $MIRROR/pool/main/$i $OUT/pool/main/

2. Get list of package contents.

# Recursively list members of an archive.

# Inspired by find-in-tars by Timo Juhani Lindfors
# <timo.lindfors@iki.fi>, but re-written by Simon Josefsson
# <simon@josefsson.org> during September 2006.  Released under GPLv2
# or later.  See <http://wiki.debian.org/NonFreeIETFDocuments>.

for archive in "$@"; do
    case "$archive" in
        *tar.gz)  MEMBERS=`tar tvfz $archive   | awk '{print $6}'`;;
        *tar.bz2) MEMBERS=`tar tvfj $archive   | awk '{print $6}'`;;
        *.jar)    MEMBERS=`unzip -vqq $archive | awk '{print $8}'`;;

    for member in $MEMBERS; do
        echo $member
        case "$member" in
            *tar.gz | *tar.bz2 | *.jar)
                echo recursing into $archive $member 1>&2
                tempdir=`mktemp -d -t tar-recursive.XXXXXXXXXX` || exit 1
                case "$archive" in
                    *tar.gz) tar xfz $archive -C $tempdir $member
                        err=$? ;;
                    *tar.bz2) tar xfj $archive -C $tempdir $member
                        err=$? ;;
                    *tar.gz) unzip -q $archive $member -d $tempdir
                        err=$? ;;
                if test "$err" != "0"; then
                    echo "tar failed on $member with error $?" 1>&2
                    exit 1
                echo $member
                tar-recursive $tempdir/$member | sed "s@^@$member: @"
                rm -fr $tempdir

# Extract a list of members in *.orig.tar.gz in a Debian repository.

# Written by Simon Josefsson <simon@josefsson.org> during September
# 2006.  Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


mkdir -p $OUT/contents/

find $OUT/pool/main -name \*.orig.tar.gz | (
    while read file; do
        set -- $file
#  echo file $file dir $dir pkg $pkg basename $basename
        if ! test -f $OUT/contents/$basename; then
            echo unpacking $file
            tar-recursive $file > $OUT/contents/$basename
            if [ "x$?" != "x0" ]; then
                echo "tar failed on $filename with error $?" 1>&2
                exit 1

3. Search for RFC matches.

(note: this one isn't updated to use the same contents file generated by more modern scripts above. It is preserved here until there is a better script available.)


gzip -cd $SRCLIST.gz > $SRCLIST

cd $DIR/contents
find . -type f|sort|xargs egrep \
    -e rfc[0-9]+\.txt \
    -e draft-.*[0-9][0-9]\.txt \
| (
while read line; do
  set -- $line
  file=`echo $file | sed 's,^./,,g'`
  pkg=`echo $file | sed 's,_.*,,g'`
  ver=`grep -A 3 "^Package: $pkg\$" $SRCLIST | grep ^Version: | sed 's/Version: //'`
#  echo line $line
#  echo file $file
  if test -n "$lastfile" -a "$file" != "$lastfile"; then
    if test -n "$files"; then
      echo pkg $lastpkg ver $lastver lastfile $lastfile files $files

      mkdir -p $X
      cd $X

      f=`find $DIR/pool/main -name $lastfile`
      for i in $files; do
          echo tar xfz $f $i
          tar xfz $f $i

          if echo $i | grep -q '.bz2$'; then
              echo bzip2 -d $i
              bzip2 -d $i
              i=`echo $i | sed 's/.bz2$//'`

          md5in=`cat $i | md5sum`
          echo $md5in $i

          base=`basename $i`
          rfc=`echo $base | sed 's/rfc0*/rfc/'`
          if ! test -f $RFCDIR/$rfc; then
              # Probably some unknown draft...
              pushd $RFCDIR
              if ! wget $IDURL/$rfc 2>&1; then
                  echo FETCH-FAIL $rfc
          md5real=`cat $RFCDIR/$rfc | md5sum`
          echo $md5real $RFCDIR/$rfc

          if test "$md5in" != "$md5real"; then
              echo MISMATCH $rfc
              diff -urw $i $RFCDIR/$rfc 2>&1
              cmp $i $RFCDIR/$rfc 2>&1
              echo MATCH $rfc
  if grep -q $file $SRCLIST; then
     set -- $line
     files="$files $6"
echo last pkg $pkg ver $ver files $files