Differences between revisions 29 and 31 (spanning 2 versions)
Revision 29 as of 2007-03-21 17:39:07
Size: 19125
Editor: ?SimonJosefsson
Comment: minor correction to subject: lines
Revision 31 as of 2007-05-28 10:23:27
Size: 19296
Editor: ?SimonJosefsson
Comment: New exception draft-ietf-cat-kerb-chg-password-02.txt
Deletions are marked like this. Additions are marked like this.
Line 59: Line 59:

 * The I-D draft-ietf-cat-kerb-chg-password-02.txt
   See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393380
   and http://packages.debian.org/changelogs/pool/main/k/krb5/current/copyright
Line 343: Line 347:
 set -- $file
# echo file $file dir $dir pkg $pkg basename $basename
 basename=`basename $file`
Line 396: Line 393:
  ftpmirror http://bugs.debian.org/415750
Line 400: Line 398:
  icedove http://bugs.debian.org/400340

This page provides information on IETF RFC/I-Ds within Debian.


The majority of IETF documents, such as RFCs, are not licensed under DFSG-free terms, and should thus not be included in Debian's main. However, RFC documents are frequently included in many packages that would otherwise be free software. Some care is required to remove then when packaging software for Debian.

Some links to discussion of the license problems:

Some general background:

In particular, the etch_rc_policy.txt document above says:

  1. DFSG-freeness
    • All content in main and contrib must meet the DFSG, both in .debs and in the source (including the .orig.tar.gz)


All non-free RFC files in non-source packages are believed to be reported, see:

Currently I'm investigating source packages too. A list of packages with non-free files in them are found at:

On 2006-10-16, I sent bug reports for RFC/I-Ds in source packages too. They are now visible through the first linke in this section.

Some raised a concern that there may be false positives in the list. I modified the script (see last on this page) to compute MD5's on the RFC in the source packages, and run diff+cmp on the files if the MD5 doesn't match. The output from the script is published at:

I went through the reports manually, and there were one unclear case which most likely indicate a false positive, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393411

On 2006-10-24 I modified the script to recursively look into archives-within-archives in the source packages, to find deeply nested documents too. Some more occurances were found and reported.

After about a month, several of the bugs have been properly fixed. I have gone over the remaining bugs manually and I'm confident there are no, or at worst very few, false positives.

I'm now (2006-11-29) running the 'debian-run' script (see below) once in a while to find any newly introduced files. The script output a list of files with rfc/draft filenames, and diff the list against a list that I've went over manually and confirmed with the bug reports.

Known exceptions

These documents have been made available under a free license:

The following may hold but is questionable:

  • US-authored RFCs earlier than RFC around RFC 1000-1100.
    • These did not carry a copyright notice, and since the US did not sign the Berne convention until 1989, they are in the public domain.

      The RFC editor has something else to say on this

      From: RFC Editor <rfc-editor@rfc-editor.org>
      Subject: Re: Copyright and copying conditions for RFC 1510?
      To: Simon Josefsson <jas@extundo.com>
      Cc: RFC Editor <rfc-editor@rfc-editor.org>
      Date: Mon, 16 Dec 2002 11:07:28 -0800
      The copyright statement applies retroactively.  Please follow the
      instructions as stated at:
      Thank you.
      RFC Editor
      On Sun, Dec 15, 2002 at 10:38:30AM +0100, Simon Josefsson wrote:
      > rfc1510.txt does not mention copyright or copying condition. Does the
      > copyright notice in
      > ftp://ftp.rfc-editor.org/in-notes/rfc-editor/rfc-copyright-story
      > apply retroactively?  If not, do you know who owns the copyright of
      > the document and what the copying conditions are?
      > Thanks.

Template for RFC authors to release additional rights

If you as a RFC editor wish to grant additional rights within the document directly, to avoid having the Debian community ask you for additional rights later on, you may include the following text in the document. Similar text has been approved in RFCs before (e.g., RFC 3492, RFC 4501) and the IETF do not appear to object to this practice.

x. Copying conditions

        The author(s) agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works do not contain misleading
        author, version, name of work, or endorsement information.

The text is derived from draft-josefsson-ipr-notice-update.

Template requesting additional rights from RFC authors

This is based on RFC 4663 and draft-josefsson-ipr-rules-update (see <http://josefsson.org/bcp78broken/>).

Subject: Requesting additional rights to RFC xxxx

Dear Author,

The Debian GNU/Linux distribution wishes to incorporate the
IETF RFC xxxx as part of its distribution, and to allow
users to develop, modify and evolve the document.

Under IETF policies that were in effect during the development of
RFC xxxx, the authors of contributions to the IETF standards retain
copyright with respect to such contributions. Because you are an
author of said document, the Debian community hereby requests that
you kindly agree to release your contributions in RFC xxxx under
the license below, for inclusion in Debian.

        I agree to grant third parties the irrevocable
        right to copy, use and distribute the work, with
        or without modification, in any medium, without royalty,
        provided that, unless separate permission is granted,
        redistributed modified works:

             (a) do not contain misleading author, version, name
                 of work, or endorsement information, and

             (b) do not claim endorsement of the modified work by
                 the Contributor, or any organization the
                 Contributor belongs to, the Internet Engineering
                 Task Force (IETF), Internet Research Task Force
                 (IRTF), Internet Engineering Steering Group
                 (IESG), Internet Architecture Board (IAB),
                 Internet Assigned Numbers Authority (IANA),
                 Internet Society (ISOC), Request For Comments
                 (RFC) Editor, or any combination or variation of
                 such terms (including without limitation the
                 IETF "4 diamonds" logo), or any terms that are
                 confusingly similar thereto, and

             (c) remove any claims of status as an Internet
                 Standard, including without limitation removing
                 the RFC boilerplate.

        The IETF suggests that any citation or excerpt of
        unmodified text reference the RFC or other document from
        which the text is derived.

To indicate that you agree to these terms, please reply to this e-mail
and quote the license above and indicate that you agree to this.

If you prefer another widely recognized free license instead, the
following ones are also fine:
 * the 3-clause BSD license
 * the GNU GPL version 2
 * the Expat license

 Sincerely yours,
   Simon Josefsson

Bug report template

This will be used for the reports on non-free RFCs in source packages.

{{{ Subject: Source package contains non-free IETF RFC/I-D Severity: serious Package: [package] Version: [version] User: debian-release@lists.debian.org Usertags: nonfree-doc rfc


This source package contains the following files from the IETF under non-free license terms:

FILES The license on RFC/I-Ds is not DFSG-free, see:

The etch release policy says binary and source packages must each be free:

The severity is serious, because this violates the Debian policy:

There are (at least) three ways to fix this problem. In order of preference:

1. Ask the author of the RFC to re-license the RFC under a free

2. Remove the non-free material from the source, e.g., by re-packaging

  • the upstream archive and adding 'dfsg' to the Debian package version name.

3. Move the package to non-free.

General discussions are kindly requested to take place on debian-legal or debian-devel in the thread with Subject: "Non-free IETF RFC/I-Ds in source packages".

Thanks, Simon }}}

Theory of operation

The following scripts help me find RFC/I-D inside the Debian repository. They all take one parameter: a path to where you store the debian repository and related files. The first script, debian-rsync, will create this using debmirror. The second script, debian-unpack, will list the contents of the archives (even recursively) and create text files with lists of filenames in $OUTDIR/contents/. The third script, debian-search, will go through packages and look for matching filenames. You'll need to check those manually. The final script, debian-run, just invokes all three scripts, suitable for running under 'cron' or similar.

1. Rsync the Debian repository.

The file is called debian-rsync.

# debian-rsync: Mirror a Debian repository.

# Copyright (C) 2006, 2007 Simon Josefsson <simon@josefsson.org>
# Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


if test -z "$OUTDIR"; then
   echo "Usage: $0 OUTDIR"
   exit 1


export GNUPGHOME=$OUTDIR/.gnupg

gpg --keyring /usr/share/keyrings/debian-archive-keyring.gpg --export | gpg --import

debmirror --ignore .gnupg --ignore contents --ignore debian-ietf-nonfree.txt \
    --verbose --progress \
    --host $MIRROR \
    --method=rsync --root :debian \

2. Get list of package contents.

There are two files here, first tar-recursive and then debian-unpack.

# tar-recursive: Recursively list members of an archive.

# Inspired by find-in-tars by Timo Juhani Lindfors
# <timo.lindfors@iki.fi>, but re-written by Simon Josefsson
# <simon@josefsson.org> during September 2006.  Released under GPLv2
# or later.  See <http://wiki.debian.org/NonFreeIETFDocuments>.

for archive in "$@"; do
    case "$archive" in
        *.tar.gz)  MEMBERS=`tar tvfz $archive   | awk '{print $6}'`;;
        *.tar.bz2) MEMBERS=`tar tvfj $archive   | awk '{print $6}'`;;
        *.jar)     MEMBERS=`unzip -vqq $archive | awk '{print $8}'`;;
        *.zip)     MEMBERS=`unzip -vqq $archive | awk '{print $8}'`;;

    for member in $MEMBERS; do
        echo $member
        case "$member" in
            *.tar.gz | *.tar.bz2 | *.jar | *.zip)
                echo recursing into $archive $member 1>&2
                tempdir=`mktemp -d -t tar-recursive.XXXXXXXXXX` || exit 1
                case "$archive" in
                    *.tar.gz) tar xfz $archive -C $tempdir $member
                        err=$? ;;
                    *.tar.bz2) tar xfj $archive -C $tempdir $member
                        err=$? ;;
                    *.jar) unzip -q $archive $member -d $tempdir
                        err=$? ;;
                    *.zip) unzip -q $archive $member -d $tempdir
                        err=$? ;;
                if test "$err" != "0"; then
                    echo "tar failed on $member with error $?" 1>&2
                    exit 1
                echo $member
                tar-recursive $tempdir/$member | sed "s@^@$member:@"
                rm -fr $tempdir

# debian-unpack: Extract a list of members in *.orig.tar.gz in a
# Debian repository.

# Copyright (C) 2006, 2007 Simon Josefsson <simon@josefsson.org>
# Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


if test -z "$OUTDIR"; then
   echo "Usage: $0 OUTDIR"
   exit 1

mkdir -p $OUTDIR/contents/

find $OUTDIR/pool/main -name \*.orig.tar.gz | (
    while read file; do
        basename=`basename $file`
        if ! test -f $OUTDIR/contents/$basename; then
            echo unpacking $file
            tar-recursive $file > $OUTDIR/contents/$basename
            if [ "x$?" != "x0" ]; then
                echo "tar failed on $filename with error $?" 1>&2
                exit 1

3. Search for RFC matches.

# debian-search: Search a Debian repository for non-free RFC/I-D files.

# Copyright (C) 2006, 2007 Simon Josefsson <simon@josefsson.org>
# Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


if test -z "$OUTDIR"; then
   echo "Usage: $0 OUTDIR"
   exit 1


# Comments for packages, format is ^ +PACKAGE WHATEVER$.
  asn1c http://bugs.debian.org/393357
  cherokee http://bugs.debian.org/393360
  cyrus-sasl2 http://bugs.debian.org/365183   fixed in experimental
  cyrus-sasl2-mit http://bugs.debian.org/396095   fixed in experimental
  dante http://bugs.debian.org/393361
  dhcp http://bugs.debian.org/393364
  dictd http://bugs.debian.org/393365
  dnswalk http://bugs.debian.org/393366
  e2fsprogs http://bugs.debian.org/390664  not fixed
  evolution-exchange http://bugs.debian.org/393368
  firefox http://bugs.debian.org/393370
  ftpmirror http://bugs.debian.org/415750
  gidentd http://bugs.debian.org/393371
  gnome-utils http://bugs.debian.org/393372
  gtk-gnutella http://bugs.debian.org/393373
  httptunnel http://bugs.debian.org/393374
  icedove http://bugs.debian.org/400340
  imapsync http://bugs.debian.org/393375
  ircd-hybrid http://bugs.debian.org/390667
  jta http://bugs.debian.org/393377
  keynote http://bugs.debian.org/393379
  krb5 http://bugs.debian.org/393380
  l2tpd http://bugs.debian.org/393381
  libdigest-hmac-perl http://bugs.debian.org/393383 pending
  libdigest-md2-perl http://bugs.debian.org/393384 pending
  libdigest-md4-perl http://bugs.debian.org/393385
  libemail-find-perl http://bugs.debian.org/393386
  libgcgi http://bugs.debian.org/393387
  libspf http://bugs.debian.org/393389
  libspf2 http://bugs.debian.org/393390
  libtheora http://bugs.debian.org/393391
  libunicode-map8-perl http://bugs.debian.org/393392 pending
  liburi-perl http://bugs.debian.org/393393
  libuser http://bugs.debian.org/393394
  lprng http://bugs.debian.org/393395
  lsh-utils http://bugs.debian.org/408490
  mailutils http://bugs.debian.org/393396
  maradns http://bugs.debian.org/393397
  mhash http://bugs.debian.org/393398
  mozart http://bugs.debian.org/393399
  nettle http://bugs.debian.org/393400
  openh323 http://bugs.debian.org/393402
  openldap2 http://bugs.debian.org/393403
  openslp http://bugs.debian.org/393405
  openswan http://bugs.debian.org/393406
  proftpd http://bugs.debian.org/393408
  psp http://bugs.debian.org/393409
  qpopper http://bugs.debian.org/393410
  subversion http://bugs.debian.org/393414 pending
  systemimager http://bugs.debian.org/402646
  tcllib http://bugs.debian.org/393415
  teapop http://bugs.debian.org/393416
  tin http://bugs.debian.org/395101
  tkrat http://bugs.debian.org/398720
  uw-imap http://bugs.debian.org/393417
  vflib3 http://bugs.debian.org/393418
  vpim http://bugs.debian.org/393419
  xfmail http://bugs.debian.org/393420
  xrn http://bugs.debian.org/393421
  xulrunner http://bugs.debian.org/393422
  yardradius http://bugs.debian.org/393423
  zeroconf http://bugs.debian.org/393425

gzip -cd $SRCLIST.gz > $SRCLIST

FALSEPOSITIVES="-e rfc0000.txt \
  -e draft-zebra-00.txt \
  -e draft-morgan-ident-ext-04.txt \
  -e draft-riikonen-presence-attrs-03.txt \
  -e draft-riikonen-silc-commands-06.txt \
  -e draft-riikonen-silc-flags-payloads-04.txt \
  -e draft-riikonen-silc-ke-auth-08.txt \
  -e draft-riikonen-silc-pp-09.txt \
  -e draft-riikonen-silc-spec-08.txt"

cd $OUTDIR/contents
find . -type f | sort | xargs egrep \
    -e rfc[0-9]+\.txt \
    -e draft-.*[0-9][0-9]\.txt \
    | grep -v $FALSEPOSITIVES | (
    while read line; do
        set -- $line
        file=`echo $file | sed 's,^./,,g'`
        pkg=`echo $file | sed 's,_.*,,g'`
        ver=`grep -A 3 "^Package: $pkg\$" $SRCLIST | grep ^Version: | sed 's/Version: //'`
        if test -n "$lastpkg" -a "$pkg" != "$lastpkg"; then
            if test -n "$files"; then
                echo pkg $lastpkg ver $lastver
                egrep "^ +$lastpkg " $TMPBUGLIST
                for i in $files; do
                    echo "  $i"
        if grep -q $file $SRCLIST; then
            thesefiles=`echo $line | sed 's,[^:]*:,,'`
            files="$files $thesefiles"
    if test -n "$files"; then
        echo pkg $lastpkg ver $lastver
        egrep "^ +$lastpkg " $TMPBUGLIST
        for i in $files; do
            echo "  $i"

4. Run previous script, output diff against last run.

# debian-run: Mirror a Debian repository, and check for new non-free stuff.

# Copyright (C) 2006, 2007 Simon Josefsson <simon@josefsson.org>
# Released under GPLv2 or later.  See
# <http://wiki.debian.org/NonFreeIETFDocuments>.


if test -z "$OUTDIR"; then
   echo "Usage: $0 OUTDIR"
   exit 1


debian-rsync $OUTDIR
debian-unpack $OUTDIR
debian-search $OUTDIR > $SUMMARY.tmp
diff -ur $SUMMARY $SUMMARY.tmp