Differences between revisions 1 and 2
Revision 1 as of 2007-08-04 14:59:41
Size: 11813
Editor: SamHocevar
Comment: first try at the debian/copyright proposal
Revision 2 as of 2007-08-04 15:10:01
Size: 11813
Editor: SamHocevar
Comment: minor fix
Deletions are marked like this. Additions are marked like this.
Line 175: Line 175:
Copyright: (c) 2004-2007 Sam Hocevar <sam@zoy.org> Packaging: (c) 2004-2007 Sam Hocevar <sam@zoy.org>

This page is about a proposal to make debian/copyright machine-interpretable. It is one of the most important files in Debian packaging, yet its format is vague and varies tremendously across packages, making it difficult to automatically parse.

This is not a proposal to change the policy in the short term.

Rationale

The diversity of free software licences means that Debian does not only need to care about the freeness of a given work, but also its licence's compatibility with the other parts of Debian it uses.

The arrival of the GPL version 3, its incompatibility with version 2, and our inability to spot the software where the incompatibility might be problematic is the most recent occurrence of this limitation.

There are a few precedents, also. One is the GPL/OpenSSL incompatibility. Apart from grepping debian/copyright, which is prone to numerous false positives (packaging under the GPL but software under another license) or negatives (GPL software but with an "OpenSSL special exception" dual licensing form), there is reliable way to know which software in Debian might be problematic.

And there is more to come. The GPL version 3 is compatible with the CDDL, but the GPL version 2 isn’t. Which means that in the near future, GPLv2-only software cannot be distributed as part of a CDDL operating system such as Nexenta. We have no way to know how much of Debian should be stripped from such a system.

Proposal

I suggest to add simple multiline fields to debian/copyright containing machine-interpretable values for copyright holders, known licenses, upstream URLs etc.

Fields

The details are yet to be discussed. Here is a list of what is needed, and which fields I suggest to add:

  • URL or information on how/where to get the original source.
    • Suggested field name: "Source"

    • Suggested field format: free content, valid URL is recommended
  • Name of the copyright holders for the packaging
    • Suggested field name: "Packaging"

    • Suggested field format: free content, one line per packager is recommended
    • "Copyright" might be a better name, but it would look kind of strange to have it follow the "Source" field while not being a copyright that applies to the source

  • Packaging licensing terms
    • Suggested field name: "License"

    • Suggested field format: space-separated list of known license, see below
  • List of files sharing copyright holders and licensing terms
    • Repeatable field, like the "Package" field in debian/control

    • Suggested field name: "File"

    • Suggested field format: space-separated list of files or shell patterns
  • Copyright holders for the files listed in the previous "File" field

    • Suggested field name: "Copyright"

    • Suggested field format: free content, one line per copyright holder, with year(s), name and e-mail address is recommended
  • Licensing terms for the files listed in the previous "File" field

    • Suggested field name: "License"

    • Suggested field format: space-separated list of known licenses, see below
  • Free text area for additional information about the files listed in the previous "File" field

    • Usage: when one or several licenses are not amongst the known ones
    • Suggested format: lines starting with a space; exactly like debian/control's short and long description formats.

The first non-empty line that does not start with a space or a known field name constitutes the end of the machine-interpretable part of a debian/copyright file. This should ensure backwards compatibility.

License keywords

The "License" field format should not contain random values. Which is why there needs to be a list of accepted keywords which have a very specific, unambiguous meaning. Here is a non-exhaustive list:

keyword

meaning

GPL

GNU General Public License, author did not specify version

GPLv2

GNU General Public License, version 2 only

GPLv2+

GNU General Public License, version 2 or later

GPLv3

GNU General Public License, version 3 only

GPLv3+

GNU General Public License, version 3 or later

LGPL

GNU Lesser General Public License, author did not specify version

LGPLv2.1

GNU Lesser General Public License, version 2.1 only

GFDL

GNU Free Documentation License, author did not specify version ?BR (maybe this needs mention of the fact that we accept no invariant sections, etc.)

GFDLv1.2

GNU Free Documentation License, version 1.2 only ?BR (same note as above)

BSD

classic three-term BSD license, as seen in /usr/share/common-licenses/BSD

Artistic

Artistic license

...

add your favourite license here

BSD-like

a BSD-like license ?BR (not sure it's wise to have this keyword)

PD

public domain

other

Anything else not covered in this list, see the "long description" for more information

Examples

Simple example

Here is a very simple example. This is the original copyright file for xsol:

This package was debianized by Josip Rodin <jrodin@jagor.srce.hr> on
Sun,  8 Nov 1998 18:00:00 +0100

Original source may be found at: ftp://sunsite.unc.edu/pub/Linux/X11/games/

Upstream author: Brian Masney <masneyb@newwave.net>.

Licensed under the terms of GNU GPL v2 (or later).

On Debian systems, the complete text of the GNU General Public License
can be found in file "/usr/share/common-licenses/GPL".

And this is a possible machine-interpretable format:

Source: ftp://sunsite.unc.edu/pub/Linux/X11/games/
Packaging: [previous packager whose copyright might still apply]
           Josip Rodin <jrodin@jagor.srce.hr> on Sun,  8 Nov 1998
License: [license of the packaging itself, if meaningful]

File: *
Copyright: Brian Masney <masneyb@newwave.net>
License: GPLv2+

On Debian systems, the complete text of the GNU General Public License
can be found in file "/usr/share/common-licenses/GPL".

Complex example

This is the original copyright file for monsterz:

This package was downloaded from http://sam.zoy.org/monsterz/

monsterz.c, monsterz.py: Copyright (c) 2004-2005 Sam Hocevar <sam@zoy.org>

 |             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
 |                     Version 2, December 2004
 |
 |  Copyright (C) 2004 Sam Hocevar
 |   22 rue de Plaisance, 75014 Paris, France
 |  Everyone is permitted to copy and distribute verbatim or modified
 |  copies of this license document, and changing it is allowed as long
 |  as the name is changed.
 |
 |             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 |
 |   0. You just DO WHAT THE FUCK YOU WANT TO.

music.s3m: Copyright (c) 1998 MenTaLguY <http://moonbase.rydia.net/>

 |  music.s3m was put in the public domain by MenTaLguY.

applause.wav, pop.wav: Copyright (c) 2002, 2005 Sun Microsystems, Inc.

 |  applause.wav was taken from OpenOffice.org's applause.wav and pop.wav was
 |  taken from OpenOffice.org's laser.wav. This product is made available
 |  subject to the terms of GNU Lesser General Public License Version 2.1.

click.wav: Copyright (c) Michael Speck <kulkanie@gmx.net>

 |  click.wav was taken from Barrage's click.wav. This program is free
 |  software; you can redistribute it and/or modify it under the terms
 |  of the GNU General Public License as published by the Free Software
 |  Foundation; either version 2 of the License, or (at your option) any
 |  later version.

boing.wav, ding.wav, duh.wav, grunt.wav, laugh.wv, whip.wav:
  Copyright (C) 2003 by David White <davidnwhite@optusnet.com.au> and the
  Battle for Wesnoth project
  Copyright (C) 2006 Sam Hocevar <sam@zoy.org>

 |  boing.wav was taken from Wesnoth's spear.wav and reworked by Sam
 |  Hocevar, ding.wav was taken from receive.wav, duh.wav was taken from
 |  female-strong-hit.wav, grunt.wav was taken from dwarf-die.wav, laugh.wav
 |  was taken from zombie-hit.wav, whip.wav was taken from dagger-swish.wav.
 |  This program is free software; you can redistribute it and/or modify
 |  it under the terms of the GNU General Public License. This program is
 |  distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.

warning.wav: Copyright (c) Mike Kershaw <dragorn@kismetwireless.net>

 |  warning.wav was taken from Kismet's alert.wav. It is distributed under
 |  the terms of the GNU General Public License.

On Debian GNU/Linux systems, the complete text of the GNU General
Public License can be found in `/usr/share/common-licenses/GPL' and the
complete text of the GNU Lesser General Public License can be found in
`/usr/share/common-licenses/LGPL'.

Proposed format:

Source: http://sam.zoy.org/monsterz/
Packaging: (c) 2004-2007 Sam Hocevar <sam@zoy.org>
License: GPLv2
 The Debian packaging information is under the GPL, version 2 or later

File: *.c *.py
Copyright: (c) 2004-2005 Sam Hocevar <sam@zoy.org>
License: BSD-like
 |             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
 |                     Version 2, December 2004
 |
 |  Copyright (C) 2004 Sam Hocevar
 |   22 rue de Plaisance, 75014 Paris, France
 |  Everyone is permitted to copy and distribute verbatim or modified
 |  copies of this license document, and changing it is allowed as long
 |  as the name is changed.
 |
 |             DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 |
 |   0. You just DO WHAT THE FUCK YOU WANT TO.

File: music.s3m
Copyright: (c) 1998 MenTaLguY <http://moonbase.rydia.net/>
License: PD
 music.s3m was put in the public domain by MenTaLguY.

File: applause.wav pop.wav
Copyright: (c) 2002, 2005 Sun Microsystems, Inc.
License: LGPLv2.1
 applause.wav was taken from OpenOffice.org's applause.wav and pop.wav was
 taken from OpenOffice.org's laser.wav. This product is made available
 subject to the terms of GNU Lesser General Public License Version 2.1.

File: click.wav
Copyright: (c) Michael Speck <kulkanie@gmx.net>
License: GPLv2+
 click.wav was taken from Barrage's click.wav. This program is free
 software; you can redistribute it and/or modify it under the terms
 of the GNU General Public License as published by the Free Software
 Foundation; either version 2 of the License, or (at your option) any
 later version.

File: boing.wav ding.wav duh.wav grunt.wav laugh.wav whip.wav
Copyright: (C) 2003 by David White <davidnwhite@optusnet.com.au> and the
               Battle for Wesnoth project
           (C) 2006 Sam Hocevar <sam@zoy.org>
License: GPL
 boing.wav was taken from Wesnoth's spear.wav and reworked by Sam
 Hocevar, ding.wav was taken from receive.wav, duh.wav was taken from
 female-strong-hit.wav, grunt.wav was taken from dwarf-die.wav, laugh.wav
 was taken from zombie-hit.wav, whip.wav was taken from dagger-swish.wav.
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License. This program is
 distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.

File: warning.wav
Copyright: (c) Mike Kershaw <dragorn@kismetwireless.net>
License: GPL
 warning.wav was taken from Kismet's alert.wav. It is distributed under
 the terms of the GNU General Public License.

On Debian GNU/Linux systems, the complete text of the GNU General
Public License can be found in `/usr/share/common-licenses/GPL' and the
complete text of the GNU Lesser General Public License can be found in
`/usr/share/common-licenses/LGPL'.