Differences between revisions 528 and 529
Revision 528 as of 2022-09-03 10:57:57
Size: 5248
Editor: ?Akbarkhon Variskhanov
Comment: Add the differences between DEP-5 and SPDX regarding the short identifiers for GNU licenses to the list
Revision 529 as of 2023-01-07 14:07:15
Size: 4494
Comment: Refer to CopyrightReviewTools for implementations
Deletions are marked like this. Additions are marked like this.
Line 83: Line 83:
(Tentative) index of DEP5 implementations:

 * [[https://github.com/dod38fr/config-model/wiki/Managing-Debian-packages-with-cme#maintaining-debian-copyright-file|Perl's Config::Model description]] (provides validation command line and graphical editor with libconfig-model-tkui-perl)
   * libconfig-model-perl 1.226-1 in unstable parses older draft.
 * lintian support: DebianBug:478930
 * CDBS support: [[https://salsa.debian.org/build-common-team/cdbs/blob/master/scripts/licensecheck2dep5|licensecheck2dep5]], used by copyright-check.mk snippet
   * cdbs 0.4.89 in testing generates older draft.
   * cdbs 0.4.90 in experimental generates current draft (at the time of DEP5 CANDIDATE status)
 * dh-make-perl creates debian/copyright files in DEP5 format (older draft)
See CopyrightReviewTools

DEP 5 is a DEP currently in ACCEPTED stage.

This specification is now maintained as a standard that is part of the debian-policy package. Please refer to it for the most up to date version of this specification.

Archived discussion

Prior to 2009-03-25, the proposal was being developed on this wiki-page. Discussions that were ongoing on this wiki from that point in time archived at Proposals/CopyrightFormat/Archive.

Open topics for DEP-5

The DEP-5 drivers use this wiki page to manage the "to do" list for it. Please don't edit it in a way that will confuse them. This page is public in the interest of transparency. If you have opinions or suggestions or patches, please bring them up on the debian-project mailing list. Thanks.

Success criteria for DEP-5:

  • people no longer find things to argue about on an ongoing basis

Current topics:

  • There are no current topics.

Things that need to be done before DEP-5 is ready:

Things that might be good to have at some point, outside of the spec text:

  • lintian warning for malformed DEP-5 files
  • lintian info level message for non-DEP-5 files
  • something to track DEP-5 adoption (perhaps by counting the non-DEP-5 lintian tag on lintian.debian.org?)
  • a tool to check that all files in a source package are covered by debian/copyright

Differences between DEP5 and SPDX

With current suggestions for what to do.

  • SPDX sometimes adds a license version, when we don't, or adds a ".0" to license version
    • ignore? the difference should not matter much
    • maybe suggest to SPDX they drop the ".0"
      • SPDX response: will consider it on a selective basis if it conforms with what is recorded on the original site. Most original sites seem to put a following O if there are multiple versions.

  • SPDX does not have some licenses we do (CC0, Expat, Perl, GFDL without invariants)
    • ignore: it's OK for us to have names for more licenses
    • but remove Perl as a shortname in DEP5
      • SPDX response: If there are some key licenses that are in common use and should be added to the list, let us know and we will try to add them.

  • SPDX has BSD 3 and 4 clause licenses with placeholders
    • ignore: we'll just have many variants of BSD (called other-FOO or whatever)
  • BSD license versions
    • adopt SPDX naming: BSD-2-clause (from FreeBSD), BSD-3-clause, BSD-4-clause (do dashes clash with license version syntax?)
  • SPDX represents "or later" as a different license, where we have a generic syntax, but end result is same
    • ignore
  • SPDX treats each GPL exception as a separate license
    • ignore, and suggest to SPDX they adopt DEP5 approach
  • For GNU licenses, SPDX (and FSF) prohibits the bare short identifiers and suggests using the suffixes "-only" or "-or-later", e.g. "GPL-3.0-only" and "GPL-3.0-or-later" for DEP5's "GPL-3" and "GPL-3+", respectively. see: https://spdx.dev/ids/ & https://www.gnu.org/licenses/identify-licenses-clearly.html

  • LGPL+ means in SPDX that no version was specified, but no such convention for the GPL
    • ignore, it's their problem, our syntax supports it anyway
  • SPDX calls it FDL, DEP5 calls it GFDL
    • ask SPDX to rename, since GFDL is the logical name, otherwise maintain a mapping table
  • SPDX calls it Python and Python-CNRI, DEP5 calls it PSF
    • rename in DEP5
  • SPDX calls them EFL, W3C, Zlib
    • rename in DEP5
  • SPDX links to http://www.opensource.org/licenses/mit-license.html

    • add link to DEP5

Implementations

See CopyrightReviewTools