tl;dr - I'd really like to use the DEP-5 keywords but looking closer I get the feeling I should always use my own ones. Something that is clearly not in the intention of DEP-5. Hello, while converting debian/copyright of a Debian package into DEP-5, a lot of questions arose. Can you please give some advice what is a sound way to do it? 1. Small modifications of the license text In some source files I found a license that is obviously based on "BSD-2-clause" but some words in the disclaimer were changed. To give an impression, this is the wdiff output (with some pre- and post-formatting, and unchanged text stripped): $ wdiff bsd-2-clause bsd-2-clause-alike Redistribution and use in source and binary forms, (...) THIS SOFTWARE IS PROVIDED BY THE [-COPYRIGHT HOLDERS AND CONTRIBUTORS-] {+AUTHOR+} "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE [-COPYRIGHT HOLDER OR CONTRIBUTORS-] {+AUTHOR+} BE LIABLE (...) My question, what's the proper DEP-5 keyword? Is this modification considered minor so I can still use "BSD-2-clause"? Like in: Files: hello.c Copyright: 2012 John Doe <jd@example.com> License: BSD-2-clause Comment: The words "COPYRIGHT HOLDERS AND CONTRIBUTORS" were replaced by "AUTHOR". License: BSD-2-clause Redistribution and use in source and binary forms, with or without (...) Technically, even such a small change means a falsification of the license. And this will break (future?) lintian checks whether the text in License: matches the keyword. On the other hand using the DEP-5 keyword eases the judgement what type of license is used. Or should I rather create a different keyword like in Files: hello.c Copyright: 2012 John Doe <jd@example.com> License: BSD-2-clause-alike Comment: This is BSD-2-clause with just the words "COPYRIGHT HOLDER(S) AND CONTRIBUTORS" replaced by "AUTHOR". License: BSD-2-clause-alike Redistribution and use in source and binary forms, with or without (...) In a way, this cannot be wrong. But hinders a jugdgement or just statistics as described above. And this creates a second question: What is the correct BSD-3-clause text to be used in `debian/copyright`? There are `/usr/share/common-licenses/BSD` and <http://spdx.org/licenses/BSD-3-Clause>, but they are not identical. Again, wdiff (with some pre- and post-formatting): $ wdiff BSD-3-clause.Debian BSD-3-clause.SPDX All rights reserved. (...) Neither the name of the [-University-] {+<ORGANIZATION>+} nor the names of its contributors may be used (...) THIS SOFTWARE IS PROVIDED BY THE [-REGENTS-] {+COPYRIGHT HOLDERS+} AND CONTRIBUTORS (...) IN NO EVENT SHALL THE [-REGENTS-] {+COPYRIGHT HOLDER+} OR CONTRIBUTORS BE LIABLE (...) If the second style is really the way to go, I'd like to propose an extension for a future DEP-5 format: Reserve keywords derived in a certain way from the base keywords, like in my example "<DEP-5-keyword>-alike". The purpose is to indicate the actual license was derived from a well-known one with small modifications, where it's the maintainer's task to describe these modifications in a Comment: section of the License: paragraph. 2. Registry of license texts The Debian document refers to an external (out-of-project) resource for the license texts: "Currently, the full text of the licenses is only available in the SPDX Open Source License Registry." Are there plans to change this? It would really ease a maintainer's job to have the applicable License: paragraphs as a file ready to be pasted into `debian/copyright`. See question 1 why I'm interested to have such a list, organised by the keyword. Although question 1 is also about whether such a list is at least technically possible. The files in `/usr/share/common-licenses/` are not the best idea, while the files in `/usr/share/debhelper/dh_make/licenses/` provided by dh-make are at least a good start. Plus, unfortunately I have some reason not to trust the SPDX registry in a way I'd trust a Debian package that contains the texts. 3. License finder, anyone? Something practical: Has anybody hacked a tool that helps to identify the right license or at least the most similar one from a license text found in arbitrary sources? Regards, Christoph PS: I'm subscribed to debian-legal - no need to Cc: me in replies.
Attachment:
signature.asc
Description: Digital signature