tl;dr - I'd really like to use the DEP-5 keywords but looking closer I
get the feeling I should always use my own ones. Something that is
clearly not in the intention of DEP-5.
Hello,
while converting debian/copyright of a Debian package into DEP-5, a
lot of questions arose. Can you please give some advice what is a
sound way to do it?
1. Small modifications of the license text
In some source files I found a license that is obviously based on
"BSD-2-clause" but some words in the disclaimer were changed. To give
an impression, this is the wdiff output (with some pre- and
post-formatting, and unchanged text stripped):
$ wdiff bsd-2-clause bsd-2-clause-alike
Redistribution and use in source and binary forms, (...)
THIS SOFTWARE IS PROVIDED BY THE
[-COPYRIGHT HOLDERS AND CONTRIBUTORS-] {+AUTHOR+}
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE
[-COPYRIGHT HOLDER OR CONTRIBUTORS-] {+AUTHOR+}
BE LIABLE (...)
My question, what's the proper DEP-5 keyword? Is this modification
considered minor so I can still use "BSD-2-clause"? Like in:
Files: hello.c
Copyright: 2012 John Doe <jd@example.com>
License: BSD-2-clause
Comment: The words "COPYRIGHT HOLDERS AND CONTRIBUTORS" were
replaced by "AUTHOR".
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without
(...)
Technically, even such a small change means a falsification of the
license. And this will break (future?) lintian checks whether the text
in License: matches the keyword. On the other hand using the DEP-5
keyword eases the judgement what type of license is used.
Or should I rather create a different keyword like in
Files: hello.c
Copyright: 2012 John Doe <jd@example.com>
License: BSD-2-clause-alike
Comment: This is BSD-2-clause with just the words "COPYRIGHT
HOLDER(S) AND CONTRIBUTORS" replaced by "AUTHOR".
License: BSD-2-clause-alike
Redistribution and use in source and binary forms, with or without
(...)
In a way, this cannot be wrong. But hinders a jugdgement or just
statistics as described above.
And this creates a second question: What is the correct BSD-3-clause
text to be used in `debian/copyright`? There are
`/usr/share/common-licenses/BSD` and
<http://spdx.org/licenses/BSD-3-Clause>, but they are not identical.
Again, wdiff (with some pre- and post-formatting):
$ wdiff BSD-3-clause.Debian BSD-3-clause.SPDX
All rights reserved.
(...)
Neither the name of the [-University-] {+<ORGANIZATION>+} nor the
names of its contributors may be used
(...)
THIS SOFTWARE IS PROVIDED BY THE
[-REGENTS-] {+COPYRIGHT HOLDERS+}
AND CONTRIBUTORS (...)
IN NO EVENT SHALL THE [-REGENTS-] {+COPYRIGHT HOLDER+} OR
CONTRIBUTORS BE LIABLE (...)
If the second style is really the way to go, I'd like to propose an
extension for a future DEP-5 format: Reserve keywords derived in a
certain way from the base keywords, like in my example
"<DEP-5-keyword>-alike". The purpose is to indicate the actual license
was derived from a well-known one with small modifications, where it's
the maintainer's task to describe these modifications in a Comment:
section of the License: paragraph.
2. Registry of license texts
The Debian document refers to an external (out-of-project) resource
for the license texts:
"Currently, the full text of the licenses is only available in the SPDX
Open Source License Registry."
Are there plans to change this?
It would really ease a maintainer's job to have the applicable
License: paragraphs as a file ready to be pasted into
`debian/copyright`. See question 1 why I'm interested to have such a
list, organised by the keyword. Although question 1 is also about
whether such a list is at least technically possible. The files in
`/usr/share/common-licenses/` are not the best idea, while the files
in `/usr/share/debhelper/dh_make/licenses/` provided by dh-make are at
least a good start.
Plus, unfortunately I have some reason not to trust the SPDX registry
in a way I'd trust a Debian package that contains the texts.
3. License finder, anyone?
Something practical: Has anybody hacked a tool that helps to identify
the right license or at least the most similar one from a license text
found in arbitrary sources?
Regards,
Christoph
PS: I'm subscribed to debian-legal - no need to Cc: me in replies.
Attachment:
signature.asc
Description: Digital signature