Bug#885042: Check inclusion of Apache 2.0 NOTICE files
Ben Finney <bignose@debian.org> writes:
> Why the entire contents? The only thing that clause requires is “the
> attribution notices contained within such NOTICE file”.
Let's make this more concrete, because I'm not sure you understand the
nature of the problem. Here's an example of a NOTICE file from a real
Debian package:
We wish to acknowledge the following copyrighted works that make up
portions of this software:
This product includes software developed by the Apache Software
Foundation (http://www.apache.org/).
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/).
This project uses libraries covered by the Lesser GNU Public License.
Source code for these libraries is available on request.
This product includes software developed, copyrighted, and/or
contributed by:
The Ohio State University
The National Research Council of Canada
The Danish CLARIN Consortium
National Institute of Informatics in Japan
What parts of this do you think are attribution notices?
What parts of this do you think a Debian developer would naturally include
in debian/copyright? Important additional piece of information: other
than in this file, the string "The Danish CLARIN Consortium" appears
nowhere in the upstream source distribution, and the string "The National
Research Council of Canada" appears only here and in a CREDITS file.
What makes you confident that the process you propose would continue to
satisfy the license going forward during normal upstream updates?
How much energy would you want to spend on defending your interpretation
of this in order to avoid installing this file in the documentation area
of the package?
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: