[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library

On Sat, Nov 08, 2003 at 08:11:53PM -0500, John Belmonte scribbled:
> I'm interested in the notion of license metadata for file packages (in 
> the general sense)-- what the semantics would be, whether or how it 
> could be useful, etc.  As someone pointed out, there is no such thing 
> for Debian packages.  But ITP's do have the "License" field, so I was 
> asking about the semantics of an entry like "GPL, LGPL, public domain". 
>  Here it means that parts of the package are covered by one license, 
> parts by another, etc.  It doesn't always mean this.  See 
My point was to show the prospective reviewers of the ITP that the package
is heterogenous license-wise. Since putting only GPL in the license would be
presenting a false image of the status quo, I chose to list the licenses
enumerated by the author of the library as the ones present in the package
as a whole. As I stated in one mail (I think) I trust that the precision of
information is crucial in cases like this. In fact, I'm considering adding a
list of files in the library and their associated licenses to the
README.Debian in the package once it hits Sid (I've uploaded it already). I
grew aware of problems with licensing while working on Caudium. We, as the
Caudium Group, don't own the copyrights to all the code, but we do own a
huge part of it. I usually license my code under LGPL/MPL (considering IPL
now) but Caudium as a whole is still GPL. In such a crazy situation, it is
crucial that users/developers have detailed information about what parts of
a package are licensed under which licenses and, first of all, that there
exist various licenses to begin with. It really saves one a lot of trouble
later on.



Attachment: signature.asc
Description: Digital signature

Reply to: