[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making debian/copyright machine-interpretable

On Sat, 2007-08-04 at 19:17 +0200, Sam Hocevar wrote:
>      http://wiki.debian.org/Proposals/CopyrightFormat
>    I therefore would like your opinions about this proposal, its
> shortcomings, and a strategy to implement it quickly and as widely as
> possible.

This is great!  One possible shortcoming might be the lack of
information provided for less widely used licenses (anything requiring
an 'other' value in the License field).  How much Debian should be
concerned about such licenses is no doubt up to debate, but especially
in non-free there are likely many such cases.  One possible solution
that I have in mind would be to add information about the terms of the
license in a machine-readable way.  Perhaps something along the lines
of what Creative Commons has done with mod_cc[1], but with several
additions that suit Debian's (and Debian's users) requirements.  I am
imagining another field something like

License-Terms: Requires-Attribution, Noncommercial, Choice-of-Venue,
  SSL-Exception, GPL-Compatible

Clearly the exact terms and their meaning would require a bit of
discussion, but should ideally include tags which would be as
unambiguous as possible and would cover as many of the properties of
licenses as we can that are important to Debian end-users, without
making the License-Terms field longer than the license itself...

Of course, this idea does have several limitations:
  * It is not particularly useful for well known licenses.
    Perhaps for any license besides "other", these values could be
  * There will be both mistakes and misinterpretations of these terms,
    regardless of how well defined they can be made in proposals.
    Mistakes happen.  Does this pose a legal problem for Debian if
    individuals act based on the tags and are later held liable for
    license violations?
  * There will no doubt be different interpretations of whether or not
    a license deserves a particular tag (as there are now about
    whether or not a license meets the DFSG).  Who will be ultimately
    responsible for the tags, and is that influenced by the previous
    point about potential liability?
  * This is not a replacement for people actually reading the licenses
    of the software they are installing.  The tags can not cover every
    possible facet of a software license and any license-conscious
    end-user (individual or corporate) will still need to read the
    licenses of their software to make sure they are in compliance
    with its terms.

That said, I hope that this does provide meaningful benefit.  The
primary benefit that I envision is to eventually allow users to select
which license terms they find acceptable and which they do not and to
limit their package installations on that basis.  As mentioned above,
this is not a complete solution, since the licenses must still be read
in full, but it would cut down on the amount of packages which require
consideration.  For example, corporate users may select a policy which
would not consider packages tagged Noncommercial, allowing their
license review teams to only look at packages which may be usable by
their company.  It could also allow users with their own particular
definitions of freeness to easily select packages that fit their

Thoughts, comments, and criticisms welcome.


1.  http://web.resource.org/rss/1.0/modules/cc/

P.S.  By making this suggestion, I am volunteering to help with the
huge amount of work that it requires.  ;)

Reply to: