[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What criteria does ftpmaster use for the ‘copyright’ file of a package?

Robert Collins <robertc@robertcollins.net> writes:

> On Sat, 2009-08-29 at 18:03 +1000, Ben Finney wrote:
> > the package as originally uploaded had copyright notices preserved
> > in the source, but not duplicated into the ‘copyright’ file.
> Your experience seems to be covered by
> http://lintian.debian.org/tags/copyright-without-copyright-notice.html
> and
> http://lists.debian.org/debian-devel-announce/2006/03/msg00023.html
> (linked from http://ftp-master.debian.org/REJECT-FAQ.html)

That covers the rejection of a package that triggers that Lintian tag.
Not covered there is the acceptance of a package with a ‘copyright’ file
containing copyright notices that don't match what is found in the
original source.

Torsten Werner <twerner@debian.org> writes:

> Ben Finney schrieb:
> > My response was to Chris only (to the ftpmaster address), giving my
> > understanding that Debian Policy §12.5 requires only the verbatim
> > copyright *license terms*, not the duplication of copyright *notices*,
> > to be in the ‘copyright’ file; and asking for clarification on their
> > position.
> policy states: "copyright and distribution license". That are 2 pieces
> of information (IMHO: copyright info AND license terms).

Yet as we discovered during discussions several months ago, there are a
wealth of packages in Debian that *don't* duplicate every single
copyright notice from the source into the ‘copyright’ file; and, indeed,
that many developers don't consider it useful to do so and balk at such

The wording is ambiguous; it's easy to read that section as requiring
only the license (specifically, the copyright and distribution license).
The interpretation you give is another possible reading of that clause.

If the governing interpretation is that “all copyright notices and
distribution license” need to be duplicated into the file, how many
packages in Debian are violating policy by this reading? More to the
point, does this interpretation actually match the consensus of the

Most worrying, *neither* of those interpretations matches my experience,
nor does it match what I understand to be common practice: that the
‘copyright’ file contains the full license text, but an *arbitrary
subset* of copyright notices, usually out of date with the source,
inaccurate, and incomplete.

Is a package unsuitable for Debian because its ‘copyright’ file fails to
completely duplicate all the copyright notices from the source? Should
every package that is also in that state be flagged as violating a
policy directive?

 \       “Facts are meaningless. You could use facts to prove anything |
  `\                that's even remotely true!” —Homer, _The Simpsons_ |
_o__)                                                                  |
Ben Finney

Attachment: pgpfg2anfDsV8.pgp
Description: PGP signature

Reply to: