On 04-09-15 00:32, Johan Van de Wauw wrote:
> I made some final changes and committed. Since otb relies on
> libinsighttoolkit which currently does not install on unstable I would
> target experimental. We can bring it to unstable (and testing) after
> passing through the new queue.
>
> I can not sponsor, but someone else on the debian GIS list may do it.
> I do recommend uploading to mentors anyway as it learns you some
> things about uploading and the overview sometimes reveals additional
> errors.
> Since Andreas (cc) was involved earlier in packaging, he is probably
> the best person to ask for sponsoring.
Before considering otb ready for an upload even to experimental, there
are still some issues to be dealt with.
The changelog, copyright & watch file all handle the repacking with the
+dfsg suffix, but the repacked tarball is not in the upstream nor
pristine-tar branch, so no-one can generate the tarball from git. The
5.0.0+dfsg upstream release got hidden in the annotated tag. I've
recreated the tag with `gbp import-orig` on a newly downloaded &
repacked tarball.
The license paragraphs for LGPL-{2,3}, Apache2.0 & public_domain are
missing, and should use common SPDX-like license shortname as documented
in copyright-format 1.0:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-specification
At least the shortnames CECILL-2.0, Apache-2.0 and public-domain should
be used, and public-domain is special:
"
The License short name public-domain does not refer to a set of
license terms. There are some works which are not subject to copyright
in any jurisdiction and therefore no license is required for any
purpose covered by copyright law. This short name is an explicit
declaration that the associated files are "in the public domain".
Widespread misunderstanding about copyright in general, and the public
domain in particular, results in the common assertion that a work is
in the public domain when this is partly or wholly untrue for that
work. The Wikipedia article on public domain is a useful reference for
this subject.
When the License field in a paragraph has the short name
public-domain, the remaining lines of the field must explain exactly
what exemption the corresponding files for that paragraph have from
default copyright restrictions.
"
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#public-domain
The public-domain license can there not use a standalone license
paragraph which is recommended to not duplicate license texts.
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#stand-alone-license-paragraph
The typical public-domain license text copies the public domain
statement from the source verbatim.
The use of LGPL-{2,3} and then only linking to the file in
common-licenses because those files actually document LGPL-{2,3}+. The
"or later" clause has a big impact in license compatibily. If you want
to get away with only linking to the common-licenses the shortnames need
to change to LGPL-2+ & LGPL-3+, but that's not what the copyright
headers say.
Modules/ThirdParty/SiftFast/src/ is clearly LGPL-3+ (not v3 only),
that's an easy fix.
Modules/ThirdParty/OssimPlugins/src/ossim* have a different mix of LGPL
declarations, a lot of them without any explicit version. So which is it?
The ITK derived files are unclear about which version they're taken
from, and ITK upstream uses different licenses for their versions:
http://www.itk.org/ITK/project/license.html
The Source or Comment field also needs to document why the upstream
source is repacked:
"
Source
Formatted text, no synopsis: an explanation of where the upstream
source came from. Typically this would be a URL, but it might be a
free-form explanation. The Debian Policy section 12.5 requires this
information unless there are no upstream sources, which is mainly the
case for native Debian packages. If the upstream source has been
modified to remove non-free parts, that should be explained in this
field.
"
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#source-field
"
Formatted text, no synopsis: this field can provide additional
information. For example, it might quote an e-mail from upstream
justifying why the license is acceptable to the main archive, or an
explanation of how this version of the package has been forked from a
version known to be DFSG-free, even though the current upstream
version is not.
"
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#comment-field
I'm not even halfway done with the license & copyright review, but I'm
done for today. It's already clear that the copyright file needs more
work to properly document the license & copyright for the OTB source.
I've pushed my changes so far, but more are still required.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1