[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upgrade orfeotoolbox to 5.0

Hello Bas,

On Fri, Sep 4, 2015 at 1:39 AM, Sebastiaan Couwenberg <sebastic@xs4all.nl> wrote:
On 04-09-15 00:32, Johan Van de Wauw wrote:
> I made some final changes and committed. Since otb relies on
> libinsighttoolkit which currently does not install on unstable I would
> target experimental. We can bring it to unstable (and testing) after
> passing through the new queue.
> I can not sponsor, but someone else on the debian GIS list may do it.
> I do recommend uploading to mentors anyway as it learns you some
> things about uploading and the overview sometimes reveals additional
> errors.
> Since Andreas (cc) was involved earlier in packaging, he is probably
> the best person to ask for sponsoring.

Before considering otb ready for an upload even to experimental, there
are still some issues to be dealt with.

The changelog, copyright & watch file all handle the repacking with the
+dfsg suffix, but the repacked tarball is not in the upstream nor
pristine-tar branch, so no-one can generate the tarball from git. The
5.0.0+dfsg upstream release got hidden in the annotated tag. I've
recreated the tag with `gbp import-orig` on a newly downloaded &
repacked tarball.

The license paragraphs for LGPL-{2,3}, Apache2.0 & public_domain are
missing, and should use common SPDX-like license shortname as documented
in copyright-format 1.0:


At least the shortnames CECILL-2.0, Apache-2.0 and public-domain should
be used, and public-domain is special:

 The License short name public-domain does not refer to a set of
 license terms. There are some works which are not subject to copyright
 in any jurisdiction and therefore no license is required for any
 purpose covered by copyright law. This short name is an explicit
 declaration that the associated files are "in the public domain".

 Widespread misunderstanding about copyright in general, and the public
 domain in particular, results in the common assertion that a work is
 in the public domain when this is partly or wholly untrue for that
 work. The Wikipedia article on public domain is a useful reference for
 this subject.

 When the License field in a paragraph has the short name
 public-domain, the remaining lines of the field must explain exactly
 what exemption the corresponding files for that paragraph have from
 default copyright restrictions.


The public-domain license can there not use a standalone license
paragraph which is recommended to not duplicate license texts.


The typical public-domain license text copies the public domain
statement from the source verbatim.

The use of LGPL-{2,3} and then only linking to the file in
common-licenses because those files actually document LGPL-{2,3}+. The
"or later" clause has a big impact in license compatibily. If you want
to get away with only linking to the common-licenses the shortnames need
to change to LGPL-2+ & LGPL-3+, but that's not what the copyright
headers say.

Modules/ThirdParty/SiftFast/src/ is clearly LGPL-3+ (not v3 only),
that's an easy fix.

Modules/ThirdParty/OssimPlugins/src/ossim* have a different mix of LGPL
declarations, a lot of them without any explicit version. So which is it?

All these files in Modules/ThirdParty/OssimPlugins/src/ossim are derived form OSSIM which was using LGPL-2 or higher. All these class have mentioned LGPL in their license. But it is sure that they are LGPL-2 or higher.

Specifiying LGPL-2+ in the debian/copyright for these file would be sufficient?

FYI, svn trunk now shows MIT license -  http://svn.osgeo.org/ossim/trunk/ossim/LICENSE.txt

The ITK derived files are unclear about which version they're taken
from, and ITK upstream uses different licenses for their versions:


The Source or Comment field also needs to document why the upstream
source is repacked:


 Formatted text, no synopsis: an explanation of where the upstream
 source came from. Typically this would be a URL, but it might be a
 free-form explanation. The Debian Policy section 12.5 requires this
 information unless there are no upstream sources, which is mainly the
 case for native Debian packages. If the upstream source has been
 modified to remove non-free parts, that should be explained in this


 Formatted text, no synopsis: this field can provide additional
 information. For example, it might quote an e-mail from upstream
 justifying why the license is acceptable to the main archive, or an
 explanation of how this version of the package has been forked from a
 version known to be DFSG-free, even though the current upstream
 version is not.


Files in Modules/ThirdParty/ITK/include/
are all derived from ITK4 and hence license applied is Apache-2.0. The one file which says CECILL is otbWrapImageFilter. This has a slight modification from the orginal ITK class itkWrapImageFilter which has License Apache-2.0

These are pending patches kept for OTB but not pushed to itk because they are in ITK deprecated modules. one class itkUnaryFuctionImageFilter.* is rejected by ITK because the modification only concerns otb.

I can include this detail in the comment section. would that be sufficient?

I'm not even halfway done with the license & copyright review, but I'm
done for today. It's already clear that the copyright file needs more
work to properly document the license & copyright for the OTB source.

I've pushed my changes so far, but more are still required.

Kind Regards,


 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1


Reply to: