Re: RFS: stegosuite/0.7.3-1 [ITP]

To: Tobias <tobias@stegosuite.org>
Cc: "debian-java@lists.debian.org" <debian-java@lists.debian.org>
Subject: Re: RFS: stegosuite/0.7.3-1 [ITP]
From: Markus Koschany <apo@debian.org>
Date: Mon, 13 Jun 2016 21:21:21 +0200
Message-id: <[🔎] 677f4244-535f-4c8a-a171-247bcb604d09@debian.org>
In-reply-to: <[🔎] 575D6239.2040903@stegosuite.org>
References: <[🔎] 575D6239.2040903@stegosuite.org>

On 12.06.2016 15:23, Tobias wrote:
> Dear Java packagers,
> 
> I am looking for a sponsor for my package "stegosuite".

Hi Tobias,

Thanks for your update. I had to update the BSD-2-clause license because
they mention that parts of their code was taken from the JPEG group. In
this case we must quote both licenses.

Though there is probably even more work.

First of all, it's great that you use comments to document external code
but I would strongly recommend to properly document these parts of your
software. These comment are rather easy to miss. In general there are
several approaches but the most popular are file-scope license
information or centralizing license information. [1]

It is very easy to parse software projects that add license headers to
each and every file. In Debian we have tools like licensecheck or cme
which can support maintainers in this work. The centralized approach
isn't bad either. You could list all licenses in one file or, since we
are almost done, just use debian/copyright in your own project which
would make life for other people easier.

I have found the following comments in your code:

Taken from
https://github.com/StanfordHCI/c3/blob/master/java/src/edu/stanford

https://github.com/StanfordHCI/c3/blob/master/LICENSE

The license is missing in debian/copyright.

adapted from Sharma et al's MATLAB implementation at
// http://www.ece.rochester.edu/~gsharma/ciede2000/

I have no idea what has been adapted and if it is copyrightable.

same here:

some code in this class taken from:
http://stackoverflow.com/a/992413/4862922

The license for stackoverflow is CC-BY-SA 3.0

Not every piece of code is copyrightable, so there might be a chance
that there is no action required from our side. In any case I suggest to
add a Comment: section to your main Files: * paragraph. It helps if you
clarify these comments with a few words. If those parts are
copyrightable, please add the license to debian/copyright.

Regards,

Markus

[1]
https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: RFS: stegosuite/0.7.3-1 [ITP]
  - From: Tobias <tobias@stegosuite.org>

References:
- RFS: stegosuite/0.7.3-1 [ITP]
  - From: Tobias <tobias@stegosuite.org>

Prev by Date: java.debian.net blog: Wheezy LTS and the switch to OpenJDK 7
Next by Date: Re: RFS: stegosuite/0.7.3-1 [ITP]
Previous by thread: RFS: stegosuite/0.7.3-1 [ITP]
Next by thread: Re: RFS: stegosuite/0.7.3-1 [ITP]
Index(es):
- Date
- Thread