Re: License of Debian-specific parts in packages, generally and in particular
Frank Küster wrote:
> Hi,
>
> in particular, tetex-base has a woeful copyright file (#218105), and
> while I'm trying to resolve this, I came across the fact that some of
> the Debian-specific code (maintainer scripts, templates,...) does
> not have a license statement. The maintainer scripts don't even have a
> proper copyright statement, i.e. one has to guess from debian/changelog
> who has contributed what.
That's no good. Tetex-base is one of the most infamously bad cases, of
course.
> More generally, I found out that this is the case for many packages
> (just a random pick: emacs21{-common}, kdebase-bin, scigraphica) have
> the same deficiencies. An example for a "good" package is the xfree
> Packages; furthermore, in xfree86-common/copyright, the copyright for
> all Debian-specific contributions is assigned to SPI.
>
> Therefore, I would like to raise some questions. If they have been
> discussed before, please give me a pointer.
>
> 1. Shouldn't we add a note to the Policy (or the Developer's Reference)
> that there should be a license statement for the Debian-specific
> parts in debian/copyright? I think we should, and it should be a
> "must" directive post-sarge.
Yes. However, normally, the Debian-specific parts should be licensed under
the same license as the rest of the package, in which case little
additional information is required in debian/copyright -- just the
copyright statements of the creators of the Debian-specific parts, added to
the list of copyright holders granting the license.
> 2. Should we encourage maintainers and contributors to assign the
> copyright to SPI, as the x people did?
That has to be done in hard copy on signed documents in the US, unless I'm
very much mistaken. It's probably not worth encouraging people to do
that. :-P
> 3. Is there any advice on whether to put the debian-specific part under
> the same license as the upstream work, or whether this does not
> matter?
If the debian-specific parts might get integrated upstream (patches, for
instance), it's certainly advisable to put them under the same license.
If they won't, I guess it doesn't *really* matter; it's still important that
the license be appropriately compatible, though.
> 4. How should we proceed with old contributions? Especially if
> maintainers have frequently changed, or complex patches from the BTS
> have been applied, it might be hard to find out all the copyright
> holders.
>
> I think one can assume that anybody contributing code [1] to a Debian
> package is willing to put it under a DFSG-free license, but one
> cannot guess at all which license this should be. Therefore a
> transition strategy could be made that would allow old code with
> unknown or unreachable authors in the package if it is marked a such,
> but require a rewrite if substantial changes have to be made anyway.
I would generally assume the following:
* if the authors are listed in debian/copyright as holding a copyright in
part of the work, and granting the appropriate license, everything is fine.
* if they're listed somewhere else as doing so, that needs to be in
debian/copyright.
* if the work is in the public domain, a statement to that effect in
debian/copyright is needed.
* otherwise, the code is not licensed and should be taken out as soon as a
reasonable replacement can be made
--
There are none so blind as those who will not see.
Reply to: