Christoph Biedl <debian.axhn@manchmal.in-ulm.de> writes:
> tl;dr - I'd really like to use the DEP-5 keywords but looking closer I
> get the feeling I should always use my own ones. Something that is
> clearly not in the intention of DEP-5.
It's certainly not the intention of that standard (now “Copyright Format
1.0” and an official (optional) part of Debian policy 3.9.3.0 and
later). The intention is that most works will be described by the
standard license keywords.
> 1. Small modifications of the license text
>
> In some source files I found a license that is obviously based on
> "BSD-2-clause" but some words in the disclaimer were changed. To give
> an impression, this is the wdiff output (with some pre- and
> post-formatting, and unchanged text stripped):
>
> $ wdiff bsd-2-clause bsd-2-clause-alike
> Redistribution and use in source and binary forms, (...)
>
> THIS SOFTWARE IS PROVIDED BY THE
> [-COPYRIGHT HOLDERS AND CONTRIBUTORS-] {+AUTHOR+}
> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
> NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
> FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
> SHALL THE
> [-COPYRIGHT HOLDER OR CONTRIBUTORS-] {+AUTHOR+}
> BE LIABLE (...)
These are not only fastidious changes from a standard license text. They
may even have some effect on the legal meaning of the license.
Separately from your questions here, I would ask you to work with
upstream to convince them to use the widely-used and well-understood
standard text of the BSD 2-clause license.
> Or should I rather create a different keyword like in
>
> Files: hello.c
> Copyright: 2012 John Doe <jd@example.com>
> License: BSD-2-clause-alike
>
> Comment: This is BSD-2-clause with just the words "COPYRIGHT
> HOLDER(S) AND CONTRIBUTORS" replaced by "AUTHOR".
> License: BSD-2-clause-alike
> Redistribution and use in source and binary forms, with or without
> (...)
>
> In a way, this cannot be wrong. But hinders a jugdgement or just
> statistics as described above.
I think this is the option I'd choose for writing the ‘debian/copyright’
file, and I hope the bad taste in the mouth can be a motivation to get
upstream to use the standard license text.
> And this creates a second question: What is the correct BSD-3-clause
> text to be used in `debian/copyright`? There are
> `/usr/share/common-licenses/BSD` and
> <http://spdx.org/licenses/BSD-3-Clause>, but they are not identical.
Right. The original text from Berkeley University specifically names the
Regents and the University, whereas to be generally applicable one must
avoid those terms.
The meaning is changed, but in a well-understood way that only makes the
license generally applicable to any work of expression.
These changes to make the license text a generally-applicable one do
not, IMO, obligate a change in the name of the license (nor the keyword
to refer to it).
> The Debian document refers to an external (out-of-project) resource
> for the license texts:
>
> "Currently, the full text of the licenses is only available in the SPDX
> Open Source License Registry."
>
> Are there plans to change this?
This was specifically done to make use of the existing SPDX work and to
avoid multiple, potentially-differing, points of authority for the
registry.
> It would really ease a maintainer's job to have the applicable
> License: paragraphs as a file ready to be pasted into
> `debian/copyright`.
The standardisation of the copyright document format already makes the
maintainer's job a lot easier for the same reason: it's now much clearer
what needs to go in that file and how to write it, than it was before
such standardisation.
Making the maintainer's job isn't the only concern, though. It would not
be a good thing IMO for the maintainer to be able to punch out such
paragraphs without thinking about their content, since that would
encourage negligence in an important part of the maintainer's job.
> Plus, unfortunately I have some reason not to trust the SPDX registry
> in a way I'd trust a Debian package that contains the texts.
Without knowing what those reasons are, we can't help.
> Something practical: Has anybody hacked a tool that helps to identify
> the right license or at least the most similar one from a license text
> found in arbitrary sources?
Not to my knowledge. Again, I think failing to find the right license
text should be a spur to the maintainer to work with upstream to
convince them to reduce license proliferation and instead choose a
widely-understood license text.
--
\ “Pinky, are you pondering what I'm pondering?” “Well, I think |
`\ so, Brain, but do I really need two tongues?” —_Pinky and The |
_o__) Brain_ |
Ben Finney
Attachment:
pgp2P20_fPyad.pgp
Description: PGP signature