Re: Bug#698019: libav: the effective GPL-licensed status of the binary packages should be clearly documented
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Le 15/01/2013 14:41, Jonas Smedegaard a écrit :
> Quoting Thibaut Paumard (2013-01-14 23:29:40)
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>>
>> Le 14/01/2013 23:45, Francesco Poli a écrit :
>>> On Mon, 14 Jan 2013 11:13:48 +0100 Jonas Smedegaard wrote:
>>>
>>>> Quoting Charles Plessy (2013-01-14 02:55:38)
>>>>> On Sat, Jan 12, 2013 at 11:43 PM, Francesco Poli
>>>>> (wintermute)
>>>>>>>
>>>>>>> I think that the effective licensing status of the
>>>>>>> binary packages (GPL-2+ or GPL-3+) should be explicitly
>>>>>>> and clearly documented in the comment at the beginning
>>>>>>> of the debian/copyright file and, probably, in the
>>>>>>> binary package long descriptions, as well.
>>> [...] Since currently there is no better place (at least, not
>>> one I am aware of) to carry these considerations and since I am
>>> convinced that such considerations are important, I still think
>>> that the comment should be kept in the debian/copyright file
>>> and clarified.
>>
>> Hi,
>>
>> I'm surprised it has not yet been pointed out, but I have always
>> considered the right place to document copyright information for
>> individual binary packages is <package>.copyright, which ends up
>> as simply /u/s/d/<package>/copyright.
>>
>> I'm also surprised to not find it right away in either policy or
>> devref. Anyway, man dh_installdocs at least doccuments the
>> technical point.
>>
>> An additional README.Debian at least in the relevant -dev
>> packages does not harm.
>
Hi again,
All I'm saying is that the natural place to look for such information
is the binary package's copyright file, a.k.a.
debian/<package.copyright>, and that neither devref not Policy mention
the latter.
> In the past I saw that as an indication that indeed the copyright
> file was intended to cover both source and effective licensing.
Yes, that's also my reading of Policy 12.5:
http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile
"Every package must be accompanied by a verbatim copy of its copyright
information and distribution license in the file
/usr/share/doc/package/copyright."
In other words, copyright file (as distributed in the binary package)
must cover not only the copyright (which applies mostly on the source)
but also the distribution license (which applies on the binaries as
well). Note the *must* here in the binary package, in contrast with
*should* debian/copyright in the source package:
"A copy of the file which will be installed in
/usr/share/doc/package/copyright should be in debian/copyright in the
source package."
which implicitly allows for debian/<package>.copyright in relevant
cases, i.e. when the applicable license terms is not the same for all
the binaries, e.g. some binary linked with GPLed code.
> During my partitipation in defining the copyright file format 1.0,
> however, it was brought up that there is no such requirement for
> effective licensing - the current defined purpose of the copyright
> file apparently is only to cover copyrights and licensing or
> _source_.
I'd be interested in the reasoning behind this, because I think you
where right in the first place.
In the first quote above, "its [...] distribution license" refers to
the "package". Very clearly, "package" here must be read as "binary
package", which you grab from a few lines later:
"/usr/share/doc/package may be a symbolic link to another directory in
/usr/share/doc only if the two packages both come from the same source
and the first package Depends on the second."
Kind regards, Thibaut.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJQ9WeGAAoJEJOUU0jg3ChA+jwQAJaGlJm6ljuzYFV266yQr0V/
Kva9ofaeBSxJPMBvipudv53Rcd51QykG6HHyKYBzmBGiDL0VS0hj8qXTEhCO2ECW
6Joe2ILzzBi3QZcGV1mQ3TrkfbjEgBO6/bG1fh1HZn4DWC5IENnJsff3zPBldPA3
zQ65dq3atZ8FEZoAxHGRPbJYHBBDBrLyq3AlyKoXOdGjl67ciPYptHei+cn7y0Ti
i0CUfspEY70UCiYtw/YP9mCpEzIVlx+gYQly0ct6td2Rx142lhG0Jhwp7rMrn7nN
tD+rOxc1X/5a3bFGGXxIeDvzJw/2OECVpKDvMGw0Wh4L3rUjYej+WSl9DMVSkzrK
/DnjL6RhyulFSwMHPLdELMr+1CzbmpCXi8UkGshBEnML5NvzOn44yvrJNju0wkW/
fjZTtXfIUoMweI2VIpCPK3Aa4bffG1YCrLjOg3/WIf2MNsLMTIv1BUGTo9uDz6hP
3uaKJDG0AUruiqtplvG4P8UTBSwBY8Af/Pyp9vXOWdcLAp/A1OyE+lfLcEj2lC3M
xGUIz35gBiNjrUJRf2PloXrIqHFedHCGhFn/2u6a2YerblKUcs7MV87Ujqs8oltR
Fmuk50SIa1FAvaTwrqocQYkkohhRdZHNQXozvNpQdzjuTiVm3BvpUonm8PGHpkfq
9hLnuuCdzVGAm6LVYPiO
=+ZnX
-----END PGP SIGNATURE-----
Reply to: