[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is igmpproxy dfsg compliant?

Pali Rohár writes ("Re: is igmpproxy dfsg compliant?"):
> Ok, package is already in new queue:
> https://ftp-master.debian.org/new/igmpproxy_0.1-1.html

Hrm.  I didn't spot that.  Well, anyway, thanks for your hard work.

As regards the package I didn't find anything terrible (although I
didn't quite finish everything I wanted to check - in particular I
haven't looked at the github project), but I did find twho things
that's are a slight problem:

AFAICT you think the overall resulting licence is GPLv2+ (that's
certainly what Johnny Egeland has written, and that's what you've
written in debian/copyright.  But there are mentions of contributions
from Carsten Schill under GPLv2-only.  Has anyone contacted Carsten
about this ?

And, there are a couple of files (`install-sh' and `missing') under
the MIT X Licence, which is not mentioned in debian/copyright.  That is
a GPL-compatible licence so it's not a big problem, but the licence
should be mentioned in debian/copyright.

I also had some comments about the way the information was structured.

I don't think it is necessary (or indeed a good idea) to ship all of
the copyrightholders permission emails in debian/copyright.

The copyright file should IMO contain information about the actual
licence, and not contain out of date pieces of licence, or historical
information.  It also does not need to contain records of all the
email communications with the licence holders.

IMO these should be kept in the source package, in case they are
needed, but they do not need to be in the .deb.  The copyright file
should instead summarise the situation.

So I would suggest you put them in debian/ somewhere.  COPYING.emails
or something maybe.  The filename doesn't matter very much.

Conversely the source package should contain all the tracing
information we have about who approved what licence when.  That
includes the emails I mention above, but also licence statements from
Stanford and OpenBSD etc.

As regards the Stanford relicensing: you have included two URLs.  But
I think we should have the actual text of the relicense.

The best way to do this would probably be to use wget or curl to
download the HTML from the OpenBSD cvsweb page (which includes Theo de
Raadt's commit message), and maybe also save a copy of the diff which
comes out from this URL:

I looked at the troglobit.com url you mention and I don't think the
text there really provides anything more interesting or useful,
although it might be worth mentioning somewhere in the source package
that that's the upstream.

And there is some out-of-date information in the source package that
could usefully be qualified:

The file Stanford.txt in the toplevel is no longer applicable.
Ideally it would be deleted, but our source formats do not support
thta.  You should prefix it with a notice saying it does not apply,
and referring to a copy of the Stanford notice.

Was the file AUTHORS from mrouted ?  I can't tell from the Debian
source package you have provided.  I think you may want to patch it to
prefix a statement about its scope.

In projects now maintained primarily in a VCS and accepting
contributions, such AUTHORS files typically become very out of date.

Many of my comments would be worth feeding upstream.  Upstream
probably don't want to be distributing this out of date information,
and I'm sure they would like to have a record of the relicensing
approval emails.

Finally, the package's debian/control Homepage field refers to
sourceforge but actually it's now on github AFAICT.


Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to: