Dear Debian Legal Team, I've CCed you for my reply to this bug, because I don't have the experience to be able to tell if Debian implicitly relicensed Audacious as GPL-3 from 2012-2016, how potentially falling out of BSD-2-clause license compliance might have affected this, and also how this should be resolved. The Debian packaging is GPL-2+, so it's possible to move to copyright-format/1.0 if that would simplify things. Also, please reply to point 2. OTTO "ancient plugins...under different licenses. I assume audacious-plugins will also need a copyright review. Please CC John and I, Bug #883731, and debian-legal as appropriate. Hi John, On Thu, Dec 07, 2017 at 05:15:53PM -0500, John Lindgren wrote: > Hi Nicholas, > > > On this topic, would you please update contrib/audacious.appdata.xml > > to reflect the current Audacious license (GPL3)? It claims the > > project_license is BSD-2-Clause. > > Sorry if my initial email was unclear. The current Audacious license *is* > BSD 2-clause, with some exceptions: Oh, now I see. Sorry I wasn't familiar with Audacious' upstream relicensing, and thank you very much for confirming for the files I asked about. > 1. The embedded copy of libguess (which is an external project) is under > a BSD 3-clause license, with a separate copyright. I believe this is > not a problem so long as the libguess license is also included with > any distribution. > 2. Some of the more ancient plugins are under different licenses, including > GPLv2+ and GPLv3. When we relicensed the main parts of Audacious to BSD > around 2012, we thought it impractical to contact all of the original > plugin authors since some of them go back to XMMS days (20 years ago now). > The plugins are compiled as separate binaries, and Debian has them in a > separate package (audacious-plugins). > > Our upstream COPYING file makes note of these exceptions, which is one > reason why it's important for it to be included verbatim, and not replaced > with generic BSD 2-clause text as it is in the current Debian package. Both BSD 3-clause and BSD 2-clause allow relicensing as GPL, thus so long as the licensing terms are complied with correctly BSD code can perpetually and unidirectionally flow to GPL projects. So from what I can tell it's 100% ok for the Debian package (both src and bin) to be GPL-3 from 2012-to-2016, and both the Debian source packages and binaries from this time period might actually be implicitly relicensed as GPL-3. If so, that's history that can't be changed. Also, I'm not sure what debian-legal and ftpmaster's view of #2 will be in light of the relicensing (and possible implied relicensing back to GPL-3). On 2016-04-06 06:55:52 (commit@124bf3bdccdac9d0eb78ce65b53c9a4ba128e052) use-system-licenses.patch might have made Debian's implicit relicensing invalid, not because of the deduplication patch per-se, but because /usr/share/common-licenses/BSD is a 3-clause and not a 2-clause one like Audacious uses. It's the same style, but is a different license altogether...and yeah, I think one can go BSD-2-clause to BSD-3-clause to GPL-3, but only if the original BSD-2-clause bits aren't stripped. I'm also unsure whether the patch that changes the user-visible bits and the out-of-date debian/copyright outweigh the 2-clause license that wasn't stripped from the headers of various files. eg: not implicitly relicensed, and just out of date copyright plus non-compliance with 2-clause BSD. > Regarding the plugins, I don't know the state of debian/copyright in the > audacious-plugins package, but my main concern here is that the one in > audacious is correct. > > > Conversely, what I found in debian/copyright was a project license of > > GPL-3, with notable exceptions. eg: are really translations GPL-1+? > > As I said, debian/copyright is out-of-date. We relicensed the project > from GPLv3 to BSD 2-clause back in 2012. Possibly we didn't make an > obvious enough announcement back then for Debian to take notice. I haven't looked at audacious-plugins yet either. Re: "is correct", I agree, and I'm hoping the fix will be to simply synchronise with upstream Audacious' BSD 2-clause. > Translations are under the same license as the rest of Audacious. Thank you for the confirmation. > > To my eyes it looks like the upstream project license needs to be > > clarified and disambiguated, debian/copyright needs work, and finally > > that deduplication patch can be dropped. > > Let me know if you think there are still clarifications needed upstream > given the information I've provided here. I'd be happy to adjust things > as necessary. Well, since the main Audacious project is in fact 2-clause-BSD this is much clearer now! Thanks again for the help. I hope to work on this Sunday, or after we hear back from debian-legal. Sincerely, Nicholas
Attachment:
signature.asc
Description: PGP signature