Bug#1029055: marked as done (lintian: Lintian does not recognize the AppStream's metainfo.xml MIT license is the same as Debian's Expat license)
Your message dated Mon, 23 Jan 2023 10:31:17 +0000
with message-id <E1pJu6f-002lIb-Qe@fasolo.debian.org>
and subject line Bug#1029055: fixed in lintian 2.116.1
has caused the Debian Bug report #1029055,
regarding lintian: Lintian does not recognize the AppStream's metainfo.xml MIT license is the same as Debian's Expat license
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1029055: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029055
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: lintian
Version: 2.115.3
Severity: wishlist
Debian has recently started requesting that graphical programs install AppStream metainfo.xml files.
https://appstream.debian.org/sid/main/issues/electrum.html
The AppStream specification has a very restricted listed of possible licenses for the metainfo.xml file.
FSFAP
MIT
0BSD
CC0-1.0
CC-BY-3.0
CC-BY-4.0
CC-BY-SA-3.0
CC-BY-SA-4.0
GFDL-1.1
GFDL-1.2
GFDL-1.3
BSL-1.0
FTL
FSFUL
https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#tag-metadata_license
No specific text is given for what they mean by the MIT license. The MIT license is a bit problematic because there are more than one license that has been called the MIT license over the years.
https://en.wikipedia.org/wiki/MIT_License#Ambiguity_and_variants
https://www.gnu.org/licenses/license-list.en.html#Expat
When most people say MIT they mean Expat, so it is standard in the industry to assume that when no specific text is given MIT == Expat.
Debian prefers the Expat name to the MIT name for this reason.
https://www.debian.org/legal/licenses/mit
The documentation for the Debian machine-readable copyright file says the following.
"There are many versions of the MIT license. Please use Expat instead, when it matches."
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-short-name
The Electrum package, which is licensed upstream as MIT, is listed as Expat in debian/copyright according to the instructions in the copyright format and because the upstream MIT license matches exactly the Debian legal Expat example.
Because the AppStream metainfo.xml file does not allow the use of the Expat name, or it will fail validation with appstreamcli, I licensed the metainfo.xml file as MIT. This made it easy to submit it upstream, which has already accepted it for the next release.
In the meantime, I included the metadata.xml file in the debian directory for the current release. However, Lintian complained that Expat != MIT.
I considered creating a override, but according to the instruction at https://lintian.debian.org/manual/index.html#overrides it seemed more appropriate to file a bug against Lintian, as every time there is an AppStream file with a MIT license this will create a false positive if matched against Expat.
To work around this, I currently created a duplicate section in debian/copyright, which doesn't seem like an efficient long-term solution.
https://salsa.debian.org/sorenstoutner/electrum/-/blob/master/debian/copyright
I personally wish that those creating licenses had been more careful about the naming thereof. Secondarily, I wish that AppStream had followed best practices and allowed the use of the Expat name. However, given that neither of those things are within my control, the next best option is to make Lintian smart enough to work around this specific situation.
This was originally discussed at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002053 but was moved to this separate bug report because it didn't end up being the same root problem.
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.116.1
Done: Axel Beckert <abe@debian.org>
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1029055@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Axel Beckert <abe@debian.org> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 23 Jan 2023 03:32:04 +0100
Source: lintian
Architecture: source
Version: 2.116.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Closes: 976636 997987 1014885 1027744 1029055 1029177
Changes:
lintian (2.116.1) unstable; urgency=medium
.
The "No More Neglected Autopkgtest Architectures" Release.
.
[ Axel Beckert ]
* bitbucket.org no more supports Mercurial.
* [Testsuite] Fix armhf+i386-only test binaries-missing-lfs. Should fix
autopkgtest on these architectures.
* unknown-section description: Factorize explanations to avoid repitions
as suggested by Cyril Brulebois. (See also below.)
* Fix remaining i386 testsuite issues due to missing brackets.
* Don't emit inconsistent-appstream-metadata-license with "MIT !=
Expat". (Closes: #1029055)
* Update Lintian User's Manual for pointed hints in tags and overrides.
Thanks to Soren Stoutner. (Closes: #1029177)
* Whitelist Autobuild, Go-Import-Path, and Ruby-Versions from
unknown-field. (Closes: #1014885)
* Don't emit spare-manual-page for binaries in /usr/libexec/.
(Closes: #1027744)
* Refresh static data.
* data/java/constants: Default is now Java17, versions available up to Java21.
.
[ Cyril Brulebois ]
* Add non-free-firmware to known archive areas.
.
[ William Desportes ]
* Fix lintian package-contains-documentation-outside-usr-share-doc
matches python files and robots.txt. (Closes: #997987, #976636)
* Add more typo fixes.
Checksums-Sha1:
41fb83522f49b9cdcd83993595db553fa64bf8b1 3922 lintian_2.116.1.dsc
06ddc2e86b496b0198a0a7da743320a4a45de2d4 2228744 lintian_2.116.1.tar.xz
ad0015e8d8d101c7a1a8df71c6bc41d464e6af33 27960 lintian_2.116.1_source.buildinfo
Checksums-Sha256:
f4620ec7dfbcf3e9b6427766b1258825dc22312cf2cbb719424161de7d2802c1 3922 lintian_2.116.1.dsc
ba3bb5ff5e9b4d2e3315510de86a4496743165242c31c40b03976c9872bf58ba 2228744 lintian_2.116.1.tar.xz
e83398a318f73e6ab8f03db9ba311e62b014964bc7ddd796fbf57f56a49ae8db 27960 lintian_2.116.1_source.buildinfo
Files:
c7a0db1dc4a0af34fad1d1048667a241 3922 devel optional lintian_2.116.1.dsc
10341993944ef4519b7c3a3664f5f822 2228744 devel optional lintian_2.116.1.tar.xz
d6a59e443562c9ad7105300d0c57211d 27960 devel optional lintian_2.116.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAmPOUQoACgkQa+Zjx1o1
yXUuCw/9HpXhHg89jSs8hBXzBqVeHtUK5/DfpUzB7CHBhGBTqr40w0Hw6mpzok+O
Qu5MWYLZvEuKAFVfrqYxg13Pw5m8NLRw5qCKyjSWX9GHHkOmz3eRtvDMhmP3hr27
numjY6am7HoeKgHHxCiyMJyjmW/qPlBFNEVb7L/5CrTQhnH3EflXZ4I2Qx1WDhV3
55iY/1TQfecieHOTMRfBfQWisILm1sDIHaVP126rHgylkKhxLpZE9Di0+rO3twM+
G2JkKbnkdrswSnJ69QSoT7Gdhx3ICRIxYtGEs+RnISvyfld58zaoN7CZl4ZnZgHD
+rj56l9+8WeRmenBQkikQQMVtfmTxtRGcdbIN6hb0wqj/t3OVw+FRsJUnqpvVyn5
Z1cWlvIPbljv0lA6LQRuTwigeMUCqOGXqzFrBjWols4O0ERn7z2vONCdxu1XptUN
ovvHoIy0Jf8CohD9iorqq/tS2wfsaK2BjHT5VUPzXsbKdfP10VJsENq5S5DmVw7F
wkhfIpDbBrjZeR/ZB3rs0X1YU7Ff785kt43gCs6Y4MchaQv7Gs9DiFXNo9jyHkm8
MrF5O+48tG2GQiNnGB8V/C1+VMfJp2LyW+vmS03Pl3S5WfNm7hVwneby2IB14Bcd
vevwE+PucCu5grJ5PrxPib0NhuMDXElZLU3DZp/RNUHY3L/s/ps=
=JoZ0
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: