Re: RFS: polygraph

To: Michael Tautschnig <mt@debian.org>
Cc: Dmitry Kurochkin <dmitry.kurochkin@measurement-factory.com>, debian-mentors@lists.debian.org, Tollef Fog Heen <tfheen@err.no>
Subject: Re: RFS: polygraph
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sun, 03 Apr 2011 15:02:40 -0600
Message-id: <[🔎] 4D98E070.8030306@measurement-factory.com>
In-reply-to: <[🔎] 87zko7xjap.fsf@gmail.com>
References: <20101130230337.GD79388@l04.local> <8762vyt5l9.fsf@gmail.com> <[🔎] 20110403181946.GF24761@l04.local> <[🔎] 87zko7xjap.fsf@gmail.com>

On Sun, 3 Apr 2011 19:19:47 +0100, Michael Tautschnig wrote:
>>> * Package name    : polygraph
>>>   Version         : 4.0.11-1
>>>   Upstream Author : The Measurement Factory, Inc. <info@measurement-factory.com>
>>> * URL             : http://www.web-polygraph.org
>>> * License         : Apache-2.0
>>>   Section         : net

>> I have now started to review this package and found at least two fundamental
>> problems: 

I wish all our "fundamental problems" were that easy :-)

>> - The Apache license also gives a fairly precise description how it is to be
>>   applied to your work, as can be seen at the very end of 
>>
>>   http://www.apache.org/licenses/LICENSE-2.0.html
>>
>>   The codebase of polygraph does not seem to follow this requirement, which (1)
>>   makes checking for proper licensing extremely hard and (2) may even be in
>>   violation with the license requirements.

FWIW, Apache itself does not follow what you consider a license
application requirement.

For example, the very web page you linked to above, has no preamble and
just says "Copyright 2011 The Apache Software Foundation, Licensed under
the Apache License, Version 2.0" at the bottom. Moreover, Apache httpd
sources use a different preamble as well (e.g.,
httpd-2.2.17/srclib/apr/mmap/unix/mmap.c -- the first file I checked).

As for being "extremely hard" to check, it seems like an exaggeration.
Would the following preamble really leave a lot of question with regard
to the distribution license?

> /* Web Polygraph       http://www.web-polygraph.org/
>  * (C) 2003-2006 The Measurement Factory
>  * Licensed under the Apache License, Version 2.0 */

As you can see, Polygraph preamble uses the exact same text used by
Apache site. That text is a part of what is recommended by Apache
License; it just does not repeat what is already said in Apache License
itself.

IMO, we are not doing anything wrong here, but we should be pragmatic
about this issue: Humans should have no problems, but if the problem is
with automated tools used by Debian, we should try to accommodate them.
There is probably some flexibility here because they apparently work
fine with other packages using custom preambles, such as Apache httpd.
For example, perhaps including the URL of the Apache license would be
sufficient to pass those automated checks?

Thank you,

Alex.

Reply to:

Follow-Ups:
- Re: RFS: polygraph
  - From: Michael Tautschnig <mt@debian.org>

References:
- Re: RFS: polygraph
  - From: Michael Tautschnig <mt@debian.org>
- Re: RFS: polygraph
  - From: Dmitry Kurochkin <dmitry.kurochkin@measurement-factory.com>

Prev by Date: Re: RFS: blankon (updated package)
Next by Date: Re: RFS: polygraph
Previous by thread: Re: RFS: polygraph
Next by thread: Re: RFS: polygraph
Index(es):
- Date
- Thread