[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: aescrypt

* Benoît Knecht <benoit.knecht@fsfe.org> [110804 20:54]:
> I've seen that, but they need to make that perfectly clear in the
> license header of each file in the tarball. An email sent to you and
> reproduced in the debian/copyright file is not enough.

There is nothing special about the source files. There is a need to
have a license, there is no need that this license statement must be
in the files itself or even in the tarball.
(Though it definitely extremly recommendable to have the license clearly
stated in every file and the postamble of the GPL recommending this
has definitely be counted as one of the best things the FSF ever did).

> It is crucial
> that they fix this _upstream_, you can't simply add a note in the debian
> packaging about that.

As long as debian/copyright contains something giving us and the users
a license by people authorized to do so everything is fine.

> And again, if they want to make sure that the license they're using is
> free, they should use one of the well known free software licenses such
> as the 3-clause BSD or the Expat license; if that's still too
> restrictive for their taste, they could use a public domain license such
> as CC0.

While it is definitely recommendable to use something already existing
to avoid common pitfalls, that does not mean everything else is

> And please, if you're discussing these licensing issues with upstream,
> don't forget to also remind them about including a copy of the GPL along
> with the source; it _is_ a license violation not to do so.

This is definitely something that is needed. (Or replacing the code
with code unter other licenses, at least for sha256 there is less
restrictive code flowing around).

To get to the real problems:

debian/copyright is not giving the license statement from those files.
(the message it quotes does refer to something not quoted, I guess the
statement found in the files).

The original license statement as far as I see mostly misses the
explicit permission to modify and distribute modified and to give
others the same permission (or it should be clear that it gives those
permissions to eveyone).

The message quote in debian/copyright starts with describing what this
license is supposed to do and then continues with "I’ll go further in
saying...". Here it is unfortunately not very clear if this is a
addional grant of license or a wrong description about the one found
in the files.
I think this needs improvement (having that in the upstream files
would of course be nice, but as long as you can a explicit permission
of the copyright holder that everyone may use, copy and/or modify
and state this grant in the file that would be enough).

And the files are GPL-2, how do you get to the GPL 3 in
seem to be debian/copyright?

	Bernhard R. Link

Reply to: