[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On 27/08/11 20:35, Russ Allbery wrote:
> Ximin Luo <infinity0@gmx.com> writes:
>> I've been trying to package a bunch of mozilla extensions and getting
>> used to all the book-keeping that debian packages need, much of which is
>> copyright.  I read DEP-5 and have been working on getting my
>> debian/copyright files to conform to that standard. However, one major
>> annoyance is the inclusion of verbatim licenses, in particular MPL-1.1.
> I simply don't buy the idea that this is any sort of significant
> annoyance.  You only have to do the work to convert MPL-1.1 to DEP-5
> format once, and then you can just copy and paste it from one package to
> the next when they're under the same license.  Compared to the other work
> required to produce a good Debian package, this is minor, and after the
> first time takes a minute or two at the outside.

The cost of the initial setup means that people don't do this in practise. I
have not come across a single debian/copyright file with the full MPL text in
it. Having a unified shared package for licenses makes this a lot easier.

>> The "correct" way (according to a strict interpretation of debian policy
>> and DEP-5) to do this is to include MPL-1.1 verbatim within a License:
>> paragraph,
> Correct.
>> which means you need to indent every single line by one space, and fill
>> in the blank lines with a "." character.
> Which takes all of 15 minutes of work at most in a good editor, that you
> only have to do once, and then you're done forever.  (You probably want to
> check with diff that the MPL for one package is actually the same as the
> MPL for the next package, but that's fast.)

This is flawed logic. Because there is no standard for this, and because this
is a side issue from actual package work, every maintainer needs to work out
this solution for themselves, and does things in a slightly different way.

>> The "hardcore" geeks will say "oh you can write a sed script to do that
>> easily", but this takes some mental effort, so not surprisingly people
>> have come up with their ad-hoc solutions to this, usually involving
>> including MPL.txt or somesuch in the /doc/ folder.
> I believe those packages are buggy, and I actually wouldn't be surprised
> if ftp-master rejected them, although that's between the package
> maintainer and ftp-master.  It's just not that difficult to do the right
> thing, particularly since one can probably pool resources and use the same
> DEP-5 conversion of MPL-1.1 in multiple packages.
>> The problem is that everyone does this in slightly different ways, so it
>> becomes very hard to extract this information mechanically.
> This doesn't make sense to me.  DEP-5 has a clear explanation of how to
> designate the license used by the package in a way that doesn't involve
> the wording and which is mechanically extractable.  Nothing about the
> process of putting the legal text in debian/copyright is relevant to the
> problem of mechanical extractability of the licensing information for the
> package.

You missed my point. Verbatim text in copyright may be mechanically
extractable, but not easily verifiable. It's hard in the general case to verify
that a license block called "MPL" actually contains the full correct MPL text,
both for machines and humans.

To re-quote myself - one might see that a package points to MPL.txt [or a
license paragraph with the MPL header], then assume it's the MPL, but then
<strong>why have that file [or text] there in the first place, if you're not
going to read all of it</strong>?



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: