[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#487201: MPL in common-licenses and convenience of packaging mozilla extensions

On 29/08/11 17:48, Russ Allbery wrote:
> Jonathan Nieder <jrnieder@gmail.com> writes:
>> Allowing debian/copyright to rely on files _other_ than the common
>> licenses in base-files would be a larger and different change, so
>> off-topic for this bug.  Unless done carefully, I don't think it's a
>> good idea.
> It's important to remember that Debian has a basic legal requirement to
> provide the licensing terms with the packages that we distribute, and
> those packages are potentially independent of each other from a legal
> perspective.  Just because one package has a dependency on another doesn't
> mean that someone is required to download both packages, and when we
> distribute packages that do not include required legal texts, we're on
> shaky ground.
> The project decided to say that our packages are intended for use on a
> Debian system with the essential Debian packages installed and hence not
> duplicate licenses that are in base-files, which I think is a bit of a
> hand-wave, but which lets us avoid shipping 20,000 copies of the GPL.  The
> legal requirements are generally quite clear, and the ideal legal position
> to be in is inclusion of relevant license texts in every package so that
> the individual object that we distribute is legally complete.

OK, this is understandable. I suppose we can't get around the fact that each
source package should have the full text of a license.

However, this doesn't mean that we must include them in debian/copyright
specifically - is this restriction really necessary for policy? (I know this is
off-topic for the bug but it's a continuation of the discussion.)

It would be less trouble if you could point to license files. Normally, those
files exist with the upstream source already, and also not re-formatted, so you
can verify their contents more easily.

It would also support more powerful automation tools. For example, we can have
a dh script dereference these pointers and install all the license texts into
the package's /doc/. And maybe have a licenses-helper program which could
detect dangling pointers, and fill the common ones in automatically, to save
the maintainer having to find them if they weren't included with upstream.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: