Bug#884228: debian-policy: please add OFL-1.1 to common licenses

To: Markus Koschany <apo@debian.org>
Cc: Jonathan Nieder <jrnieder@gmail.com>, Bill Allombert <ballombe@debian.org>, 884228@bugs.debian.org
Subject: Bug#884228: debian-policy: please add OFL-1.1 to common licenses
From: Russ Allbery <rra@debian.org>
Date: Fri, 29 Dec 2017 15:34:02 -0800
Message-id: <[🔎] 87o9mh153p.fsf@hope.eyrie.org>
Reply-to: Russ Allbery <rra@debian.org>, 884228@bugs.debian.org
In-reply-to: <[🔎] 9c9f9e24-ec61-3185-d3e6-461d86f4c7c1@debian.org> (Markus Koschany's message of "Sat, 30 Dec 2017 00:02:55 +0100")
References: <[🔎] c27abe9f-caa0-e84d-80af-4e318eca61da@debian.org> <[🔎] 20171213182212.GI214273@aiede.mtv.corp.google.com> <[🔎] c27abe9f-caa0-e84d-80af-4e318eca61da@debian.org> <[🔎] 87608rkf6r.fsf@hope.eyrie.org> <[🔎] 20171228102102.GA21969@yellowpig> <[🔎] d98be3ce-06e6-3992-1c60-01f464ea9f81@debian.org> <[🔎] 20171228193914.GD92530@aiede.mtv.corp.google.com> <[🔎] 922e6fea-9d44-1e2e-07e1-28d1bedbee34@debian.org> <[🔎] 20171228211938.GE92530@aiede.mtv.corp.google.com> <[🔎] 9cf9c5ba-6168-4592-aaaf-639080cad3a5@debian.org> <[🔎] 20171228230632.GG92530@aiede.mtv.corp.google.com> <[🔎] 4bd2c06d-8e39-905b-cee7-770862d6f48b@debian.org> <[🔎] 87y3ll17tz.fsf@hope.eyrie.org> <[🔎] 9c9f9e24-ec61-3185-d3e6-461d86f4c7c1@debian.org> <[🔎] c27abe9f-caa0-e84d-80af-4e318eca61da@debian.org>

Markus Koschany <apo@debian.org> writes:
> Am 29.12.2017 um 23:35 schrieb Russ Allbery:

>> Policy does not require that.  ftpmaster might, which is not quite the
>> same thing.

> That's a bold claim.

> "Every package must be accompanied by a verbatim copy of its copyright
> information and distribution license in the file
> /usr/share/doc/package/copyright"

I think there's an active project debate of the meaning of just about
every word in that sentence, and most of those debates have gone on for
years.  For example, does "verbatim" mean that collapsing multiple
copyright statements into one as allowed by copyright-format 1.0 is a
Policy violation, since that makes the copy not "vertabim"?

Anyway, the point that I was trying to make is that Policy says you have
to copy the copyright information and distribution license.  There's
nothing in there that says this means every license in the source package;
even ftpmaster doesn't require the licenses in, say, configure and
Makefile.in be copied.  An equally valid interpretation is that this is
the license under which the package is distributed, which is probably the
most restrictive of the set of licenses that cover the material that went
into the derivative work, or the union of them, depending on the exact
wording of the licenses.

In other words, if you have a few public domain files, a few GPL-2+ files,
and a few GPL-3+ files, there's nothing in Policy right now that says you
can't just put the GPL-3 into /usr/share/doc/package/copyright of the
resulting binary package and be done with it, since that's the effective
distribution license for the binary package.  However, that's not the
current ftpmaster policy, and ftpmaster both predates Policy and is the
decision-making body in Debian responsible for this.

That means Policy is at best horribly ambiguous and at worst wrong and
should be fixed to state the actual requirements, which I think everyone
agrees on.  Fixed to say *what* is the problem.

> Experience tells me that packages are rejected if they don't mention
> _each and every_ copyright information.

> I'm absolutely certain this warrants rejects by the FTP team. In my
> opinion Policy should always be in sync with ftpmasters decisions. I
> understand that this is not always easy to achieve but if your statement
> is true, it is kind of shocking because it means the ftpmasters are
> above Policy.

We would love to bring Policy in sync with ftpmaster decisions as soon as
we can figure out how to describe them.  That sounds flippant, but it's
the essence of the current situation: Policy says the bare minimum (and
the same thing it's said for years) because we don't have a more accurate
description of the actual requirements that everyone has signed off on.

This isn't ftpmaster's fault, in that I don't think they have a concrete
guide either.  It's more an apprenticeship and tradition thing, which
doesn't seem to be standardized sufficiently to turn into Policy language.
I feel like that would be a good goal for the project, but this has also
been something we've all wanted for years and years now.  It's clearly
quite hard to achieve, and I'm not sure the right path that would get us
there.

That's why I've been arguing in debian-devel in favor of a working group
to try to analyze this and produce a written policy we can get consensus
on.  Then we can put that into Policy and hopefully everyone will finally
be on the same page.

>> The Expat license grants *anyone* the right to do that, so the Debian
>> package maintainer can do this just as easily as upstream can.

> This is correct and sounds completely sensible to me. From my personal
> experience I can say this is not the reality though. We are required to
> mention public-domain licensed files and very permissive licensed files
> in d/copyright too. I can't just write the package is licensed under the
> GPL-2. I have to mention _all_ the different licenses in one package,
> otherwise my package gets rejected.

Yes, I know, but this is not coming from Policy.  Policy is basically
silent on this.

Please note: I'm not saying Policy *contradicts* ftpmaster either.  I'm
saying that Policy basically doesn't document the requirements for
debian/copyright.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Russ Allbery <rra@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Bill Allombert <ballombe@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Jonathan Nieder <jrnieder@gmail.com>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Russ Allbery <rra@debian.org>
- Bug#884228: debian-policy: please add OFL-1.1 to common licenses
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Bug#884228: debian-policy: please add OFL-1.1 to common licenses
Next by Date: Bug#884228: debian-policy: please add OFL-1.1 to common licenses
Previous by thread: Bug#884228: debian-policy: please add OFL-1.1 to common licenses
Next by thread: Bug#884228: debian-policy: please add OFL-1.1 to common licenses
Index(es):
- Date
- Thread