including complete corresponding licence information should stay a requirement (was Re: Debian Policy 4.3.0.0 released)

To: Sean Whitton <spwhitton@spwhitton.name>, debian-policy@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: including complete corresponding licence information should stay a requirement (was Re: Debian Policy 4.3.0.0 released)
From: Thorsten Glaser <tg@debian.org>
Date: Sun, 23 Dec 2018 20:56:02 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.1812232050110.5620@herc.mirbsd.org>
In-reply-to: <875zvka6jj.fsf@zephyr.silentflame.com>
References: <875zvka6jj.fsf@zephyr.silentflame.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Sean Whitton dixit:

>2.3 & 4.5
>    In cases where a package's distribution license explicitly permits
>    its copyright information to be excluded from distributions of
>    binaries built from the source, a verbatim copy of the package's
>    copyright information should normally still be included in the
>    copyright file, but it need not be if creating and maintaining a
>    copy of that information involves significant time and effort.

I quite disagree. Downstreams will require the licence information,
and if it’s included in the source package, it’s easy enough to add
it to the binary package, and if not, the above does not apply either.

I recently did the work to audit swagger-ui-dist, which is built
using “modern web 2.0” tools from over 80 NPM packages, and it took
me some hours, but we now have a licence file for the binary, and
upstream was actually thankful about these efforts.

I would expect that, even if it’s hard, this to be mandatory part
of packaging anything for Debian. I will be very unamused about
packages without correct corresponding licence information EVEN
IF the upstream licence allows such, because ONLY the presence of
such correct licence information in the Debian package shows that
an actual audit of the legal situation has been done (and only
after that, this decision to not include the information could be
done, and by then, the information will already be there, so it
must (in my opinion) still be included).

I hereby ask that this change be reverted.

bye,
//mirabilos
- -- 
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence.		-- Coywolf Qi Hunt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (MirBSD)
Comment: ☃ ЦΤℱ—８　☕☂☄

iQIcBAEBCQAGBQJcH/Y9AAoJEHa1NLLpkAfgp+MP/3CrdFlXpa3eSwxmUAMTyBfu
DuZnl6/LhTFEeqCHyw4Gmvcg4TmkBZPSQoBeVXlCfFzw8nFV1POJZh+KEv5pln4+
lHzmg8luWEoBdnsr0cN7yuQT18sNRcXg0sitPHBEaF5G+igNONOY/ibf55OxwoMu
XpCcNp8dANH7/zNeM7Yy+kiXNAHMOe8ugkE0zxydTcBCRPuZwFx261PHM5rr2Gs6
Q4XsjtWbYO02MsynwAQHoNJDLW78mfHKYeQWUyHIpKn9fvqIdFWVO2fq9RbEfo53
9gwOpe9mdSdXjcyzoKo6nprIgPfej/YeX2dJyPfUhRbpWKgFD3obAF8GbuN6n/8t
hVMyK4xAk0oiHNrCWBC+vszzmHi+O7aXc/OpIN97KaV6DaiQWt54JBkEoPQ55gnG
h31+zu+4ebQSFAoTo28Hm78c9sltaD/cIzkkqsKz5fPaS0p24U1PfWaXvyQLxMAV
8pD17weKXDFBVjabSkeLf+wMcWRpWG6SHKSbRaFPiplPl1Fd4kV1SEFDW8QIslal
dwInjL+skexlh6mOtQunEVLCuLANQVW+X7aDBSK6gTXxBy/P1fI2NrrEtOCC7OkJ
r6+EnttF5u5C69QK8JTnJoBgO/Z0Wi1j4OeeCyTm7K7bqbGIOsBiEoNFC6uNtpq/
MGfQgF4cjJw24+LPmMFh
=es6/
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: including complete corresponding licence information should stay a requirement (was Re: Debian Policy 4.3.0.0 released)
  - From: Russ Allbery <rra@debian.org>

Prev by Date: debian-policy_4.3.0.1_source.changes ACCEPTED into unstable
Next by Date: Re: including complete corresponding licence information should stay a requirement (was Re: Debian Policy 4.3.0.0 released)
Previous by thread: debian-policy_4.3.0.1_source.changes ACCEPTED into unstable
Next by thread: Re: including complete corresponding licence information should stay a requirement (was Re: Debian Policy 4.3.0.0 released)
Index(es):
- Date
- Thread