Unaddressed use cases for machine-readable debian/copyright files
Hi folks,
Sorry to bother you again so soon.
In returning my attention to current Debian packaging practices and
conventions I took my first serious look at good old DEP5, and brought
the debian/copyright file for my first-ever package, xtrs[1], into
conformance with the new[2] standard[3].
However, in doing so, I encountered some use cases that are not covered
by this standard. Happily, all of them triggered lintian warnings as
well, which gives me a framework within which to present my problems.
The attached debian/copyright file may also illuminate these matters.
W: xtrs source: empty-short-license-in-dep5-copyright (paragraph at line 48)
N:
N: The short license field in the machine readable copyright file is empty.
N:
N: Refer to
N: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N: details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: source-copyright, Type: source
N:
1. I left this field blank because there are several files which bear no
copyright notice at all. There is also no "top-level" copyright for
this package, and some of the files are probably not copyrightable
anyway, or are not independent works from other files in the
distribution. (See my Comment in the file.) I would like a successor
to DEP, call it DEP5++ for the nonce, to give me a mechanism for
declaring that a set of files fall into one of these categories which
are not really subject to machine analysis. This is not a rare or
unusual case. Based on my work experience in this area, I am strongly
confident that this issue affects many, many packages in main. Many of
them are old, or come from the BSD tradition, or are from authors who
for whatever reason simply don't care to slap a copyright notice on
everything in sight.
My ask: As a package maintainer, I'd like a way to designate files in my
package as having been reviewed by me and, in my opinion, are at least
as freely licensed as some license used elsewhere in the package, and
which I impute to these files for analytical convenience.
W: xtrs source: missing-license-paragraph-in-dep5-copyright timothy mann xtrs permissive non-copyleft license (paragraph at line 142)
N:
N: The files paragraph in the machine readable copyright file references a
N: license, for which no standalone license paragraph exists.
N:
N: Refer to
N: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N: details.
N:
N: Severity: normal, Certainty: possible
N:
N: Check: source-copyright, Type: source
N:
2. DEP5 is asking me to violate DRY. It seems like a terrible idea to
do this. I've already pasted the license boilerplate into this file
once, why can't I take advantage of that by citing to it by some form of
reference? Why don't I just merge the filename patterns in with the
first occurrence of the license boilerplate? Because the copyright
holder is different. This package has 4 different copyright holders[5]
and 2 different licenses in it. 3 of those 4 copyright holders use the
"Tim Mann xtrs license", and the last, the original authors of xtrs,
Clarendon Hill Software, use another, which is just as permissive but
not as terse or clean.
My ask: As a package maintainer, I'd like to be able to designate a
license expression as an anchor to which subsequent Files->License
fields can refer, reducing the length, redundancy, and human parse time
of the document.
As a fan of YAML, I'd be thrilled if I could do something like this:
Files: foo.c bar.c
Copyright: 2013 Moe Szyslak
License: *FOOBAR-1
This program is free and libre software; yadda yadda yadda...
.
This program is distributed in the hope that yadda yadda yadda...
.
You should have received a copy of the Foo Bar License yadda...
Files: baz.c
Copyright: 2017 Branden Robinson
License: &FOOBAR-1
W: xtrs source: space-in-std-shortname-in-dep5-copyright timothy mann xtrs permissive non-copyleft license (paragraph at line 142)
N:
N: The license header contains a short name with a space, which does not
N: conform to the specification.
N:
N: Refer to
N: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ for
N: details.
N:
N: Severity: minor, Certainty: certain
N:
N: Check: source-copyright, Type: source
N:
W: xtrs source: space-in-std-shortname-in-dep5-copyright clarendon hill software xtrs permissive non-copyleft license (paragraph at line 89)
3. This one's relatively simple. What sort of identifier am I suppose
to use if a license in use by my package appears neither in the Debian
spec[3] nor in the SPDX license list[6]? I guess I can make up my own,
but shouldn't we offer the package maintainer a bit more guidance in
this respect? Shouldn't we have some naming conventions[7]? I spoke to
Paul Wise on #debian-devel about this and he noted that (I'm
paraphrasing) Debian institutionally does not feel bound to SPDX
namespace or analytical precedents. That's fine, but tools and users
need to be able to recognize the difference between "GPL-2" and
"GPL-2.0". The first is our short name, the second is SPDX's. That's
not going to be obvious to many people. I think packagers should be
free to use SPDX license identifiers if they want to (upstream might
also do this).
My ask: As a package maintainer, I want namespaces for brief designators
of licenses.
I think we need at least three:
A. Debian's, as maintained by the Policy Manual maintainers;
B. SPDX's; and
C. package-private ones, which is my immediate use case.
I propose that (A) be implicit, (B) require an "SPDX:" prefix, and (C)
require a prefix of a form I'm not sure of yet--maybe "package:",
"private:", or "local:".
I humbly and eagerly await your feedback.
Regards,
Branden
[1] popcon score: 3; the fates of nations hang on this package!
[2] to me
[3] https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
[4] Indeed, such slathering is sometimes done to excess. The XFree86
team used to run a script every year to "bump" the year expressions
in their copyright notices regardless of whether any copyrightable
changes had been made to a file in the previous 12 months, or even
regardless of any changes at all. They were and are not alone in
this practice.
[5] Don't look now, but as the author of the cpmutil.html document,
Roland Gerlach likely has copyright on it as well.
[6] https://spdx.org/licenses/
[7] Apart from "don't put spaces in there", which is documented, and
"the license 'short name' you chose is way too long", which is
obvious, not documented, but one way to avoid namespace collisions.
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: xtrs
Source: http://www.tim-mann.org/xtrs.html
Disclaimer: Requires non-DFSG-free ROM images and/or operating systems
to be useful for most purposes.
.
There is a freely-licensed boot ROM for Model 4P emulation provided with xtrs;
however, this boot image can only be used to boot an operating system designed
for the Model 4 (it is not sophisticated enough to load the BASIC interpreter
ROM for Model III compatiblity mode, provided on Model 4P TRSDOS disks as a
file called MODELA/III). Since most users will likely be using this emulator
to run proprietary legacy applications for the TRS-80 computers, I do not
regard this exception as sufficient to recategorize xtrs for inclusion in main.
.
It is worth keeping an eye on projects like Contiki and FUZIX; if one of them
becomes useful under xtrs, that would be an argument for moving xtrs to main.
+ http://www.contiki-os.org/
+ https://github.com/EtchedPixels/FUZIX
Comment: ChangeLog
Makefile
cassette
cassette.man
cassette.sh
cassette.txt
cpmutil.html
crc.c
do6.jcl
dskspec.html
expall.bas
fakerom.lst
fakerom.z80
hex2cmd.man
hex2cmd.txt
m1format.fix
mkdisk.man
mkdisk.txt
reed.h
trs_chars.c
utility.jcl
xtrs.man
xtrs.txt
contain no copyright notices. I (Branden Robinson) presume them to be under
Tim Mann's license (see below). Some of them are plainly derived from others
(such as cassette.txt from cassette.man), and some may have been written by
other people (e.g., cassette.sh was written by me, albeit obviously a it's a
sort of transliteration of cassette [csh]).
Files: *
Copyright: 1998 Timothy Mann
License:
This software may be copied, modified, and used for any purpose without fee,
provided that (1) the above copyright notice is retained, and (2) modified
versions are clearly marked as having been modified, with the modifier's name
and the date included.
Files: cd.ccc
mount.ccc
pwd.ccc
truedam.ccc
umount.ccc
unix.ccc
xtrs8.lst
xtrs8.z80
xtrshard.lst
xtrshard.z80
xtrsmous.lst
xtrsmous.z80
Copyright: 1998 Timothy Mann
License: Timothy Mann xtrs permissive non-copyleft license
This software may be copied, modified, and used for any purpose without fee,
provided that (1) the above copyright notice is retained, and (2) modified
versions are clearly marked as having been modified, with the modifier's name
and the date included.
Files: cmd.[ch]
hex2cmd.c
trsdisk.[ch]
trs_imp_exp.[ch]
trs_interrupt.c
Copyright: 1996 Timothy Mann
License: Timothy Mann xtrs permissive non-copyleft license
Files: cmddump.c
load_cmd.[ch]
mkdisk.c
Copyright: 1996-98 Timothy Mann
License: Timothy Mann xtrs permissive non-copyleft license
Files: compile_rom.c
config.h
debug.c
dis.c
error.c
load_hex.c
main.c
trs.h
trs_cassette.c
trs_io.c
trs_iodefs.h
trs_keyboard.c
trs_memory.c
trs_printer.c
trs_xinterface.c
z80.[ch]
Copyright: 1992 Clarendon Hill Software
License: Clarendon Hill Software xtrs permissive non-copyleft license
Permission is granted to any individual or institution to use, copy, or
redistribute this software, provided this copyright notice is retained. This
software is provided "as is" without any expressed or implied warranty. If
this software brings on any sort of damage -- physical, monetary, emotional, or
brain -- too bad. You've got no one to blame but yourself.
.
The software may be modified for your own purposes, but modified versions must
retain this notice.
Files: export.lst
export.z80
import.lst
import.z80
settime.ccc
xtrsemt.ccc
xtrsemt.h
Copyright: 1997 Timothy Mann
License: Timothy Mann xtrs permissive non-copyleft license
Files: settime.lst
settime.z80
Copyright: 1998 Ulrich Mueller
License: Timothy Mann xtrs permissive non-copyleft license
Files: trs_hard.[ch]
trs_uart.[ch]
Copyright: 2000 Timothy Mann
License: Timothy Mann xtrs permissive non-copyleft license
Files: xtrsrom4p.README
xtrsrom4p.lst
xtrsrom4p.z80
Copyright: 1999 Peter W. Cervasio
License: Timothy Mann xtrs permissive non-copyleft license
Files: debian/*
Copyright: 1998-2006, 2008, 2017 Branden Robinson <g.branden.robinson@gmail.com>
License: Timothy Mann xtrs permissive non-copyleft license
# vim:set ai et sw=2 ts=2 tw=80:
Reply to: