On 2020-02-24 8:51 p.m., Georg Faerber wrote: > On 20-02-15 19:30:33, Gabriel Filion wrote > I guess, personally, I would just get rid of this file via a > Files-Excluded: stanza in debian/copyright and leveraging the repack > feature of debian/watch to repack (to remove said file) the upstream > tarball. I don't quite know what those feature are, but if I understand correctly you mean you would remove the file to avoid the licensing issue altogether? The problem is that this file is the core of this library's functionality, e.g. it parses the json file and then compares the license strings you ask it to lookup with the licenses that are listed in the json file. So I can't really get rid of it without rewriting how the library gets its information. >> The code ships a json file that contains information about all of the >> licenses that the library helps with identifying. This json file was >> copied from the SPDX web site: >> >> https://github.com/domcleal/spdx-licenses#spdx-licenses >> >> From what I could gather, the website specifies that all content is >> covered by CC-BY 3.0: >> >> https://spdx.org/Trademark >> https://www.linuxfoundation.org/terms/ >> >> Then, I also found some mentions about some terms related to the use >> of the SPDX name, which would be present in the package name and in >> the description, and this is where I feel like I'm in uncertain waters >> (at least for me): >> >> https://spdx.org/frequently-asked-questions-faq-0 >> >> "Can I use the SPDX trademark? >> Yes. It is a registered trademark so don't forget the (r)." >> >> Do I need to add (r) after the name "SPDX" in the description? Is it >> an issue if the name is used in the package name (since it's in the >> name of the gem) ? > > As far as I understand, this is about a single json file, which > copyright foo is unclear. I'm by no means an expert in this field, > probably debian-legal@ is able to help. right, I'll ask debian-legal@ for advice on this.
Attachment:
signature.asc
Description: OpenPGP digital signature