Hello everyone (I'm new to Debian development so please be lenient if this was discussed already or is missing the point)
I was wondering about d/copyright files and their correctness when it comes to the information they contain about Free Software licenses contained in upstream projects. Let's assume an upstream project which has a sole author and includes a LICENSE file, say BSD-2-clause, in the project root. The simplest d/copyright stanza for that case - disregarding the debian/* contents in the package - would be: Files: * Copyright: YYYY The Author <[email protected]> License: BSD-2-clause Now, im my head, this implies that the upstream contained BSD 2 clause LICENSE was written by The Author in YYYY. While not necessarily dramatic, I think this is somewhat misleading. However, what is the alternative? Is there an authoritative source under which license every SPDX/OSI/CC License itself is (FWIW, lrc assumes under itself: GPLv3 as GPLv3 licensed) and who their actual copyright holders are? I'm not asking this out of a fetish for legal nitpicking, but rather from an automation angle: I'm evaluating the use of [spdx2debian][1] for the automated creation of d/copyright (in short: it's not quite there yet). spdx2debian converts the output of [reuse][2] lint (on spdx compliant projects) for the generation of the d/copyright entries. The [REUSE spec][3] - and therefore the reuse tool - disregard (i.e. do not require licensing headers) for the LICENSES/ directory as well as .license files (which contain licensing information for binary files) and some others. For spdx2debian this means, that its generated d/copyright will not contain entries for those files. This makes Lintian unhappy. [1]: https://codeberg.org/buhtz/spdx2debian [2]: https://codeberg.org/fsfe/reuse-tool [3]: https://reuse.software/spec-3.3/#covered-and-ignored-files So somewhere in this process, the licensing information of licensing materials has to be augmented (unless we decide to not have to provide copyright statements for the same files as the reuse spec). What is unclear to me, however, a) where that place in this process is (reuse, spdx2debian, DD), and b) what the correct licensing of licenses even is. Have others had the same questions before and come to good answers? Or are these the wrong questions to ask in the first place? Thanks in advance for sharing your thoughts. Best, -- Alex # No gods, no masters. # 47A5 9C45 FA69 E651 25ED 0B98 9891 FC5D 3C3C 4426
signature.asc
Description: PGP signature
