Hello, Am 17.05.26 um 08:54 schrieb [email protected]:
Hello togehter,I am the upstream author of "spdx2debian" and beside of that not involved in Debian Maintaining.The resue-tool itself "ignores" license files when validating the SPDX- compliance of a project. As some of you pointed out it is tricky to add a license to a license file. So why not exclude license files from lintian (and other similiar tools) and modify the Debian policy accordingly.Adding a license to a license feels like a workaround to me.On the other hand, "reuse-tool" does not recognize "d/copyright" as a license file, so it warns if there is no license for that file. Therefore, "spdx2debian" currently generates a license file for it using "CC0-1.0" as license and "None" as copyright holder. It is also a workaround.
The file d/copyright can't be licensed under CC0-1.0. Reason: The freedoms granted by CC0-1.0 can't be applied.CC0-1.0 grants the freedom to use, understand, distribute, and modify the source code. However, it is precisely this last freedom that is absent from most licenses.
On the other side it is a legal requirement to include the licenses in the package(s) to the user.
I believe this fact must be explicitly taken into consideration in every tool.
Regards, Christian Buhtz
Regards -- Mechtilde Stehmann ## Debian Developer ## PGP encryption welcome ## F0E3 7F3D C87A 4998 2899 39E7 F287 7BBA 141A AD7F
OpenPGP_signature.asc
Description: OpenPGP digital signature
