Hello Bas,
On Fri, Sep 4, 2015 at 1:39 AM, Sebastiaan Couwenberg <[email protected]>
wrote:
> On 04-09-15 00:32, Johan Van de Wauw wrote:
> > I made some final changes and committed. Since otb relies on
> > libinsighttoolkit which currently does not install on unstable I would
> > target experimental. We can bring it to unstable (and testing) after
> > passing through the new queue.
> >
> > I can not sponsor, but someone else on the debian GIS list may do it.
> > I do recommend uploading to mentors anyway as it learns you some
> > things about uploading and the overview sometimes reveals additional
> > errors.
> > Since Andreas (cc) was involved earlier in packaging, he is probably
> > the best person to ask for sponsoring.
>
> Before considering otb ready for an upload even to experimental, there
> are still some issues to be dealt with.
>
> The changelog, copyright & watch file all handle the repacking with the
> +dfsg suffix, but the repacked tarball is not in the upstream nor
> pristine-tar branch, so no-one can generate the tarball from git. The
> 5.0.0+dfsg upstream release got hidden in the annotated tag. I've
> recreated the tag with `gbp import-orig` on a newly downloaded &
> repacked tarball.
>
> The license paragraphs for LGPL-{2,3}, Apache2.0 & public_domain are
> missing, and should use common SPDX-like license shortname as documented
> in copyright-format 1.0:
>
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-specification
>
> At least the shortnames CECILL-2.0, Apache-2.0 and public-domain should
> be used, and public-domain is special:
>
> "
> The License short name public-domain does not refer to a set of
> license terms. There are some works which are not subject to copyright
> in any jurisdiction and therefore no license is required for any
> purpose covered by copyright law. This short name is an explicit
> declaration that the associated files are "in the public domain".
>
> Widespread misunderstanding about copyright in general, and the public
> domain in particular, results in the common assertion that a work is
> in the public domain when this is partly or wholly untrue for that
> work. The Wikipedia article on public domain is a useful reference for
> this subject.
>
> When the License field in a paragraph has the short name
> public-domain, the remaining lines of the field must explain exactly
> what exemption the corresponding files for that paragraph have from
> default copyright restrictions.
> "
>
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#public-domain
>
> The public-domain license can there not use a standalone license
> paragraph which is recommended to not duplicate license texts.
>
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#stand-alone-license-paragraph
>
> The typical public-domain license text copies the public domain
> statement from the source verbatim.
>
> The use of LGPL-{2,3} and then only linking to the file in
> common-licenses because those files actually document LGPL-{2,3}+. The
> "or later" clause has a big impact in license compatibily. If you want
> to get away with only linking to the common-licenses the shortnames need
> to change to LGPL-2+ & LGPL-3+, but that's not what the copyright
> headers say.
>
> Modules/ThirdParty/SiftFast/src/ is clearly LGPL-3+ (not v3 only),
> that's an easy fix.
>
> Modules/ThirdParty/OssimPlugins/src/ossim* have a different mix of LGPL
> declarations, a lot of them without any explicit version. So which is it?
>
All these files in Modules/ThirdParty/OssimPlugins/src/ossim are derived
form OSSIM which was using LGPL-2 or higher. All these class have mentioned
LGPL in their license. But it is sure that they are LGPL-2 or higher.
Specifiying LGPL-2+ in the debian/copyright for these file would be
sufficient?
FYI, svn trunk now shows MIT license -
http://svn.osgeo.org/ossim/trunk/ossim/LICENSE.txt
> The ITK derived files are unclear about which version they're taken
> from, and ITK upstream uses different licenses for their versions:
>
> http://www.itk.org/ITK/project/license.html
>
> The Source or Comment field also needs to document why the upstream
> source is repacked:
>
> "
> Source
>
> Formatted text, no synopsis: an explanation of where the upstream
> source came from. Typically this would be a URL, but it might be a
> free-form explanation. The Debian Policy section 12.5 requires this
> information unless there are no upstream sources, which is mainly the
> case for native Debian packages. If the upstream source has been
> modified to remove non-free parts, that should be explained in this
> field.
> "
>
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#source-field
>
> "
> Formatted text, no synopsis: this field can provide additional
> information. For example, it might quote an e-mail from upstream
> justifying why the license is acceptable to the main archive, or an
> explanation of how this version of the package has been forked from a
> version known to be DFSG-free, even though the current upstream
> version is not.
> "
>
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#comment-field
>
Files in Modules/ThirdParty/ITK/include/
are all derived from ITK4 and hence license applied is Apache-2.0. The one
file which says CECILL is otbWrapImageFilter. This has a slight
modification from the orginal ITK class itkWrapImageFilter which has
License Apache-2.0
These are pending patches kept for OTB but not pushed to itk because they
are in ITK deprecated modules. one class itkUnaryFuctionImageFilter.* is
rejected by ITK because the modification only concerns otb.
I can include this detail in the comment section. would that be sufficient?
I'm not even halfway done with the license & copyright review, but I'm
> done for today. It's already clear that the copyright file needs more
> work to properly document the license & copyright for the OTB source.
>
> I've pushed my changes so far, but more are still required.
>
> Kind Regards,
>
> Bas
>
> --
> GPG Key ID: 4096R/6750F10AE88D4AF1
> Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
>
>
--
Regards,
Rashad
