IANAL: * On 09/17/2018 07:14 PM, Anthony DeRobertis wrote: > On 09/09/2018 12:51 AM, Ben Finney wrote: >> My understanding is that the entire operating system is delivered as >> packages, and each package declares its copyright information in its >> ‘/usr/share/doc/$PACKAGENAME/copyright’ document. > That does raise an interesting question — things like the package long > description are used all over the place, and combined together (e.g., in > the package lists). > [...] > Is https://packages.debian.org/stretch/bash a GPL violation, because it > doesn't include the full text of the GPL, a copyright statement, etc.? > In fact, it claims (via tiny license terms link at the bottom) to be > under MIT.
Generally, this is package metadata and has one or multiple entries in the debian/copyright file per package for the whole debian subdirectory - typically GPL-2+ or the like. As you've already seen, this file normally is also installed with other data and can be viewed on the local system after the fact. I cannot see a violation, other than maybe not parsing information in debian/copyright and publishing it per-package on websites or whatever else uses this information. This, however, is not trivial to do (for instance some files within the directory could be differently-licensed, the format isn't too machine-friendly, ...) While, e.g., GNU programs recommend to include at least the license name somewhere in the help text, though better even the short license text, there is no hard guideline to *always* specify the license whenever something is executed or shown. Such a requirement doesn't exist for a good reason - it would spam the license all over the place. Even apt-cache would have to list licenses for each package (for instance in the search command that does list short descriptions). Thinking of artwork, if some requirement like this was in effect, every piece of artwork would need to state the license as well, which sounds very ugly. Think watermarks for visual artwork or spoken text for aural artwork. As long as the copyright and license information is available and properly stated, everything's fine. > Translations are made, maintained outside the > package (AFAIK), and then combined together and displayed various places. As far as I know (but I could be wrong), translations always adopt the original string's license. > In practice, we seem to consider use of package descriptions to be fair > use, and ignore the license. Why would you think so? As stated above, these components *do* have a license and as they are part of the packaging metadata, which is typically complex enough to also warrant one, also a copyright. Mihai
signature.asc
Description: OpenPGP digital signature
