Your message dated Tue, 17 Nov 2020 00:33:17 +0000 with message-id <e1keovt-000dxf...@fasolo.debian.org> and subject line Bug#955005: fixed in debian-policy 4.5.1.0 has caused the Debian Bug report #955005, regarding Relax requirements to copy copyright notices into d/copyright to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 955005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955005 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: debian-policy Version: 4.5.0.0 User: debian-pol...@packages.debian.org Usertags: normative discussion X-debbugs-cc: debian-de...@lists.debian.org, ftpmas...@debian.org Scott has provided a useful summary of what the FTP Team require when it comes to copyright information, and as another FTP Team member, I concur with his assessment of the consensus within the team: On Thu 26 Mar 2020 at 10:32AM -04, Scott Kitterman wrote: > I think you assume we're looking for more than we are. We aren't asking > anyone to research and document undocumented but technically legally > assertable copyright claims. From an FTP perspective we're after license > compliance. > > If debian/copyright includes all the copyright notices that upstream does (or > an equivalent), then that's all that's needed (there are exceptions, I have > reviewed packages where upstream literally wrote that they had copied a bunch > of code from some other location, changed the copyright owner to themselves, > and changed the license - that we had a problem with, but it wasn't like we > went looking for it). > > To pick one example, the Expat (MIT) license includes: > > The above copyright notice and this permission notice shall be > included in all copies or substantial portions of the Software. > > When we ask for listing copyright holders in debian/copyright, that's what > we're after. I don't think complying with license requirements is an > unreasonable thing to ask. > > That said, if we can make it easier for everyone, then we should investigate > that. As mentioned, policy does have a higher bar. It says they all have to > be listed regardless of license requirements. > > To pick another example, Apache-2.0 includes: > > (c) You must retain, in the Source form of any Derivative Works > that You distribute, all copyright, patent, trademark, and > attribution notices from the Source form of the Work, > excluding those notices that do not pertain to any part of > the Derivative Works; and > > For something that we distribute based on our rights in the Apache-2.0 license > and requirement to document all the copyright holders is strictly Debian > specific based on policy. Personally, I think the policy should be changed so > we don't require everyone to go beyond the license requirements. Currently I > think there is consensus within the FTP Team not to reject packages for this. Policy currently says: Every package must be accompanied by a verbatim copy of its copyright information, unless its distribution license explicitly permits this information to be excluded from distributions of binaries built from the source. In such cases, a verbatim copy of its copyright information should normally still be included, but need not be if creating and maintaining a copy of that information involves significant time and effort. We wrote this based on [1], but I now believe it is too conservative, and does not reflect what the FTP Team require, nor the project's consensus on what should be in d/copyright. I think we want something like this: The copyright information for files in a package must be copied verbatim into d/copyright when (i) the distribution license for those files requires that copyright information be included in all binary distributions; (ii) the files are shipped in the binary package, either in source or compiled form; and (iii) the form in which the files are present in the binary package does not include a plain text version of their copyright notices. Thus, the copyright information for files in the source package which are only part of its build process, such as autotools files, need not be included in d/copyright, because those files do not get installed into the binary package. Similarly, plain text files which include their own copyright information and are installed into the binary package unmodified need not have that copyright information copied into d/copyright. However, the copyright notices for any files which are complied into the object code shipped in the binary package must all be included in d/copyright when the license requires that copyright information be included in all binary distributions, as most do. The point of separating (ii) and (iii) is because the source form of a file need not be plain text, such as image files, and because even for plain text files the copyright information may not be included in the files themselves, but perhaps only in LICENSE.txt or similar. This is, I believe, the minimum required for license compliance when it comes to copyright notices. It is significantly weaker than what Policy currently requires, but I think we have a project consensus that we should not be requiring more than what is required for license compliance. Of course, it is still open to maintainers to include more information in d/copyright.[2] I think we would want the FTP Team to officially sign off on this rather than simply relying on what Scott and I think about the team's consensus; currently, it is not clear that the text of [1] supports relaxing the requirements as much as this. So we probably need another d-d-a e-mail from the FTP Team. The relevant parts of Policy to update are ยงยง 2.3, 4.5 and 12.5. N.B. This bug is not about the requirement to provide all *licensing* information in d/copyright. I think there is still a project consensus that all licensing information should be available in that file. [1] https://lists.debian.org/debian-devel-announce/2018/10/msg00004.html [2] Though, that does tend to slow down NEW review. -- Sean Whittonsignature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: debian-policy Source-Version: 4.5.1.0 Done: Sean Whitton <spwhit...@spwhitton.name> We believe that the bug you reported is fixed in the latest version of debian-policy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 955...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sean Whitton <spwhit...@spwhitton.name> (supplier of updated debian-policy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Nov 2020 17:05:43 -0700 Source: debian-policy Architecture: source Version: 4.5.1.0 Distribution: unstable Urgency: medium Maintainer: Debian Policy Editors <debian-policy@lists.debian.org> Changed-By: Sean Whitton <spwhit...@spwhitton.name> Closes: 955005 959909 971023 973491 974911 Changes: debian-policy (4.5.1.0) unstable; urgency=medium . * Policy: Relax requirements on copying copyright notices into d/copyright Wording: Sean Whitton <spwhit...@spwhitton.name> Seconded: Scott Kitterman <deb...@kitterman.com> Seconded: Joerg Jaspert <jo...@debian.org> Closes: #955005 * Policy: Forbid vendor-specific series files Wording: Sean Whitton <spwhit...@spwhitton.name> Seconded: gregor herrmann <gre...@debian.org> Seconded: Graham Inggs <gin...@debian.org> Closes: #959909 * Policy: Clarification about colons in version numbers Wording: Sean Whitton <spwhit...@spwhitton.name> Seconded: Mattia Rizzolo <mat...@debian.org> Seconded: Holger Levsen <hol...@layer-acht.org> Closes: #971023 * Replace `/usr/share/package/copyright` -> `/usr/share/PACKAGE/copyright`. Thanks to Guillem Jover for the suggestion. * Fix manpage section in reference to systemd.unit(5) (Closes: #973491). Thanks to Martin Schwarz for the report. * Makefile: Always use UTC date (Closes: #974911). Thanks to Vagrant Cascadian for the patch. Checksums-Sha1: 2508f26a0cca6ad3d1e9dec40371c9ff4c112be4 2052 debian-policy_4.5.1.0.dsc c8eec77157ba65fb7807793eb0f173ea545ae9f1 542620 debian-policy_4.5.1.0.tar.xz Checksums-Sha256: 3c57f6b59396025ded7056da16ddb90cbe0fe4d83a67b3e9d2ad48b65e3cf396 2052 debian-policy_4.5.1.0.dsc ec9d45ebedef668aac1c4a35c6123c85826f272f91915f7af8ac462efd75763e 542620 debian-policy_4.5.1.0.tar.xz Files: 2eabf77f796c4a40c95b3ad7220578e3 2052 doc optional debian-policy_4.5.1.0.dsc 615d36bc3cbe6e47d518e96ce6ee5a9c 542620 doc optional debian-policy_4.5.1.0.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAl+zFIUACgkQaVt65L8G YkCZiw/7BGyNNcUSYEWCNKXCpxXbNgx6IWCzzgF6LA5+rrLCKv8bGBf1W0CQ2f/l rKqoZsiciR4IJw+zcTUN7ywb5AbX5YGV7ljKF/IURURt8vs2EQQoY7lLR7NYdd74 eUjVZgsSQTtOozlyamMJjvFesKNGp3oYueDRhj2AKo3doCRFwSSb9pvzZRnPLv0/ RA0igbhvOmKvk29Y2F0Vl4ftthe7gDCX/Sqv1u5wl79XvCUghr3rA2ToB9kj+sTO u3ymW5fd2Wx2aWRyNVcCFOFmDftcANZRY7ptInbSlnCpl5qZI9hlaRF+4hOCl4ir F0otR/S4aNZ86Km8/sFfiohgyeJvEz8JsRR8Mf5fhTRG4a3S6BY1T1e7VsuQqxvs J3qivRoHnAtLSy9xTdM7YifG5H8xapqHQcbw5UERMyKp39qnVTc9KVl0fnjHzdZT Ln0SWUh9g/wsWDKVqHT+zxDeZf4HCD9Oesy4gyJAKzMm6/wXwmk1sr0GV7KB+ZZO 2+f3UH77r+MR48iMo9WO0J3To2uq5uSI+5Y/3LA0xYns026wz4qmseH+ytCmJg21 qNzndc4lFXC+ginMYnZHiaAAuOwQGmYVPLnnMwX845Gt5b9yNhRRCTTSKHj57zrL 6bomZXTUkJKgcrCakYicMhl4r6FH9WSOKhVTaVJptDRTyXDsxDY= =F2iV -----END PGP SIGNATURE-----
--- End Message ---