Packaging text licenses

2019-12-14 Thread Baptiste BEAUPLAT 
Hi all,

Yesterday, I was looking for the CC-BY license text to start a new project.

I had to dig up to CreativeCommons's github repository to find the text
version. (I didn't want to copy/paste the HTML version on their website).

My question to you is: "Would it be interesting for others if I were to
create a package with missing text version of licenses?"

Currently, in debian, we have the /usr/share/common-licenses/ that
includes a couple of one, but is missing CC- and MIT for instance.
I would find it useful to just cp the file to new projects.

@debian-legal: How text license are qualified regarding their licenses?
Can 'legal text' can be considered as public domain and packaged with
whatever license (MIT/GPL) ?

Best,
-- 
Baptiste BEAUPLAT - lyknode



signature.asc
Description: OpenPGP digital signature

Re: Packaging text licenses

2019-12-14 Thread Andrius Merkys 
Hi Baptiste,

On Sat, 14 Dec 2019, 13:04 Baptiste BEAUPLAT,  wrote:

> I had to dig up to CreativeCommons's github repository to find the text
> version. (I didn't want to copy/paste the HTML version on their website).
>

It's https://creativecommons.org/licenses/by/4.0/legalcode.txt. One just
has to add .txt suffix to legal code link URL.

Andrius

Re: Packaging text licenses

2019-12-14 Thread Baptiste BEAUPLAT 
On 12/14/19 12:27 PM, Andrius Merkys wrote:
> It's https://creativecommons.org/licenses/by/4.0/legalcode.txt. One just
> has to add .txt suffix to legal code link URL.

Ah thanks Andrius, I was completely oblivious to that.

-- 
Baptiste BEAUPLAT - lyknode



signature.asc
Description: OpenPGP digital signature

Re: Packaging text licenses

2019-12-14 Thread Jonas Smedegaard 
Hi Baptiste,

Quoting Baptiste BEAUPLAT (2019-12-14 11:55:40)
> Yesterday, I was looking for the CC-BY license text to start a new 
> project.
> 
> I had to dig up to CreativeCommons's github repository to find the 
> text version. (I didn't want to copy/paste the HTML version on their 
> website).
> 
> My question to you is: "Would it be interesting for others if I were 
> to create a package with missing text version of licenses?"
> 
> Currently, in debian, we have the /usr/share/common-licenses/ that 
> includes a couple of one, but is missing CC- and MIT for instance. I 
> would find it useful to just cp the file to new projects.
> 
> @debian-legal: How text license are qualified regarding their 
> licenses? Can 'legal text' can be considered as public domain and 
> packaged with whatever license (MIT/GPL) ?

A rich collection of Free license fulltexts is relevant, not only for 
our users to pick from (even on a lonely island) and copy into new 
development project, but also as reference e.g. for testing license 
checkers.

What is _not_ helpful in my opinion, however, is yet another manually 
curated selection of random license texts.  What I see generally useful 
is to package this: https://github.com/spdx/license-list-XML

If you are interested in license checkers, then please consider joining 
others with same interest at the irc channel #licenses on OFTC.net.

Related is also https://wiki.debian.org/CopyrightReviewTools


Kind regards,

 - Jonas

Maintainer and current upstream author of Licensecheck

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Packaging text licenses

2019-12-14 Thread Baptiste BEAUPLAT 
On 12/14/19 1:03 PM, Jonas Smedegaard wrote:
> A rich collection of Free license fulltexts is relevant, not only for 
> our users to pick from (even on a lonely island) and copy into new 
> development project, but also as reference e.g. for testing license 
> checkers.
> 
> What is _not_ helpful in my opinion, however, is yet another manually 
> curated selection of random license texts.  What I see generally useful 
> is to package this: https://github.com/spdx/license-list-XML

That looks like a great list to package. I'll need input on the
repository license status from the legal team as it could be ambiguous
from what I read in issues:

[Add top level license to license list code and files][1]
and
[Clarify under which license the license list itself is licensed][2].

> If you are interested in license checkers, then please consider joining 
> others with same interest at the irc channel #licenses on OFTC.net.
> 
> Related is also https://wiki.debian.org/CopyrightReviewTools

Thanks for the pointers. Although my particular use case stops to new
projects, it could certainly be expended to benefit license checkers.

[1]: https://github.com/spdx/license-list-XML/issues/683
[2]: https://github.com/spdx/license-list-XML/issues/648

-- 
Baptiste BEAUPLAT - lyknode



signature.asc
Description: OpenPGP digital signature

Re: Packaging text licenses

2019-12-14 Thread Baptiste BEAUPLAT 
On 12/14/19 2:01 PM, Baptiste BEAUPLAT wrote:
> On 12/14/19 1:03 PM, Jonas Smedegaard wrote:
>> A rich collection of Free license fulltexts is relevant, not only for 
>> our users to pick from (even on a lonely island) and copy into new 
>> development project, but also as reference e.g. for testing license 
>> checkers.
>>
>> What is _not_ helpful in my opinion, however, is yet another manually 
>> curated selection of random license texts.  What I see generally useful 
>> is to package this: https://github.com/spdx/license-list-XML

I had another look around the repository. The tool used to "compile"
those XML files into text, html, json and so on is written in java with
a lot of dependencies that are not present in Debian yet.

I am not willing to introducing dozens of new packages just to produce a
text result of those sources files.

I'm wondering if packaging the "data" repository[1] would be acceptable?
On one hand it is generated, but one the other, it is still plain text
files.

[1]: https://github.com/spdx/license-list-data

-- 
Baptiste BEAUPLAT - lyknode



signature.asc
Description: OpenPGP digital signature

Re: Packaging text licenses

2019-12-14 Thread Jonas Smedegaard 
Quoting Baptiste BEAUPLAT (2019-12-14 15:12:38)
> On 12/14/19 2:01 PM, Baptiste BEAUPLAT wrote:
> > On 12/14/19 1:03 PM, Jonas Smedegaard wrote:
> >> A rich collection of Free license fulltexts is relevant, not only 
> >> for our users to pick from (even on a lonely island) and copy into 
> >> new development project, but also as reference e.g. for testing 
> >> license checkers.
> >>
> >> What is _not_ helpful in my opinion, however, is yet another 
> >> manually curated selection of random license texts.  What I see 
> >> generally useful is to package this: 
> >> https://github.com/spdx/license-list-XML
> 
> I had another look around the repository. The tool used to "compile" 
> those XML files into text, html, json and so on is written in java 
> with a lot of dependencies that are not present in Debian yet.
> 
> I am not willing to introducing dozens of new packages just to produce 
> a text result of those sources files.
> 
> I'm wondering if packaging the "data" repository[1] would be 
> acceptable? On one hand it is generated, but one the other, it is 
> still plain text files.

That's similar pain as for many JavaScript packages and fonts...

Sure, you can try convince Debian that this project is special and don't 
need source.  That has been tried numerous times e.g. for JavaScript 
packages and fonts, and I don't recommend going down that route...

What I recommend i to try piece together an alternative XML processing 
which produces same output as the Java-based ones used upstream.

I'd be happy to help with that.  My preferred hacking environments are 
shell and perl.  If yours is different then I will be of less help.  
Let's discuss further in the #licenses channel if interested.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Packaging text licenses

2019-12-14 Thread Francesco Poli 
On Sat, 14 Dec 2019 14:01:18 +0100 Baptiste BEAUPLAT wrote:

> On 12/14/19 1:03 PM, Jonas Smedegaard wrote:
> > A rich collection of Free license fulltexts is relevant, not only for 
> > our users to pick from (even on a lonely island) and copy into new 
> > development project, but also as reference e.g. for testing license 
> > checkers.
> > 
> > What is _not_ helpful in my opinion, however, is yet another manually 
> > curated selection of random license texts.  What I see generally useful 
> > is to package this: https://github.com/spdx/license-list-XML
> 
> That looks like a great list to package. I'll need input on the
> repository license status from the legal team as it could be ambiguous

I would be extremely cautious before including license texts as content
to be shipped by a Debian package.

A number of license texts are not themselves licensed under DFSG-free
terms.

And Debian promises to remain 100 % free, see [SC] #1. Any content of a
Debian package (in main) must be free according to the DFSG.

[SC]: 

License texts are usually [considered] the sole exception, but I think
the exception only applies when the license text is included in the
package *for the sole purpose* of documenting the legal terms under
which some part of the package is released.
I don't think the exception may also apply when the license text is the
*actual payload* of the package (for instance, a package shipping the
text for CC-by-nc-nd-v1.0, when nothing in the package itself is
released under that license).

[considered]: 



-- 
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
. Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE


pgpmUAUFx6wpi.pgp
Description: PGP signature

Re: Packaging text licenses

2019-12-14 Thread Jonas Smedegaard 
Quoting Francesco Poli (2019-12-14 17:22:09)
> On Sat, 14 Dec 2019 14:01:18 +0100 Baptiste BEAUPLAT wrote:
> 
> > On 12/14/19 1:03 PM, Jonas Smedegaard wrote:
> > > A rich collection of Free license fulltexts is relevant, not only 
> > > for our users to pick from (even on a lonely island) and copy into 
> > > new development project, but also as reference e.g. for testing 
> > > license checkers.
> > > 
> > > What is _not_ helpful in my opinion, however, is yet another 
> > > manually curated selection of random license texts.  What I see 
> > > generally useful is to package this: 
> > > https://github.com/spdx/license-list-XML
> > 
> > That looks like a great list to package. I'll need input on the 
> > repository license status from the legal team as it could be 
> > ambiguous
> 
> I would be extremely cautious before including license texts as 
> content to be shipped by a Debian package.
> 
> A number of license texts are not themselves licensed under DFSG-free 
> terms.
> 
> And Debian promises to remain 100 % free, see [SC] #1. Any content of 
> a Debian package (in main) must be free according to the DFSG.
> 
> [SC]: 
> 
> License texts are usually [considered] the sole exception, but I think 
> the exception only applies when the license text is included in the 
> package *for the sole purpose* of documenting the legal terms under 
> which some part of the package is released.
> I don't think the exception may also apply when the license text is 
> the *actual payload* of the package (for instance, a package shipping 
> the text for CC-by-nc-nd-v1.0, when nothing in the package itself is 
> released under that license).
> 
> [considered]: 

That's an interesting view.

Several packages now in Debian main contain license fulltexts without 
those licensing terms being applied at all to the project covered by 
that package.

Examples:

  * licensecheck - includes license fulltexts in its testsuite
  * libsoftware-license-perl - purpose of project is to emit licenses

I have several times discovered projects shipping with e.g. GPL-3 but 
nothing in the project was licensed under that license.  I find it 
highly likely that there are plenty of such cases still in Debian - 
including ones where the "stray" license contain a non-modification 
clause (which I guess is the most likely non-Freeness in license 
fulltexts.

Are all such packages in violation of DFSG?


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Packaging text licenses

2019-12-14 Thread Russ Allbery 
Francesco Poli  writes:

> A number of license texts are not themselves licensed under DFSG-free
> terms.

For example, the GNU General Public License.

 Copyright (C) 2007 Free Software Foundation, Inc. 
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

-- 
Russ Allbery (r...@debian.org)

Re: Packaging text licenses

2019-12-14 Thread Andrey Rahmatullin 
On Sat, Dec 14, 2019 at 05:22:09PM +0100, Francesco Poli wrote:
> A number of license texts are not themselves licensed under DFSG-free
> terms.
> 
> And Debian promises to remain 100 % free, see [SC] #1. Any content of a
> Debian package (in main) must be free according to the DFSG.
Sure.

> License texts are usually [considered] the sole exception
They are just not considered. I don't think this exception is written
anywhere. And I don't think SC allows exceptions not mentioned in it.
There are many things in Debian which are just not talked about, this is one
of them.

> but I think the exception only applies when the license text is included
> in the package *for the sole purpose* of documenting the legal terms
> under which some part of the package is released.
This, stronger, statement, is of course not written anywhere either.

-- 
WBR, wRAR


signature.asc
Description: PGP signature