#696185 [copyright-format] Use short names from SPDX.

#696185#5
Date:
2012-12-17 17:43:18 UTC
From:
To:
Dear Policy Maintainers,

I'm seeking clarification on what to use in the License field for
licenses not specifically mentioned within the machine-readable
debian/copyright file spec. There seems to be no direction given in
the text. I think to would be good for the spec to recommend an
approach. I see two obvious ones:

1) If the license is not explicitly listed in the spec, recommend
using the SPDX identifier as the license short name.

2) If the license is not explicitly listed in the spec, recommend
using the full name as found in the license's text.

I personally lean towards option 1 for all the reasons that the spec
uses standardized short names for licenses already. Either way, the
recommendation would be a *should* not a *must*

Quote below from RFS Bug #693330 is what led to this bug report.

Thanks!

#696185#10
Date:
2012-12-17 18:21:04 UTC
From:
To:
Hi,

I am neither a DD nor a policy editor, so my opinion shouldn't be
treated as authoritative in any way :)  Still, my feeling is that if
there is no short name for a license defined in the copyright format
specification (the specific version of the specification that the
package's copyright file references, e.g. 1.0 for the present), then the
packager is free to pick any short name desired.  IMHO if there is
indeed an SPDX identifier, it might be preferable to use that, but it is
not mandatory in any way.

My feeling stems mainly from the text in the "License" field description
in the "Fields" section of the copyright format specification -
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field
and also somewhat from existing practice - some packages I've seen fly
by -mentors, some of my own packages, etc.

The main point is, the fact that the copyright format specification's
version is explicitly noted in the copyright file means that there is no
danger of any kind of conflict with future or past versions, there is no
danger of trouble, even if the license is later included in a later
version of the specification.  Even if it should be included under a
different name in the future, this does not change the fact that the
name you picked is absolutely valid for the version you referenced; all
it means is that in the future it may be easier to change the license's
name in a later upload, when you're also changing the version of the
specification on the first line in the copyright file.
[snip]
[snip]

In this particular case, IMHO OFL-1.1 should be just fine.

G'luck,
Peter

#696185#15
Date:
2012-12-17 18:21:04 UTC
From:
To:
Hi,

I am neither a DD nor a policy editor, so my opinion shouldn't be
treated as authoritative in any way :)  Still, my feeling is that if
there is no short name for a license defined in the copyright format
specification (the specific version of the specification that the
package's copyright file references, e.g. 1.0 for the present), then the
packager is free to pick any short name desired.  IMHO if there is
indeed an SPDX identifier, it might be preferable to use that, but it is
not mandatory in any way.

My feeling stems mainly from the text in the "License" field description
in the "Fields" section of the copyright format specification -
http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field
and also somewhat from existing practice - some packages I've seen fly
by -mentors, some of my own packages, etc.

The main point is, the fact that the copyright format specification's
version is explicitly noted in the copyright file means that there is no
danger of any kind of conflict with future or past versions, there is no
danger of trouble, even if the license is later included in a later
version of the specification.  Even if it should be included under a
different name in the future, this does not change the fact that the
name you picked is absolutely valid for the version you referenced; all
it means is that in the future it may be easier to change the license's
name in a later upload, when you're also changing the version of the
specification on the first line in the copyright file.
[snip]
[snip]

In this particular case, IMHO OFL-1.1 should be just fine.

G'luck,
Peter

#696185#20
Date:
2012-12-17 19:17:19 UTC
From:
To:
Peter Pentchev <roam@ringlet.net> writes:

Right, this was the intent.

#696185#25
Date:
2012-12-17 19:17:19 UTC
From:
To:
Peter Pentchev <roam@ringlet.net> writes:

Right, this was the intent.

#696185#30
Date:
2012-12-17 20:17:50 UTC
From:
To:
This makes sense. What I'm looking for is a clarification in the text
not a change to the spec. Would the attached patch be acceptable or
just overkill?

diff --git a/copyright-format/copyright-format-1.0.xml
b/copyright-format/copyright-format-1.0.xml
index 217e8dd..2947686 100644
--- a/copyright-format/copyright-format-1.0.xml
+++ b/copyright-format/copyright-format-1.0.xml
@@ -663,6 +663,14 @@ Copyright 2009, 2010 Angela Watts</programlisting>
         license short names for unknown <varname>Format</varname> versions.
       </para>
       <para>
+        For licenses which are not currently included in the list of standard
+        short names, the maintainer may use any short name they find
+        appropriate. The license identifier used by the <link linkend="spdx">
+        SPDX</link> in their <ulink url="http://spdx.org/licenses">Open Source
+        License Registry</ulink> may be used, but this is not mandatory in any
+        way.
+      </para>
+      <para>
         Use of a standard short name does not override the Debian Policy
         requirement to include the full license text in
         <filename>debian/copyright</filename>, nor any requirements in the



Thanks!

#696185#35
Date:
2012-12-18 00:23:20 UTC
From:
To:
Andrew Starr-Bochicchio wrote:

Sounds clear and is true.

Such license identifiers may or may not be used? It's not clear to me
when reading this what it's asking me to do. I don't see much obvious
benefit to matching SPDX names for licenses not defined in the
copyright-format spec, so I'd suggest leaving this second sentence
out. Alternatively in some future version of the copyright-format spec
we could *require* that SPDX names be used.

Thanks,
Jonathan

#696185#40
Date:
2012-12-18 09:15:14 UTC
From:
To:
user debian-policy@packages.debian.org
usertags 696185 normative discussion
thanks

Hi all,

the specificaiton already states:

  If there are licenses present in the package without a standard short name,
  an arbitrary short name may be assigned for these licenses.

http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field (second paragraph)

I am not sure if it is necessary to repeat this in other sections.

For SPDX, my personal opinion is that, in absence of a good reason to diverge,
we should use the same short names.  Other projects, such as the OSI are also
using them (http://opensource.org/licenses/alphabetical), and I think that
there is a value in using a common vocabulary.

I would be in favor of formally recommending to follow SPDX in a later revision
of the specification, but before this we would need a consensus on stopping
calling the MIT license "Expat", so I am quite inclined to wait longer and see
how the SPDX short names establish themselves in other projects.

Have a nice day,

#696185#45
Date:
2012-12-18 15:20:08 UTC
From:
To:
I'm slightly embarrassed that I missed that text. Thanks for pointing it out.

I agree, and this was a secondary concern of this report. Feel free to
close or retitle (and maybe change the severity to wishlist) to
explicitly deal with the SPDX issue.

Thanks,

#696185#50
Date:
2012-12-24 17:16:58 UTC
From:
To:
retitle 696185 [copyright-format] Use short names from SPDX.
severity 696185 wishlist
thanks

Le Tue, Dec 18, 2012 at 10:20:08AM -0500, Andrew Starr-Bochicchio a écrit :

Retitled and downgraded to wishlist.

Cheers, and merry Christmas to everybody celebrating it !

#696185#59
Date:
2019-10-07 08:22:11 UTC
From:
To:
I think its time to reopen the idea of requiring that _debian/copyright_
use SPDX tags when the license texts are an exact match.  I think SPDX
has progressed nicely, and has gone through a number of revisions to
address the concerns of Debian and others.  This then will greatly
improve the machine readability of our software collection.  That would
in turn make it easy to generate an API of DFSG-free licenses that
others can consume, including SPDX:

https://github.com/spdx/license-list-XML/issues/876