- Package:
- debian-policy
- Source:
- debian-policy
- Submitter:
- Andrew Starr-Bochicchio
- Date:
- 2019-10-07 08:33:09 UTC
- Severity:
- wishlist
Dear Policy Maintainers, I'm seeking clarification on what to use in the License field for licenses not specifically mentioned within the machine-readable debian/copyright file spec. There seems to be no direction given in the text. I think to would be good for the spec to recommend an approach. I see two obvious ones: 1) If the license is not explicitly listed in the spec, recommend using the SPDX identifier as the license short name. 2) If the license is not explicitly listed in the spec, recommend using the full name as found in the license's text. I personally lean towards option 1 for all the reasons that the spec uses standardized short names for licenses already. Either way, the recommendation would be a *should* not a *must* Quote below from RFS Bug #693330 is what led to this bug report. Thanks!
Hi, I am neither a DD nor a policy editor, so my opinion shouldn't be treated as authoritative in any way :) Still, my feeling is that if there is no short name for a license defined in the copyright format specification (the specific version of the specification that the package's copyright file references, e.g. 1.0 for the present), then the packager is free to pick any short name desired. IMHO if there is indeed an SPDX identifier, it might be preferable to use that, but it is not mandatory in any way. My feeling stems mainly from the text in the "License" field description in the "Fields" section of the copyright format specification - http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field and also somewhat from existing practice - some packages I've seen fly by -mentors, some of my own packages, etc. The main point is, the fact that the copyright format specification's version is explicitly noted in the copyright file means that there is no danger of any kind of conflict with future or past versions, there is no danger of trouble, even if the license is later included in a later version of the specification. Even if it should be included under a different name in the future, this does not change the fact that the name you picked is absolutely valid for the version you referenced; all it means is that in the future it may be easier to change the license's name in a later upload, when you're also changing the version of the specification on the first line in the copyright file. [snip] [snip] In this particular case, IMHO OFL-1.1 should be just fine. G'luck, Peter
Hi, I am neither a DD nor a policy editor, so my opinion shouldn't be treated as authoritative in any way :) Still, my feeling is that if there is no short name for a license defined in the copyright format specification (the specific version of the specification that the package's copyright file references, e.g. 1.0 for the present), then the packager is free to pick any short name desired. IMHO if there is indeed an SPDX identifier, it might be preferable to use that, but it is not mandatory in any way. My feeling stems mainly from the text in the "License" field description in the "Fields" section of the copyright format specification - http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field and also somewhat from existing practice - some packages I've seen fly by -mentors, some of my own packages, etc. The main point is, the fact that the copyright format specification's version is explicitly noted in the copyright file means that there is no danger of any kind of conflict with future or past versions, there is no danger of trouble, even if the license is later included in a later version of the specification. Even if it should be included under a different name in the future, this does not change the fact that the name you picked is absolutely valid for the version you referenced; all it means is that in the future it may be easier to change the license's name in a later upload, when you're also changing the version of the specification on the first line in the copyright file. [snip] [snip] In this particular case, IMHO OFL-1.1 should be just fine. G'luck, Peter
Peter Pentchev <roam@ringlet.net> writes: Right, this was the intent.
Peter Pentchev <roam@ringlet.net> writes: Right, this was the intent.
This makes sense. What I'm looking for is a clarification in the text
not a change to the spec. Would the attached patch be acceptable or
just overkill?
diff --git a/copyright-format/copyright-format-1.0.xml
b/copyright-format/copyright-format-1.0.xml
index 217e8dd..2947686 100644
--- a/copyright-format/copyright-format-1.0.xml
+++ b/copyright-format/copyright-format-1.0.xml
@@ -663,6 +663,14 @@ Copyright 2009, 2010 Angela Watts</programlisting>
license short names for unknown <varname>Format</varname> versions.
</para>
<para>
+ For licenses which are not currently included in the list of standard
+ short names, the maintainer may use any short name they find
+ appropriate. The license identifier used by the <link linkend="spdx">
+ SPDX</link> in their <ulink url="http://spdx.org/licenses">Open Source
+ License Registry</ulink> may be used, but this is not mandatory in any
+ way.
+ </para>
+ <para>
Use of a standard short name does not override the Debian Policy
requirement to include the full license text in
<filename>debian/copyright</filename>, nor any requirements in the
Thanks!
Andrew Starr-Bochicchio wrote: Sounds clear and is true. Such license identifiers may or may not be used? It's not clear to me when reading this what it's asking me to do. I don't see much obvious benefit to matching SPDX names for licenses not defined in the copyright-format spec, so I'd suggest leaving this second sentence out. Alternatively in some future version of the copyright-format spec we could *require* that SPDX names be used. Thanks, Jonathan
user debian-policy@packages.debian.org usertags 696185 normative discussion thanks Hi all, the specificaiton already states: If there are licenses present in the package without a standard short name, an arbitrary short name may be assigned for these licenses. http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#license-field (second paragraph) I am not sure if it is necessary to repeat this in other sections. For SPDX, my personal opinion is that, in absence of a good reason to diverge, we should use the same short names. Other projects, such as the OSI are also using them (http://opensource.org/licenses/alphabetical), and I think that there is a value in using a common vocabulary. I would be in favor of formally recommending to follow SPDX in a later revision of the specification, but before this we would need a consensus on stopping calling the MIT license "Expat", so I am quite inclined to wait longer and see how the SPDX short names establish themselves in other projects. Have a nice day,
I'm slightly embarrassed that I missed that text. Thanks for pointing it out. I agree, and this was a secondary concern of this report. Feel free to close or retitle (and maybe change the severity to wishlist) to explicitly deal with the SPDX issue. Thanks,
retitle 696185 [copyright-format] Use short names from SPDX. severity 696185 wishlist thanks Le Tue, Dec 18, 2012 at 10:20:08AM -0500, Andrew Starr-Bochicchio a écrit : Retitled and downgraded to wishlist. Cheers, and merry Christmas to everybody celebrating it !
I think its time to reopen the idea of requiring that _debian/copyright_ use SPDX tags when the license texts are an exact match. I think SPDX has progressed nicely, and has gone through a number of revisions to address the concerns of Debian and others. This then will greatly improve the machine readability of our software collection. That would in turn make it easy to generate an API of DFSG-free licenses that others can consume, including SPDX: https://github.com/spdx/license-list-XML/issues/876