Bug#883950: [INPUT REQUIRED] Re: Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Joerg Jaspert]

On 14900 March 1977, Markus Koschany wrote:
> Allow the use of the short-license identifier only in the form:
> Files: foo.bar
> Copyright: 2017, Smith 
> License: [GPL-2+]
> without the extra standalone paragraph which will mean exactly the
> same as

> License: GPL-2+
>  On Debian systems the full license text of the GNU General Public
>  License 2 can be found in /usr/share/common-licenses/GPL-2
> in the future.

Fine.

> Similar for other licenses under /usr/share/common-licenses.

Ack.

> To clarify the meaning of this new short-license identifier, we intend
> to document it in a modified version of copyright format 1.0 which will
> be (most likely) released as copyright format 1.1. Especially the
> meaning of the + sign will be clarified. To ensure that every Debian
> user will have access to this documentation, copyright format 1.1 will
> be installed onto all Debian systems locally.

> Format: /usr/share/common-licenses/copyright-format/1.1

While a little README about wtf the files in this dir are may be helpful
for a lost local admin stumbling into this dir, I don't see anything
useful in a copyright-format file over there. Needless split for no
gain. Document it in policy aside the rest and be done, thats the place
where people go to look for such info.

> The intention is to reduce unnecessary boilerplate in debian/copyright
> by referencing licenses on the local system and thus saving developer
> time and also improving readability.

Ay.

-- 
bye, Joerg

Bug#883950: [INPUT REQUIRED] Re: Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Markus Koschany]

Dear FTP team,

the Policy editors request your attention and a decision regarding
Debian bug #883950: debian-policy: allow specifying common licenses with
only the identifier.

Summary of the proposal
===

Situation
=

Debian Policy 12.5 "Copyright information" declares that:

"Packages distributed under the Apache license (version 2.0), the
Artistic license, the Creative Commons CC0-1.0 license, the GNU GPL
(versions 1, 2, or 3), the GNU LGPL (versions 2, 2.1, or 3), the GNU FDL
(versions 1.2 or 1.3), and the Mozilla Public License (version 1.1 or
2.0) should refer to the corresponding files under
/usr/share/common-licenses, [9] rather than quoting them in the
copyright file."

It is common practice to document copyright notices in debian/copyright
in the following form when using copyright format 1.0.

Files: foo.bar
Copyright: 2017, Smith <f...@example.com>
License: GPL-2+

License: GPL-2+
 On Debian systems the full license text of the GNU General Public
 License 2 can be found in /usr/share/common-licenses/GPL-2

Proposal


Allow the use of the short-license identifier only in the form:

Files: foo.bar
Copyright: 2017, Smith <f...@example.com>
License: [GPL-2+]

without the extra standalone paragraph which will mean exactly the same as

License: GPL-2+
 On Debian systems the full license text of the GNU General Public
 License 2 can be found in /usr/share/common-licenses/GPL-2

in the future.

Similar for other licenses under /usr/share/common-licenses.

License: [GPL-2]
License: [GPL-3+]
License: [Apache-2.0]
License: [LGPL-2+]

etc.

To clarify the meaning of this new short-license identifier, we intend
to document it in a modified version of copyright format 1.0 which will
be (most likely) released as copyright format 1.1. Especially the
meaning of the + sign will be clarified. To ensure that every Debian
user will have access to this documentation, copyright format 1.1 will
be installed onto all Debian systems locally.

The Format header would be changed to (location not final)

Format: /usr/share/common-licenses/copyright-format/1.1

The intention is to reduce unnecessary boilerplate in debian/copyright
by referencing licenses on the local system and thus saving developer
time and also improving readability.

Please report back to #883950, if you think this is an adequate proposal.

Regards,

Markus




signature.asc
Description: OpenPGP digital signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Sean Whitton]

control: tag -1 +moreinfo

Hello Markus,

On Sat, Dec 16 2017, Markus Koschany wrote:

>> I am surprised to hear that this is accepted by ftp-master.  Would
>> you mind pointing to an example package?
>
> ufoai-data.

Thanks.

>> ISTM that the text must explain what the '+' means to be acceptable,
>> but I am not an ftp-master.
>
> In my opinion this is uncontroversial because the official copyright
> format 1.0 documentation makes use of the same conventions.
>
> https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
>
> If you feel that it should be better explained then I suggest that we
> improve the documentation of copyright format 1.0.
>
>>> I don't think it is a burden to take a look at the copyright format
>>> 1.0 specification.
>>
>> It requires Internet access, though.
>
> I think it is fair to assume that the vast majority of our users have
> internet access in 2017.
>
>> One of the reasons we ship uncompressed d/copyright with every binary
>> package is so that the copyright information is available offline; if
>> we're not explaining what the '+' means, that's no longer true.
>> That's what I mean by a regression.
>
> Simple solution: Install a copy of copyright format 1.0 into
> base-files or another essential package, document best practices and
> point to this document on the local system.

Good suggestion.  If we installed the copyright format onto all Debian
systems, and replaced the contents of the Format: field with a reference
to that file, the concerns I've raised about your proposal would be
fully addressed.

I think that we would need to bump the version number of the copyright
format (to 1.1, say).  That new version would require the Format: field
to refer to the file installed locally.  That way, any (valid) copyright
file using the new "[GPL-3+]" notation would include a reference to a
locally-installed file explaining the shorthand.

(If we didn't bump the version number, either (i) the reference to the
locally-installed file need not be present in the Format: field, and the
concerns I've raised would not be addressed; or (ii) format 1.0 would
require the reference to the locally-installed file and then we
invalidate all the other copyright files currently in Debian.)

The above is written as just another DD.  Now, with my Policy Editor hat
on: we can't commit a change like this without the FTP masters
explicitly approving the "[GPL-3+]" notation.  It is not obvious to me
that this adequately documents the license of the package, and in
Debian, the FTP masters make the call about how to adequately document
such things.  We can't put something into Policy that they do not
consider adequate.  It is not our call.

I am tagging this bug as moreinfo.  This indicates that we need a FTP
master to weigh in, and the bug is blocked by that.

For debian-policy, bugs that remain tagged moreinfo for 30 days, without
the required info being provided, are closed.  The idea is that this bug
doesn't sit here for months when it is blocked by action the Policy
Editors are not able to take.

What I suggest is that you write a summary of the current proposal
addressed to the FTP masters -- your original proposal plus mine, if you
agree with what I've written in this e-mail -- CCing this bug and saying
that the proposal is blocked because it needs their input.

Thanks!

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Markus Koschany]

Hi,

Am 18.12.2017 um 23:37 schrieb Jonathan Nieder:
> Hi Markus,
> 
> Markus Koschany wrote:
>> Am 16.12.2017 um 15:55 schrieb Sean Whitton:
>>> On Wed, Dec 13 2017, Markus Koschany wrote:
> 
 If the Policy editors cannot make a decision with regards to
 debian/copyright then we should ask the DPL to seek legal advice and
 when necessary start a GR for reasons of legitimacy.
>>>
>>> If we think this issue is important enough to spend money on that.  I am
>>> not convinced it is.
>>
>> Then we need a GR. Simply claiming that something violates the law
>> without proof cannot be the right way for a large project like Debian.
>> This is a very important topic because writing debian/copyright is not
>> optional in Debian. I simply believe that most people appreciate doing
>> something meaningful in their free time.
> 
> You are of course free to initiate a GR at any time.
> 
> I have no opinion about this particular proposal (allowing specifying
> common licenses with only the identifier).  But I am worried at how
> black and white you are describing the world to be.

I don't think there is a reason to be worried. But I do have an opinion
and I am expressing it. I believe I am not the only one who feels that
we need to rethink debian/copyright.

> Debian has long had a practice of being extra careful to respect the
> wishes of free software authors as expressed in the licenses they
> choose.  This goes beyond the minimum legal requirements of license
> compliance.  It is not because the project is afraid of being sued but
> because at least some in the project consider it to be the right thing
> to do.

This is the argument that comes up whenever someone tries to change
something in regard to d/copyright. We have always done it this way and
we do more than legally required because we are Debian. I believe that
most free software authors are also happy with the way Fedora or FreeBSD
are respecting their works and if you say that some in the project
consider the Debian way the right thing to do, then let me say that
there are also other people who think we can improve d/copyright without
sacrificing accuracy and still meet all legal requirements.

> Here Sean pointed out that just a license name with too little
> accompanying text does not appear to be particularly clear to end
> users.  That means end users may not know what their rights are, so it
> seems worth thinking about.  Fortunately DEP-5 copyright files contain
> 
>  Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
> 
> so perhaps some information in the copyright-format would be good
> enough to help those end users.  Perhaps not.  But I am puzzled that
> you seem to think there is only one possible right answer and that it
> should be obvious to everybody.

Well, that was exactly my point. Our debian/copyright file which uses
copyright format 1.0 contains this line

 https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

a link to the specification. There can be a short license name like

License: GPL-2 or License: GPL-2+.

I was pointing out that it is already common practice to write those
license short names and point to /usr/share/common/licenses/GPL-2 with
another sentence. I don't share Sean's concerns but they can be remedied
by clarifying our copyright format document. In addition we could reduce
boilerplate by allowing an even shorter version than

License: GPL-2+
 On Debian system the full license text of the GNU General Public
 License 2 can be found in /usr/share/common-licenses/GPL-2

namely

License: [GPL-2+]

If we document that brackets around the short license name have the same
meaning than our common paragraph from above, we have gained a new
concise way of documenting a license without sacrificing accuracy. I'm
not sure why you think this is not obvious.

> The way you describe the experience of writing a debian/copyright file
> is foreign to my own experience.  It sounds like making the process of
> generating /usr/share/doc/{package}/copyright using *automated tools*
> in a smoother way will be a good avenue for addressing the developer
> experience issues you are mentioning.  Then you'd be in a better
> position to come up with what the appropriate content of that file
> should be to serve end users.

In my opinion the creation of automated tools like cme is evidence that
our current approach of writing debian/copyright is in parts wrong.
Instead of doing the obvious and referencing existing license texts we
duplicate them. We should not need an automated tool to write
debian/copyright. I believe the proposal in this bug report can be
implemented quite easily without conflating the automated tools idea.

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Jonathan Nieder]

Hi Markus,

Markus Koschany wrote:
> Am 16.12.2017 um 15:55 schrieb Sean Whitton:
>> On Wed, Dec 13 2017, Markus Koschany wrote:

>>> If the Policy editors cannot make a decision with regards to
>>> debian/copyright then we should ask the DPL to seek legal advice and
>>> when necessary start a GR for reasons of legitimacy.
>>
>> If we think this issue is important enough to spend money on that.  I am
>> not convinced it is.
>
> Then we need a GR. Simply claiming that something violates the law
> without proof cannot be the right way for a large project like Debian.
> This is a very important topic because writing debian/copyright is not
> optional in Debian. I simply believe that most people appreciate doing
> something meaningful in their free time.

You are of course free to initiate a GR at any time.

I have no opinion about this particular proposal (allowing specifying
common licenses with only the identifier).  But I am worried at how
black and white you are describing the world to be.

Debian has long had a practice of being extra careful to respect the
wishes of free software authors as expressed in the licenses they
choose.  This goes beyond the minimum legal requirements of license
compliance.  It is not because the project is afraid of being sued but
because at least some in the project consider it to be the right thing
to do.

Here Sean pointed out that just a license name with too little
accompanying text does not appear to be particularly clear to end
users.  That means end users may not know what their rights are, so it
seems worth thinking about.  Fortunately DEP-5 copyright files contain

 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

so perhaps some information in the copyright-format would be good
enough to help those end users.  Perhaps not.  But I am puzzled that
you seem to think there is only one possible right answer and that it
should be obvious to everybody.

The way you describe the experience of writing a debian/copyright file
is foreign to my own experience.  It sounds like making the process of
generating /usr/share/doc/{package}/copyright using *automated tools*
in a smoother way will be a good avenue for addressing the developer
experience issues you are mentioning.  Then you'd be in a better
position to come up with what the appropriate content of that file
should be to serve end users.

Thanks and hope that helps,
Jonathan

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Markus Koschany]

Am 16.12.2017 um 15:55 schrieb Sean Whitton:
> Hello Markus,
> 
> On Wed, Dec 13 2017, Markus Koschany wrote:
> 
>>> This would mean that we are not explicitly stating in our d/copyright
>>> file the difference between GPL-2 and GPL-2+.  To learn of the
>>> difference, a user would need to view the full spec of the copyright
>>> format.
>>
>> IMO this is already the case. What we do right now and what is
>> accepted by the ftp-master is, that we write for GPL-2 and GPL-2+ in
>> one package:
>>
>> License: GPL-2
>>  On Debian systems the full text of the GPL-2 can be found in
>> /usr/share/common-licenses/GPL-2
>>
>>
>> License: GPL-2+
>>  On Debian systems the full text of the GPL-2 can be found in
>> /usr/share/common-licenses/GPL-2
> 
> I am surprised to hear that this is accepted by ftp-master.  Would you
> mind pointing to an example package?

ufoai-data.


> ISTM that the text must explain what the '+' means to be acceptable, but
> I am not an ftp-master.

In my opinion this is uncontroversial because the official copyright
format 1.0 documentation makes use of the same conventions.

https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

If you feel that it should be better explained then I suggest that we
improve the documentation of copyright format 1.0.

>> I don't think it is a burden to take a look at the copyright format
>> 1.0 specification.
> 
> It requires Internet access, though.

I think it is fair to assume that the vast majority of our users have
internet access in 2017.

> One of the reasons we ship
> uncompressed d/copyright with every binary package is so that the
> copyright information is available offline; if we're not explaining what
> the '+' means, that's no longer true.  That's what I mean by a
> regression.

Simple solution: Install a copy of copyright format 1.0 into base-files
or another essential package, document best practices and point to this
document on the local system.

>> If the Policy editors cannot make a decision with regards to
>> debian/copyright then we should ask the DPL to seek legal advice and
>> when necessary start a GR for reasons of legitimacy.
> 
> If we think this issue is important enough to spend money on that.  I am
> not convinced it is.

Then we need a GR. Simply claiming that something violates the law
without proof cannot be the right way for a large project like Debian.
This is a very important topic because writing debian/copyright is not
optional in Debian. I simply believe that most people appreciate doing
something meaningful in their free time.

Regards,

Markus





signature.asc
Description: OpenPGP digital signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Sean Whitton]

Hello Markus,

On Wed, Dec 13 2017, Markus Koschany wrote:

>> This would mean that we are not explicitly stating in our d/copyright
>> file the difference between GPL-2 and GPL-2+.  To learn of the
>> difference, a user would need to view the full spec of the copyright
>> format.
>
> IMO this is already the case. What we do right now and what is
> accepted by the ftp-master is, that we write for GPL-2 and GPL-2+ in
> one package:
>
> License: GPL-2
>  On Debian systems the full text of the GPL-2 can be found in
> /usr/share/common-licenses/GPL-2
>
>
> License: GPL-2+
>  On Debian systems the full text of the GPL-2 can be found in
> /usr/share/common-licenses/GPL-2

I am surprised to hear that this is accepted by ftp-master.  Would you
mind pointing to an example package?

ISTM that the text must explain what the '+' means to be acceptable, but
I am not an ftp-master.

> I don't think it is a burden to take a look at the copyright format
> 1.0 specification.

It requires Internet access, though.  One of the reasons we ship
uncompressed d/copyright with every binary package is so that the
copyright information is available offline; if we're not explaining what
the '+' means, that's no longer true.  That's what I mean by a
regression.

> If the Policy editors cannot make a decision with regards to
> debian/copyright then we should ask the DPL to seek legal advice and
> when necessary start a GR for reasons of legitimacy.

If we think this issue is important enough to spend money on that.  I am
not convinced it is.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Chris Lamb]

Hi,

> debian-policy: allow specifying common licenses with only the identifier

Apologies for the drive-by suggestion but the closer we change Policy and/or
DEP-5 (if at all) to align with SPDX[0], everyone wins :)

 [0] https://spdx.org/


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Markus Koschany]

Hello Sean,

Am 13.12.2017 um 01:31 schrieb Sean Whitton:
> Hello Markus,
> 
> On Tue, Dec 12 2017, Markus Koschany wrote:
> 
>> I agree that using boiler plate like this:
>>
>> | License: GPL-2+
>> | On Debian systems the full text of the GPL-2 can be found in
>> | /usr/share/common-licenses/GPL-2
>>
>> is still redundant.
>>
>> I suggest to change Debian Policy 12.5 and copyright format 1.0 in such
>> a way that the following syntax is allowed:
>>
>> License: [GPL-2+]
> 
> This would mean that we are not explicitly stating in our d/copyright
> file the difference between GPL-2 and GPL-2+.  To learn of the
> difference, a user would need to view the full spec of the copyright
> format.

IMO this is already the case. What we do right now and what is accepted
by the ftp-master is, that we write for GPL-2 and GPL-2+ in one package:

License: GPL-2
 On Debian systems the full text of the GPL-2 can be found in
/usr/share/common-licenses/GPL-2


License: GPL-2+
 On Debian systems the full text of the GPL-2 can be found in
/usr/share/common-licenses/GPL-2

We also write at the beginning of debian/copyright:

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

This makes it clear what format applies to debian/copyright and where
the user can retrieve more information about it.

> This seems like a regression, as the current format is easily
> easy to understand without reference to the spec.  It also means that
> the package's copyright information is self-contained and not dependent
> on some external document.

I don't think it is a burden to take a look at the copyright format 1.0
specification. Actually I would expect from people who take copyright
seriously that they try to understand how debian/copyright is
constructed. d/copyright is already dependent on the specification in
use. I can understand your argument for the old format but a
machine-readable format should be as simple as possible. If there are
questions, just look up the specification.

  This is a feature we should preserve (and
> might be legally required to preserve).

I would ask you and everyone else who believes this is legally required
to back this statement with real legal advice. I have never met anyone
in Debian who claims to be an expert in open source licensing but
everyone seems to be of the opinion that we would do something illegal,
when...

If the Policy editors cannot make a decision with regards to
debian/copyright then we should ask the DPL to seek legal advice and
when necessary start a GR for reasons of legitimacy.

Regards,

Markus







signature.asc
Description: OpenPGP digital signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Scott Kitterman]

On Tuesday, December 12, 2017 09:29:27 PM Markus Koschany wrote:
> Hi,
> 
> thanks for reporting. I also intended to make such a proposal and I had
> briefly mentioned it in bug #883966. [1]
> 
> The reason why the short form is allowed is because of Debian Policy 12.5
> 
> "Packages distributed under the Apache license (version 2.0), the
> Artistic license, the GNU GPL (versions 1, 2, or 3), the GNU LGPL
> (versions 2, 2.1, or 3), the GNU FDL (versions 1.2 or 1.3), and the
> Mozilla Public License (version 1.1 or 2.0) should refer to the
> corresponding files under /usr/share/common-licenses, [9] rather than
> quoting them in the copyright file."
> 
> I agree that using boiler plate like this:
> | License: GPL-2+
> | On Debian systems the full text of the GPL-2 can be found in
> | /usr/share/common-licenses/GPL-2
> 
> is still redundant.
> 
> I suggest to change Debian Policy 12.5 and copyright format 1.0 in such
> a way that the following syntax is allowed:
> 
> License: [GPL-2+]
> 
> This would imply the license is identical to the one we ship under
> /usr/share/common-licenses/. Services like sources.debian.org could
> easily parse this field and automatically link to the full license-text.
> 
> I don't have a fixation about using brackets. We could also use
> something else. In the above case Lintian should not warn about a
> missing standalone license or license text in general.
> 
> Regards,
> 
> Markus
> 
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883966#25

Speaking just for myself (not as an FTP Team member), I think that's 
definitely too short.  If debian/copyright isn't going to include the license, 
then I think at a minimum, it needs to point to where to find it.  
/usr/share/common-licenses may be well known to developers, but I don't think 
it's reasonable to assume users will automatically know to look there.

Scott K


signature.asc
Description: This is a digitally signed message part.

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Sean Whitton]

Hello Markus,

On Tue, Dec 12 2017, Markus Koschany wrote:

> I agree that using boiler plate like this:
>
> | License: GPL-2+
> | On Debian systems the full text of the GPL-2 can be found in
> | /usr/share/common-licenses/GPL-2
>
> is still redundant.
>
> I suggest to change Debian Policy 12.5 and copyright format 1.0 in such
> a way that the following syntax is allowed:
>
> License: [GPL-2+]

This would mean that we are not explicitly stating in our d/copyright
file the difference between GPL-2 and GPL-2+.  To learn of the
difference, a user would need to view the full spec of the copyright
format.

This seems like a regression, as the current format is easily
easy to understand without reference to the spec.  It also means that
the package's copyright information is self-contained and not dependent
on some external document.  This is a feature we should preserve (and
might be legally required to preserve).

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Markus Koschany]

Hi,

thanks for reporting. I also intended to make such a proposal and I had
briefly mentioned it in bug #883966. [1]

The reason why the short form is allowed is because of Debian Policy 12.5

"Packages distributed under the Apache license (version 2.0), the
Artistic license, the GNU GPL (versions 1, 2, or 3), the GNU LGPL
(versions 2, 2.1, or 3), the GNU FDL (versions 1.2 or 1.3), and the
Mozilla Public License (version 1.1 or 2.0) should refer to the
corresponding files under /usr/share/common-licenses, [9] rather than
quoting them in the copyright file."

I agree that using boiler plate like this:

| License: GPL-2+
| On Debian systems the full text of the GPL-2 can be found in
| /usr/share/common-licenses/GPL-2

is still redundant.

I suggest to change Debian Policy 12.5 and copyright format 1.0 in such
a way that the following syntax is allowed:

License: [GPL-2+]

This would imply the license is identical to the one we ship under
/usr/share/common-licenses/. Services like sources.debian.org could
easily parse this field and automatically link to the full license-text.

I don't have a fixation about using brackets. We could also use
something else. In the above case Lintian should not warn about a
missing standalone license or license text in general.

Regards,

Markus

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883966#25



signature.asc
Description: OpenPGP digital signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Sean Whitton]

control: tag -1 +moreinfo

Hello,

On Sun, Dec 10 2017, Simon McVittie wrote:

> This is not really Policy's decision: it's the ftp team (cc'd) who
> decide what they are willing to accept into Debian, and they require
> the license grant[1] to be reproduced[2]. As far as I'm aware, it
> isn't documented anywhere *why* it is required. ftp team: please could
> you clarify this?

Indeed.  Let's not go any further with this bug until we get an answer
for that.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Simon McVittie]

On Sat, 09 Dec 2017 at 19:57:26 +0100, Mattia Rizzolo wrote:
> First of all, I'd like policy to stop being unclear on this matter, or
> state whether the correct form is [a brief license reference] or
> [the full license grant].

This is not really Policy's decision: it's the ftp team (cc'd) who decide
what they are willing to accept into Debian, and they require the license
grant[1] to be reproduced[2]. As far as I'm aware, it isn't documented
anywhere *why* it is required. ftp team: please could you clarify this?
The main possibilities seem to be:

* it might be a legal requirement imposed on us by copyright
  holders/copyright laws (in which case we must continue; but this seems
  unlikely, since Fedora is backed by a US corporation that is a much
  more attractive target for lawsuits than Debian, and they seem happy
  with their 1-line summaries);
* it might be a self-imposed requirement in order to meet some goal
  (in which case whether to continue is a Debian project decision,
  hopefully based on comparing the cost/work of keeping this requirement
  with the benefit of meeting that goal)

I would like the amount of debian/copyright work that is enforced by RC
bugs and package removals to be as small as it can be, but we can't know
which parts are critical and which parts are nice-to-have without knowing
why they're required. If some deficiencies in d/copyright are harmful
to a Debian goal but do not threaten redistributability or the Social
Contract, then the severity of the resulting bugs can be set according
to the importance of that goal, and the bugs can be fixed by the people
who care most about that goal, in Debian's usual "do-ocracy" way.

[1] https://lists.debian.org/debian-devel/2015/05/msg00473.html
[2] https://lists.debian.org/debian-devel-announce/2006/03/msg00023.html
(in that mail Joerg called the license grant the "license headers",
but I believe the canonical jargon term is that it's a license grant)

> Secondly (which would overcome the first matter as well), I'd like to
> propose to just stop wasting time/bytes in dumping such useless
> boilerplte in our `debian/copyright`s when a license is available in
> /usr/share/common-licenses.

I would like this too, but only if the ftp team will actually accept it:
it would be actively harmful to clarify Policy in a direction that
doesn't match what is allowed through the NEW queue.

smcv

Bug#883950: debian-policy: allow specifying common licenses with only the identifier

[Mattia Rizzolo]

Package: debian-policy

Nowadays it's common to see stand alone license paragraphs like these:

|License: GPL-2+
| On Debian systems the full text of the GPL-2 can be found in
| /usr/share/common-licenses/GPL-2

or

|License: GPL-2+
| This program is free software; you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation; either version 2 of the License, or
| (at your option) any later version.
| .
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
| GNU General Public License for more details.
| .
| You should have received a copy of the GNU General Public License along
| with this program; if not, write to the Free Software Foundation, Inc.,
| 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
| .
| On Debian systems, the complete text of the GNU General Public
| License version 2 can be found in `/usr/share/common-licenses/GPL-2'.


First of all, I'd like policy to stop being unclear on this matter, or
state whether the correct form is the former or the latter.

Secondly (which would overcome the first matter as well), I'd like to
propose to just stop wasting time/bytes in dumping such useless
boilerplte in our `debian/copyright`s when a license is available in
/usr/share/common-licenses.
I'm proposing either a new License-File field to be used in stand-alone
license paragraphs, or just whitelist some license identifiers as
"well known" and allow them to not need stand alone license paragraphs
at all (i.e. a file paragraph with 'License: GPL-2+' would be fine
without any extended license specification).

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
more about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature