R packages licensed MIT but not shipping a copy of the MIT license itself
[ please CC me as I'm not in d-legal@ ] So, today I discovered [0] that R-project has some polices regarding licenses [1]. In particular they have one regarding the MIT license [2]. This needs to go together with their extensions manuals [3]. Read together they say that if you have an R module you want to license under MIT (which is really Expat) you have to: * Add a line with "License: MIT + file LICENSE" in the DESCRIPTION file * Add a LICENSE file with only (and they are explicit on the "only") 2 lines: YEAR: COPYRIGHT HOLDER: period. Now, the Expat/MIT license (in particular the one present at [2] have quite a clear statement: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. that requires the whole MIT license to be reported verbatim in every release and copy of code covered by it. But according to the R policy, R extensions do not, and the only reference to the MIT license is the single word "MIT" in the DESCRIPTION file. This seems to have been accepted by the ftp-masters, as there are at least 11 packages [4] in this condition already in the archive. I should admin that with our packaging the distribution of these piece of software is ok, as we add a copy of license in the debian copyright file. Still, I think the way the R project distributes MIT-licensed stuff is not ok. What do you think? Am I seeing a problem that actually isn't? Thanks in advance. [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818622#25 [1] https://www.r-project.org/Licenses/ [2] https://www.r-project.org/Licenses/MIT [3] https://cran.r-project.org/doc/manuals/r-release/R-exts.html#Licensing [4] found by looking up 'path:debian/copyright License: MIT' in codesearch.d.n and grepping the results for packages named /r-cran/ -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Re: R packages licensed MIT but not shipping a copy of the MIT license itself
On Sun, Mar 20, 2016 at 12:07:06PM -0400, Paul R. Tagliamonte wrote:
> FWIW, I've been rejecting them where I see them. Mind filing serious bugs
> on those 11?
Incidentally I have sponsored one of those this morning (assuming it was
fine given that I found so many examples in the archive), and there are
2 more in the RFS queue.
Do you mind rejecting it in this case? source is r-cran-r6 (please
write something meaningful on the reject notice, so that the sponsoree
(which is the same of the other 2) will get some more background).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
Re: R packages licensed MIT but not shipping a copy of the MIT license itself, Re: R packages licensed MIT but not shipping a copy of the MIT license itself
On Mon, Mar 21, 2016 at 04:28:30PM +1100, Ben Finney wrote: > Mattia Rizzolo writes: > > Based on http://opensource.org/licenses/MIT > > > > This is a template. Complete and ship as file LICENSE the following 2 > > lines (only) > > > > YEAR: > > COPYRIGHT HOLDER: > > > > and specify as > > > > License: MIT + file LICENSE > > > > Copyright (c) , > > I don't think any of the above text implies a *requirement* on the > recipient of the license. even if it mayb not be a requirement it is still followed. > Indeed, the license grant begins at the standard “MIT” (which is > Expat-equivalent) permission grant: > > > > > a copy of this software and associated documentation files (the > > "Software"), to deal in the Software without restriction, including > > without limitation the rights to use, copy, modify, merge, publish, > > distribute, sublicense, and/or sell copies of the Software, and to > > permit persons to whom the Software is furnished to do so, subject to > > the following conditions: > > > > The above copyright notice and this permission notice shall be > > included in all copies or substantial portions of the Software. > > That alone grants all the DFSG-conformant freedoms. I don't think > anything else in the text is rightly interpreted to restrict those > freedoms in any way. Yes, I see how the MIT license is DFSG-free. What I'm saying is that IMHO the only license requirement (the second paragraph of it that you reported above, about including the copyright notice *and* the permission notice in any copy of the software) is not fulfilled by R packages. > It would be better if the guidelines were more clearly phrased to be > guidance for *how* to apply the license; as it is, they are terse and > too easily misread. But I think a careful reading would not imply any > extra restriction on the license recipient. I haven't read any extra restriction, what I read is that this "how to apply the license" breaks the license requirements. > So in my opinion, this is just a clumsy way to present a page that > nevertheless is an explicit grant of the standard Expat license > conditions in a work. > > In short: this does not IMO disqualify the work from conforming to the > DFSG. but IMO it disqualifies the work from conforming to the MIT requirements. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Re: R packages licensed MIT but not shipping a copy of the MIT license itself, Re: R packages licensed MIT but not shipping a copy of the MIT license itself
[you forgot to CC me on this, anyway, I temporarly subscribed d-legal@] On Tue, Mar 22, 2016 at 07:52:18AM +1100, Ben Finney wrote: > Mattia Rizzolo writes: > > > Yes, I see how the MIT license is DFSG-free. What I'm saying is that > > IMHO the only license requirement (the second paragraph of it that you > > reported above, about including the copyright notice *and* the > > permission notice in any copy of the software) is not fulfilled by R > > packages. > > Thanks for clarifying. > > Can you point us to a representative source package that you think has > this problem? src:r-cran-praise (as of current version 1.0.0-1) is a good example. As also pabs said [1] we should be good enough, but I'd prefer we could drop the enough here. [1] https://lists.debian.org/debian-legal/2016/03/msg00067.html -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
Re: R packages licensed MIT but not shipping a copy of the MIT license itself, Re: R packages licensed MIT but not shipping a copy of the MIT license itself
On Wed, Mar 23, 2016 at 06:10:57AM +1100, Ben Finney wrote: > This issue should be resolved by the upstream distributor, as I agree > with you that they are not compliant with the conditions of the license. > You may want to have that discussion with them. I wonder how to contact R people, I've never approached R world before. Furthermore, I currently don't have the time, nor the willing force, needed to carry on a "legal" discussion with an upstream, much less with whoever maintains the guidelines of such a big world as CRAN. > I also agree with Paul Wise, that the Debian source package conforms to > the license conditions (by always including the required text). So any > redistributor of Debian, or this component from Debian, will by default > not violate those conditions. cool. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature
