Bug#694657: closed by Reinhard Tartler <siretart at tauware.de> (Bug#694657: fixed in libav 6:9.1-1)

Jonas Smedegaard dr at jones.dk
Mon Jan 14 11:07:31 UTC 2013

Quoting Francesco Poli (2013-01-13 12:41:38)
> On Sun, 13 Jan 2013 08:25:29 +0100 Reinhard Tartler wrote:
> > Especially as Jonas (and others) keep telling me that 
> > debian/copyright is only about the source package.
> They are indeed right, generally speaking.
> But when the effective license of binary package(s) is more 
> restrictive than it would seem to be by just looking at the 
> debian/copyright file, I think that a big warning should be put in a 
> prominent place in order to point out the situation.
> What better place than the debian/copyright file to warn users about 
> some "surprising" licensing of binary packages?

I agree that debian/copyright is the best place to cover effective 
licensing, but I disagree that we whould do it before it is defined as 
the purpose of that file to cover *both* source and effective licensing.

Debian copyright file format 1.0 do not introduce new meaning or 
requirements to the copyright file, only new structure!

> Suppose I am the maintainer of another Debian package and I have to 
> assess whether it is legally possible to distribute that package 
> linked with some libav libraries.
> The first things to check would be the libav library binary package 
> descriptions and the libav debian/copyright file.
> Most people would stop there, without studying the libav build process 
> in detail and without recursively checking the debian/copyright files 
> and build processes of all the direct and indirect dependencies of the 
> libav libraries!

Stopping there is flawed, *because* looking at those places is not 
enough to describe effective licensing!

One needs to examine the combined licensing of all parts of the chain - 
which is a huge job, I agree.  First step in imporving that job is to 
make _source_ licensing machine readable *without* changing anything 
else, and a later step is to hopefully make a tool that traverses all 
build-dependencies to warn about potential incompatibilities.

> > I'm not a big fan of adding licence terms to the binary package 
> > description.
> I can understand, but in some "surprising" cases it maybe makes sense. 
> Especially when multiple binary packages built from the same source 
> package end up having different effective licenses...

I find it false security to try document such "elevations" in 
copylefting of licensing, because it not only is tied to the current 
package and build flags there, but the whole chain of packages involved 
in the build process.

Also, it still does not belong in the package description.

I would be quite happy to extend debian/copyright to also cover 
effective licensing, but that should be a Debian-wide change of policy, 
because doing it "only when noticed" could quite easily be 
misinterpreted as having done it "only when needed" which is a quite 
different thing.

Regards, and thanks a lot for raising this issue,

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20130114/79067536/attachment.pgp>

More information about the pkg-multimedia-maintainers mailing list