On the license of python-debian for use as a library

Philippe Ombredanne pombredanne at nexb.com
Wed Aug 14 17:54:25 BST 2019 

Hi Florian:

On Tue, Aug 13, 2019 at 9:05 PM Florian Weimer <fw at deneb.enyo.de> wrote:
>
> * Philippe Ombredanne:
>
> > Background/original message
> > =======================
> > python-debian is the canonical library to handle debian files. It is
> > GPL-licensed yet also used as a library by quite a few tools [2] that
> > are not GPL-licensed but rather ISC, MIT, Apache and similar both at
> > debian and elsewhere.
> >
> > Would the copyleft of python-debian flow to a tool or library that is
> > calling and using python-debian as a library?
> >
> > If yes, could it make sense to consider some sorts of licensing update
> > either for all these FOSS libraries or rather for python-debian proper
> > such that the effective licensing of these tools may not be impacted?
> >
> > PS: I am maintaining origin and license code scanning tools written in
> > Python [3] and I am considering to add a dependency on python-debian to
> > export valid machine readable copyright files created from a scancode
> > license and copyright file [4]. The licensed toolkit is Apache-licensed.
>
> I don't really see where this is coming from.  I do not see any
> practical problems with a copyleft license for a Python script.
> Compliance with the GPLv2+ terms is about as difficult as complying
> with the MIT license, so why bother changing the licensing?

The way I understand it, the copyleft from python-debian would extend
to the calling code (e.g. another program that would use python-debian
as a library).
There are a few such programs calling pytho-debian today (I listed
some in my initial email) out there that use non-copyleft permissive
licenses and I was considering using python-debian in an
Apache-license application, therefore having an alternative license
such as an LGPL or an exception add to the GPL or some permissive
license would be better IMHO for these cases, much the same way for
instance librpm was made LGPL to enable building RPM-based tools under
any FOSS license [1]

> In any case, my contributions to python-debian were probably copied
> from the Debian security tracker project, so you'd need to check what
> exactly was copied from there and who contributed to the copied code
> portion.

Your copyright shows up in debian_support.py as added by James Westby
about 13 years ago on 2006-08-16 [2] and indeed was exactly copied
from the security tracker at this commit [3]. The trail of commits
before [4] and after [5] that is clean and clear.  FWIW, it looks like
the only part being used elsewhere in python-debian is the
"debian_support.Version" class: I guess the rest of the code is API
code for library users to call.

[1] https://github.com/rpm-software-management/rpm/blob/7faf8eda1358f8a877b9b3d6e1197b814e80b50b/COPYING#L11
[2] https://salsa.debian.org/python-debian-team/python-debian/blob/75d12ca851d7ce92cbef9b06e0702f86a858433a/debian_bundle/debian_support.py
[3] https://salsa.debian.org/security-tracker-team/security-tracker/blob/66cf8c9da465dd52b5cc32c0e3c9ba8f663e8b70/lib/python/debian_support.py
[4] https://salsa.debian.org/security-tracker-team/security-tracker/commits/master/lib/python/debian_support.py
[5] https://salsa.debian.org/python-debian-team/python-debian/commits/master/lib/debian/debian_support.py

-- 
Cordially
Philippe Ombredanne

More information about the pkg-python-debian-maint mailing list