> Hello,
>
> I have been working on a general effort to improve the new packaging
> guide[1]. As a general note, please consider joining me.
>
> As part of this effort, with the help of Aaron Rainbolt[2], I have
> written an initial, rough draft of best practices for licensing
> packages in Ubuntu. This is based on our *de facto* copyright
> practices in Lubuntu.
>
> You can also find a changelog and Git history here[3], with a
> rendered copy of the draft pull request here[4].
>
> I would like to open this up for general comment from the Ubuntu
> Archive Admins and other Ubuntu Developers, then ask the Ubuntu
> Archive Admins to officially ratify it before it is merged into the
> packaging guide.
>
> The Ubuntu Archive Admins may consider escalating this to the
> Technical Board for approval, at their discretion. That being said, I
> would like all relevant parties to participate, and come to an
> agreement before it is merged.
>
> If something like this already exists, which parts need to be
> included? Is there anything factually incorrect or misleading in the
> text below? Do you know of good examples that should be included as a
> reference?
>
> Most importantly, I am unsure about the specific requirements for a
> package to be moved to Multiverse or Restricted. I have never
> uploaded a brand new source package to either, to my recollection.
>
> Lastly, the intent of this is to clarify existing procedures around
> licensing in Ubuntu. Could we please save discussion on actually
> changing those standards for another thread?
>
> The full text, as it currently stands:
>
> ===== START RST-FORMATTED TEXT =====
>
> Copyright and Licensing
> =======================
>
> Ubuntu is a collection of free and open source software. As such, it
> is
> critical to ensure the licensing of our packages is reviewed
> carefully.
>
> It is important to verify a package's :file:`debian/copyright` file
> when
> creating patches, updating to new upstream releases, and creating new
> packages
> altogether. Understanding copyright can be a time-consuming task, but
> being
> conscious of licensing standards broadens your perspective on how
> software may
> interact.
>
> DEP-5 and Copyright Files
> -------------------------
>
> Ubuntu and Debian use the `DEP-5 standard
> <https://dep-team.pages.debian.net/deps/dep5/>`_
> for tracking copyright references in packages. Per Debian Policy `4.5
> <
> https://www.debian.org/doc/debian-policy/ch-source.html#copyright-debi
> an-copyright>`_,
> `12.5
> <https://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfil
> e>`_, and
> `2.3
> <https://www.debian.org/doc/debian-policy/ch-archive.html#s-pkgcopyri
> ght>`_
> (which should be considered as the Single Source Of Truth for policy
> regarding
> copyright files), every package must have a copyright file. While
> DEP-5 is
> technically not a hard requirement, it is best practice to use DEP-5
> when
> creating or updating packages.
>
> When you should (not) rewrite a copyright file to use DEP-5
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> You **should** rewrite a copyright file to use DEP-5 if:
>
> * you are updating to a new upstream version in an Ubuntu-only
> package.
> * you are updating to a new upstream version in a package that is in
> both
> Debian and Ubuntu, and you are sending the delta upstream to
> Debian.
> * a package you maintain in Debian does not use DEP-5.
>
> You **should not** rewrite a copyright file to use DEP-5 if:
>
> * you are performing a Stable Release Update, except in the case of
> documented Microrelease Exceptions.
> * a package does not have an extensive Ubuntu delta and you do not
> plan on
> sending the change to Debian.
> * there is general disagreement with the team claiming maintenance of
> the
> package in Ubuntu (this should be discussed on the ubuntu-devel
> mailing
> list).
> * the package contains an extremely large number of files under
> different
> copyrights, and the maintenance of an accurate DEP-5 copyright
> file for
> the package would render further maintenance effectively
> impossible.
> This exception is not to be used lightly, and should be fallen
> back on
> only for the largest and most extremely complicated packages in
> Debian
> and Ubuntu, such as the Linux kernel.
>
> Unclear Licensing and Special Cases
> +++++++++++++++++++++++++++++++++++
>
> There are several cases in which the licensing of source files is
> questionable. Below you will find several examples; when in doubt
> about a
> specific license, please review the DFSG FAQ linked in the Resources
> section:
>
> * A source package which contains no licensing information is
> considered to be
> proprietary, and thus not eligible for inclusion in Ubuntu.
> * Files licensed in the public domain still must be listed in the
> copyright
> file. Some jurisdictions allow copyright for software to be
> changed
> posthumously, so it is important to still credit authors in this
> case.
>
> Copyright of Image Files
> ++++++++++++++++++++++++
>
> When including image files in a source package, you should also
> verify there
> are no embedded licenses within the `Exif data
> <https://en.wikipedia.org/wiki/Exif>`_
> for the image. Additionally, you should also ensure the color profile
> is free.
> (Examples of non-free color profiles include the `Adobe formats
> <https://www.adobe.com/support/downloads/iccprofiles/icc_eula_win_end
> .html>`_.)
>
> You can use the following Bash script to determine whether an image
> file has
> such data:
>
> .. code-block:: bash
>
> for i in *; do
> if [[ "$(exiftool "$i")" =~
> (creator|copyright|license|description) ]]; then
> exiftool "$i"
> fi
> done
>
> A non-free image file may output something like:
>
> .. code-block:: ini
>
> Profile Creator : Hewlett-Packard
> Profile Copyright : Copyright (c) 1998 Hewlett-
> Packard Company
> Profile Description : Adobe RGB 1998
>
> If there are no licensing details within the Exif data, it is assumed
> that it
> is licensed the same as the source package or specific directory it
> resides in.
>
> While this was later proved to be a false positive, you can find an
> example of
> a non-free image (and how to inform upstreams) `here
> <https://github.com/lxqt/lxqt-runner/issues/241>`_.
>
> Tools for Copyright File Verification
> -------------------------------------
>
> Many tools exist to verify the licenses in a package. You can find a
> current
> list on the `CopyrightReviewTools Debian Wiki page
> <https://wiki.debian.org/CopyrightReviewTools>`_.
>
> The most commonly used tool for this is :manpage:`licensecheck(1)`.
> Here is an
> example of how you may use it:
>
> .. code-block:: bash
>
> licensecheck --check '.*' --recursive --deb-machine --lines 0 --
> *
>
> If all else fails, you will need to manually open each file and make
> a
> determination based on its copyright header (if there is one).
>
> Resources
> ---------
>
> * `Debian Free Software Guidelines
> <https://www.debian.org/social_contract.html#guidelines>`_
> * `DFSG and Software License FAQ (Draft)
> <https://people.debian.org/~bap/dfsg-faq.html>`_
> * `Licensing exercises from the Debian Developer process
> <https://salsa.debian.org/nm-team/nm-templates/-/blob/master/nm_pp1.t
> xt?ref_type=heads#L48>`_
>
> - It can be incredibly helpful to answer these questions in your
> own notes,
> and ask a Debian Developer to verify your answers.
> Alternatively, you may
> politely ask a Debian Developer for their own answers to those
> questions.
>
> * `Ubuntu open-source licenses
> <https://ubuntu.com/legal/open-source-licences>`_
> * `Debian license information
> <https://www.debian.org/legal/licenses/>`_
> * `DFSGLicenses on the Debian Wiki
> <https://wiki.debian.org/DFSGLicenses>`_
> * `The Open Source Definition from OSI <https://opensource.org/osd>`_
> * `debian-legal mailing list archives
> <https://lists.debian.org/debian-legal/>`_
>
> ===== END RST-FORMATTED TEXT =====
>
> [1] https://github.com/canonical/ubuntu-packaging-guide
> [2] Erich Eickmeyer also pointed me to some of the specific public
> domain topics based on past rejects.
> [3]
> https://github.com/tsimonq2/ubuntu-packaging-guide/tree/tsimonq2/copyright-and-licensing
> [4]
> https://canonical-ubuntu-packaging-guide--88.com.readthedocs.build/en/88/how-to/copyright-and-licensing/
>
> Thanks,
> --
> Simon Quigley
> simon@tsimonq2.net
> @tsimonq2:ubuntu.com on Matrix
> tsimonq2 on LiberaChat and OFTC
> 5C7A BEA2 0F86 3045 9CC8
> C8B5 E27F 2CF8 458C 2FA4
Just throwing this in there additionally, with regards to images.
Some images do not meet the threshold of originality[1] that is
required in order to claim copyright on an image, such as those that
only contain simple text and shapes. That is not to say they can't
receive trademark status, just that they cannot have a copyright
claimed on them.
In the past, it has been agreed to that the images that in these cases,
they remain in the public domain and the DEP-5 stanzas would be
formatted as follows:
Files: {path to file}
Copyright: None
License: Public-Domain
License: Public-Domain
This logo image consists only of simple geometric shapes or text.
It does not meet the threshold of originality needed for copyright
protection, and is therefore in the public domain.
This was agreed to in the review of the edubuntu-menu package with
regards to the Ask Ubuntu logo, which is cited as not having met the
threshold of originality[2].
[1] https://commons.wikimedia.org/wiki/Commons:Threshold_of_originality
[2] https://commons.wikimedia.org/wiki/File:Ask_Ubuntu_logo.svg
--
Erich Eickmeyer
Ubuntu MOTU
Project Leader - Ubuntu Studio
Technical Lead - Edubuntu
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
