-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gediminas Paulauskas wrote:
2010/2/8 Tres Seaver <tseaver@palladion.com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gediminas Paulauskas wrote:
Hello Zope Developers,
I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.
Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source.
Reading the ZPL, its first condition is:
1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer.
Since this condition is not met, such packages cannot be legally distributed.
Who will add a copy of the license to each package in Zope SVN? When? $ wget \ http://pypi.python.org/packages/source/Z/Zope2/Zope2-2.12.3.tar.gz $ tar tzf Zope2-2.12.3.tar.gz | grep -i license Zope2-2.12.3/src/ZServer/medusa/dist/license.html Zope2-2.12.3/ZopePublicLicense.txt
I am talking about the packages making up the ZTK and ZopeApp. I am packaging each of them separately -- see http://revu.ubuntuwire.com/u/menesis . Each one, even the smallest ones like zope.size, zope.filerepresentation, zope.app.zcmlfiles has to contain a license in their source tarballs.
I've got no objections to having that file copied to each of those packages and new releases made, but it isn't my itch to scratch. $ for pkg in $(cat list_of_package_branches_needing_zpl.txt); do \ svn cp -m "Add ZPL text" $ZSVN/Zope2/trunk/ZopePublicLicense.txt \ $ZSVN/$pkg; done should be a start. Making new releases and uploading them is left as an exercise for the reader. I will note that Christian Theune is about to run a big script updating all comment headers to indicate copyright assignment to the Zope Foundation: perhaps you would coordinate with him, as he will likely be doing a release-and-upload-geddon after that change. In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktwhE0ACgkQ+gerLs4ltQ50VgCdHGn0n8gQWVXM6BlrcZFNBKzO sQQAnjb9VMD70bOOmfD8ovWZT92pGuum =Pvy6 -----END PGP SIGNATURE-----