Hello Zope Developers, I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code. Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source. Reading the ZPL, its first condition is: 1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer. Since this condition is not met, such packages cannot be legally distributed. Who will add a copy of the license to each package in Zope SVN? When?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gediminas Paulauskas wrote:
Hello Zope Developers,
I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.
Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source.
Reading the ZPL, its first condition is:
1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer.
Since this condition is not met, such packages cannot be legally distributed.
Who will add a copy of the license to each package in Zope SVN? When?
$ wget \ http://pypi.python.org/packages/source/Z/Zope2/Zope2-2.12.3.tar.gz $ tar tzf Zope2-2.12.3.tar.gz | grep -i license Zope2-2.12.3/src/ZServer/medusa/dist/license.html Zope2-2.12.3/ZopePublicLicense.txt Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktwfusACgkQ+gerLs4ltQ4zpwCgizLBgdac2VEmFHcC61UZ7ySd FrIAoMHE/opviKYUG83eZGvkIeyYULQ4 =dSOn -----END PGP SIGNATURE-----
2010/2/8 Tres Seaver <tseaver@palladion.com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gediminas Paulauskas wrote:
Hello Zope Developers,
I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.
Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source.
Reading the ZPL, its first condition is:
1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer.
Since this condition is not met, such packages cannot be legally distributed.
Who will add a copy of the license to each package in Zope SVN? When?
$ wget \ http://pypi.python.org/packages/source/Z/Zope2/Zope2-2.12.3.tar.gz $ tar tzf Zope2-2.12.3.tar.gz | grep -i license Zope2-2.12.3/src/ZServer/medusa/dist/license.html Zope2-2.12.3/ZopePublicLicense.txt
I am talking about the packages making up the ZTK and ZopeApp. I am packaging each of them separately -- see http://revu.ubuntuwire.com/u/menesis . Each one, even the smallest ones like zope.size, zope.filerepresentation, zope.app.zcmlfiles has to contain a license in their source tarballs.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gediminas Paulauskas wrote:
2010/2/8 Tres Seaver <tseaver@palladion.com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gediminas Paulauskas wrote:
Hello Zope Developers,
I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.
Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source.
Reading the ZPL, its first condition is:
1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer.
Since this condition is not met, such packages cannot be legally distributed.
Who will add a copy of the license to each package in Zope SVN? When? $ wget \ http://pypi.python.org/packages/source/Z/Zope2/Zope2-2.12.3.tar.gz $ tar tzf Zope2-2.12.3.tar.gz | grep -i license Zope2-2.12.3/src/ZServer/medusa/dist/license.html Zope2-2.12.3/ZopePublicLicense.txt
I am talking about the packages making up the ZTK and ZopeApp. I am packaging each of them separately -- see http://revu.ubuntuwire.com/u/menesis . Each one, even the smallest ones like zope.size, zope.filerepresentation, zope.app.zcmlfiles has to contain a license in their source tarballs.
I've got no objections to having that file copied to each of those packages and new releases made, but it isn't my itch to scratch. $ for pkg in $(cat list_of_package_branches_needing_zpl.txt); do \ svn cp -m "Add ZPL text" $ZSVN/Zope2/trunk/ZopePublicLicense.txt \ $ZSVN/$pkg; done should be a start. Making new releases and uploading them is left as an exercise for the reader. I will note that Christian Theune is about to run a big script updating all comment headers to indicate copyright assignment to the Zope Foundation: perhaps you would coordinate with him, as he will likely be doing a release-and-upload-geddon after that change. In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktwhE0ACgkQ+gerLs4ltQ50VgCdHGn0n8gQWVXM6BlrcZFNBKzO sQQAnjb9VMD70bOOmfD8ovWZT92pGuum =Pvy6 -----END PGP SIGNATURE-----
On 2010-2-8 22:38, Tres Seaver wrote:
In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think.
It is since they require that the 'pristine upstream source' they ship is legally valid. And they do have a point that our packages explicitly point to an internal license file in the package which does not exist. Wichert. -- Wichert Akkerman <wichert@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wichert Akkerman wrote:
On 2010-2-8 22:38, Tres Seaver wrote:
In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think.
It is since they require that the 'pristine upstream source' they ship is legally valid. And they do have a point that our packages explicitly point to an internal license file in the package which does not exist.
My point is that their interpretation is valid in terms of blocking acceptance into their distros: whether it is valid for anybody else is more open to debate. I don't see this as a "big red button" emergency, myself, and think that fixing the issue upstream as part of the ZF assignment fixup should be fine. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktwjB8ACgkQ+gerLs4ltQ7VcQCdE1Lj0EqiQmZtqW9Svt1ewaBd NegAoKwxwzyExdB0JQ7honBbsukEZVIR =NtEU -----END PGP SIGNATURE-----
2010/2/8 Tres Seaver <tseaver@palladion.com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gediminas Paulauskas wrote:
2010/2/8 Tres Seaver <tseaver@palladion.com>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gediminas Paulauskas wrote:
Hello Zope Developers,
I am packaging many Zope libraries for Ubuntu. But my packages were rejected by archive admin because the source tarballs do not satisfy the inclusion requirements.
From https://wiki.ubuntu.com/PackagingGuide/Basic#Copyright :
* The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.
Every file under the ZPL has a sentence "A copy of the ZPL should accompany this distribution." in it's header. But that's not the case. Very few packages ship a ZopePublicLicense.txt in their source.
Reading the ZPL, its first condition is:
1. Redistributions in source code must retain the accompanying copyright notice, this list of conditions, and the following disclaimer.
Since this condition is not met, such packages cannot be legally distributed.
Who will add a copy of the license to each package in Zope SVN? When? $ wget \ http://pypi.python.org/packages/source/Z/Zope2/Zope2-2.12.3.tar.gz $ tar tzf Zope2-2.12.3.tar.gz | grep -i license Zope2-2.12.3/src/ZServer/medusa/dist/license.html Zope2-2.12.3/ZopePublicLicense.txt
I am talking about the packages making up the ZTK and ZopeApp. I am packaging each of them separately -- see http://revu.ubuntuwire.com/u/menesis . Each one, even the smallest ones like zope.size, zope.filerepresentation, zope.app.zcmlfiles has to contain a license in their source tarballs.
I've got no objections to having that file copied to each of those packages and new releases made, but it isn't my itch to scratch.
$ for pkg in $(cat list_of_package_branches_needing_zpl.txt); do \ svn cp -m "Add ZPL text" $ZSVN/Zope2/trunk/ZopePublicLicense.txt \ $ZSVN/$pkg; done
should be a start. Making new releases and uploading them is left as an exercise for the reader. I will note that Christian Theune is about to run a big script updating all comment headers to indicate copyright assignment to the Zope Foundation: perhaps you would coordinate with him, as he will likely be doing a release-and-upload-geddon after that change.
I know that copyright is about to be changed to Zope Foundation. A perfect time to ensure the license is there.
In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think.
Yes, I was told that patching the source to add the file would be enough to get them accepted. Provided that I ask the upstream developers to do that in the future for real.
On Mon, Feb 08, 2010 at 11:54:45PM +0200, Gediminas Paulauskas wrote:
2010/2/8 Tres Seaver <tseaver@palladion.com>:
In the mean time, you could patch the file in via your debian/ control stuff, I guess. The Ubuntu / Debian interpretation of "legality of distribution" is not controlling outside their universes, I think.
Well, technically I suppose we're all violating the law by not following the ZPL requirement of keeping the licence text next to the files it covers when we redistribute them. It's unlikely for the Zope Foundation to sue any of us, thankfully.
Yes, I was told that patching the source to add the file would be enough to get them accepted. Provided that I ask the upstream developers to do that in the future for real.
You're an upstream developer too, Gediminas, now that you've received commit access. ;-) Incidentally, would Debian/Ubuntu consider it acceptable to have upstream tarballs repackaged with the missing licence file included but without bumping the revision number and uploading a new egg to PyPI? I know they do this kind of repackaging when they need to remove non-DFSG-free files, or debian/ directories in upstream tarballs, but I've never heard of them adding files. Marius Gedminas -- http://pov.lt/ -- Zope 3 consulting and development
On Tue, Feb 9, 2010 at 08:19, Marius Gedminas <marius@gedmin.as> wrote:
Well, technically I suppose we're all violating the law by not following the ZPL requirement of keeping the licence text next to the files it covers when we redistribute them. It's unlikely for the Zope Foundation to sue any of us, thankfully.
Oh, you just wait, if I get elected to the board there is gonna be HELLFIRE! No, seriously, sticking a copy in each package as a part of the big header update seems a good idea. -- Lennart Regebro: Python, Zope, Plone, Grok http://regebro.wordpress.com/ +33 661 58 14 64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/10/10 15:53 , Lennart Regebro wrote:
On Tue, Feb 9, 2010 at 08:19, Marius Gedminas <marius@gedmin.as> wrote:
Well, technically I suppose we're all violating the law by not following the ZPL requirement of keeping the licence text next to the files it covers when we redistribute them. It's unlikely for the Zope Foundation to sue any of us, thankfully.
Oh, you just wait, if I get elected to the board there is gonna be HELLFIRE!
No, seriously, sticking a copy in each package as a part of the big header update seems a good idea.
+1 on that. Even if adding the file is inappropriate (e.g. because a license file already exists) the checkin will alert the respective package developers to the change and they can fix that if needed. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkty1asACgkQRAx5nvEhZLLmkQCglk/A9Y2R2f+iF545K+ZgcNZt Wr8An2TycG6VII2yIYguAw3g5WSaLeHe =6Gm/ -----END PGP SIGNATURE-----
participants (6)
-
Gediminas Paulauskas -
Jens Vagelpohl -
Lennart Regebro -
Marius Gedminas -
Tres Seaver -
Wichert Akkerman