Debian Bug report logs - #885698
Update and document criteria for inclusion in /usr/share/common-licenses

Package: debian-policy; Maintainer for debian-policy is Debian Policy Editors <[email protected]>; Source for debian-policy is src:debian-policy (PTS, buildd, popcon).

Reported by: Sean Whitton <[email protected]>

Date: Fri, 29 Dec 2017 09:51:01 UTC

Severity: important

Blocking fix for 1009343: please consider adding Boost-1.0 and Expat to /usr/share/common-licenses, 1013195: Add AGPL-3 to common-licenses, 795402: base-files: Please add Creative Commons license texts, 833709: Please add the MIT/Expat license to common-licenses, 883966: debian-policy: please add MIT/Expat to common licenses, 883968: debian-policy: please add CC-BY-SA-3.0 to common licenses, 883969: debian-policy: please add CC-BY-SA-4.0 to common licenses, 884223: debian-policy: please add AGPL-3.0 to common licenses, 884224: debian-policy: please add CC-BY-3.0 to common licenses, 884225: debian-policy: please add CC-BY-4.0 to common licenses, 884226: debian-policy: please add EPL-1.0 to common licenses, 884227: debian-policy: please add zlib to common licenses, 884228: debian-policy: please add OFL-1.1 to common licenses, 910548: base-files - please consider adding /usr/share/common-licenses/Unicode-Data, 924094: Add Artistic-2.0 to common-licenses

Full log

Message #137 received at [email protected] (full text, mbox, reply):

Received: (at 885698) by bugs.debian.org; 10 Sep 2023 20:42:09 +0000
From [email protected] Sun Sep 10 20:42:09 2023
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
	(2021-04-09) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-105.1 required=4.0 tests=ATTENDEES_DBSPAM_BODY3,
	BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,
	DKIM_VALID_EF,FOURLA,FROMDEVELOPER,META_ATTENDEES_DBSPAM1,PGPSIGNATURE,
	SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST,
	USER_IN_DKIM_WHITELIST autolearn=ham autolearn_force=no
	version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 8; hammy, 150; neutral, 220; spammy,
	0. spammytokens:
	hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
	0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
	0.000-+--H*RT:311, 0.000-+--H*RT:108
Return-path: <[email protected]>
Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:33382)
	from C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=stravinsky.debian.org,[email protected] (verified)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1qfRFx-00Bq6a-8I
	for [email protected]; Sun, 10 Sep 2023 20:42:09 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.stravinsky; h=X-Debian-User:In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=D168mKsA9hAX/lta3gHO/ADsLrvDBlfO4s4vFgDREeA=; b=pvY73CZSKlHGorbCz6UTqdfayj
	/qDtbKc0b2IE0gQpLmJnPg/X6Ll4SQZBjGB4xN9lC3M9gpLtFKGmJdg3HpvoAeUtwMDNlI+TsHSPi
	2bGKS/I2nRuNItjtMGNN5lY4fWeeN6e4z0VgOp0Z0BEm6qFa5yDRdCuhGhh1CJc4VYN539U6/3xZx
	fEYtQWyRm1nQCoIPtcrGNswliBwcKeQLJVG9dwy2BN2Z1RwxvY/N3Kw69jd2qHWBBqZsE9s8hTlio
	7ugWLAPTL7L6E/iRYeWI2RCpPZb7Zs1Rg/8FFDPUAhBDpZBTJ5cBckUPLybQLzAZ5jkgaXq3OGnGm
	CcFQLqPw==;
Received: from authenticated user
	by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1qfRFu-002NQI-5T; Sun, 10 Sep 2023 20:42:07 +0000
Date: Sun, 10 Sep 2023 22:42:04 +0200
From: Timo Röhling <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: What licenses should be included in /usr/share/common-licenses?
Message-ID: <[email protected]>
Mail-Followup-To: [email protected], [email protected]
Organization: The Debian Project
References: <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="e6qqtu56jhiruxyh"
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debian-User: roehling

[Message part 1 (text/plain, inline)]
* Russ Allbery <[email protected]> [2023-09-10 09:16]:
>> In order to structure the discussion and prod people into thinking about
>> the implications, I will make the following straw man proposal.  This is
>> what I would do if the decision was entirely up to me:
>
>>     Licenses will be included in common-licenses if they meet all of the
>>     following criteria:
>
>>     * The license is DFSG-free.
>>     * Exactly the same license wording is used by all works covered by it.
>>     * The license applies to at least 100 source packages in Debian.
>>     * The license text is longer than 25 lines.
>
>In the thread so far, there's been a bit of early convergence around my
>threshold of 100 packages above.  I want to make sure people realize that
>this is a very conservative threshold that would mean saying no to most
>new license inclusion requests.
>
>My guess is that with the threshold set at 100, we will probably add
>around eight new licenses with the 25 line threshold (AGPL-2,
>Artistic-2.0, CC-BY 3.0, CC-BY 4.0, CC-BY-SA 3.0, CC-BY-SA 4.0, and
>OFL-1.1, and I'm not sure about some of those because the CC licenses have
>variants that would each have to reach the threshold independently; my
>current ad hoc script does not distinguish between the variants), and
>maybe 10 to 12 total without that threshold (adding Expat, zlib, some of
>the BSD licenses).  This would essentially be continuing current practice
>except with more transparent and consistent criteria.  It would mean not
>including a lot of long legal license texts that people have complained
>about having to duplicate, such as the CDDL, CeCILL licenses, probably the
>EPL, the Unicode license, etc.
>
>If that's what people want, that's what we'll do; as I said, that's what I
>would do if the choice were left entirely up to me.  But I want to make
>sure I give the folks who want a much more relaxed standard a chance to
>speak up.

For me, this outcome would already be an improvement over the current
situation and alleviate my biggest pain point (CC licenses).
Still, I'd like to be significantly more relaxed.

I propose the following three criteria must be satisfied for
inclusion in /usr/share/common-licenses:

 * The license is DFSG-free.
 * Exactly the same license wording is used by all works covered by it.
 * The license is in the SPDX list of common licenses (https://spdx.org/licenses/)
   OR
   The license applies to at least 100 source packages in Debian.


I am not committed to the 100 source packages threshold, it is
mostly intended as fallback for a hypothetical future license which
is super popular but for some reason does not make it to the SPDX
list in a timely manner.

One very intentional side effect of my proposal is a nudge towards
using SPDX License Identifiers in d/copyright files.


Cheers
Timo

-- 
⢀⣴⠾⠻⢶⣦⠀   ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁   │ Timo Röhling                                       │
⢿⡄⠘⠷⠚⠋⠀   │ 9B03 EBB9 8300 DF97 C2B1  23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀   ╰────────────────────────────────────────────────────╯

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 08:25:14 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.