[Tahoe-debian] debian/copyright
Zooko O'Whielacronx
zooko at zooko.com
Fri Jun 17 03:14:39 UTC 2011
Is there a known reason these messages aren't appearing on the archive?
http://lists.alioth.debian.org/pipermail/tahoe-debian/2011-June/date.html
I would like to link to these messages from the Tahoe-LAFS issue tracker.
On Wed, Jun 15, 2011 at 3:53 PM, micah <micah at riseup.net> wrote:
>
> First, here are the changes to the debian/copyright:
>
> . updated Copyright to span 2011 after finding some file that declares
> it
> . removed duplicate pointer to the GPL
> . removed pointer to the LGPL, since the source never declares that
> license
> . re-ordered things to be more clear
> . removed the section on mac/fuse.py and mac/fuseparts/subbedopts.py as
> those files don't seem to exist anywhere in the source we have
> . removed the section on src/allmydata/util/figleaf.py as that file
> doesn't exist anywhere (and it declares a BSD license, which would need
> to be clarified about which BSD license)
> . removed the copy of the BSD license, which was a bit strange because
> it said Copyright (c) <YEAR>, <OWNER>, and didn't say what source
> fell under that license.
We should adopt these changes upstream.
> . there is an embedded setuptools (setuptools-0.6c16dev3.egg), which is
> licensed under the PSF or ZPL. I'm not sure I know what the PSF
> license is, and ZPL is probably Zope Public Licnese? Can someone
> clarify? Whatever these are it needs to be declared in the
> debian/copyright file.
You can see the licence names spelled out more completely further down
in setuptools's setup.py file. Lines 86 and 87 say:
http://svn.python.org/view/sandbox/trunk/setuptools/setup.py?view=markup#l86
License :: OSI Approved :: Python Software Foundation License
License :: OSI Approved :: Zope Public License
> . setuptools_darcs-1.2.12.egg is licensed under "BSD" - but it doesn't
> say what BSD, I believe we need clarification if this is the
> two-clause, three-clause, or million-clause BSD :)
I am the original upstream author of setuptools_darcs, and my complete
intended license is this:
"Permission is hereby granted to any person obtaining a copy of this
work to deal in this work without restriction (including the rights to
use, modify, distribute, sublicense, and/or sell copies)."
http://tahoe-lafs.org/trac/setuptools_darcs/browser/trunk/setup.py?annotate=blame&rev=74#L6
> . worse than above is that these are modified and embedded setuptools,
> and it appears, based on my poor reading of setup.py, that they are
> used for the build process.
This is correct. This is modified and embedded setuptools which is
used for the build process.
We call it "zetuptoolz" and maintain a copy of it under revision control here:
http://tahoe-lafs.org/trac/zetuptoolz
> embedded code copies are frowned on in
> Debian, and modified versions of code copies are even worse. if tahoe
> is going to fork setuptools for its own purposes, the changes should
> be set upstream, or a proper fork maintained. How are updates to this
> embedded copy managed? What about security fixes?
We don't make any updates to it unless necessary. I haven't checked to
see if the upstream maintainer of setuptools has made any security
fixes to it. He also makes no changes to upstream setuptools unless
necessary as well...
I'm off to read the svn log for upstream setuptools in search of security fixes.
Regards,
Zooko
More information about the Tahoe-debian
mailing list