PackageLicenseTracking

Differences between revisions 5 and 7 (spanning 2 versions)
Revision 5 as of 2008-12-22 16:31:10
Size: 3174
Editor: cs78240155
Comment:
Revision 7 as of 2009-01-27 22:31:29
Size: 4110
Editor: bismuth
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:
 * '''Contributors''':  * '''Contributors''': LarsWirzenius
Line 25: Line 25:
##This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.  * It is essential for open source distributions to be able to machine generate well formatted license information for all packages in an image (or a subset) so that all interested parties can have a degree of confidence that proper license vetting has occurred and that legal liabilities and etc. are known.
 * Development of this tool will help Ubuntu lead the adoption of the Debian standard for structured copyright files.
 * It will also greatly assist the OEM team as it continues to develop and release projects
Line 28: Line 30:
 * Execute something (the parser) in a running image:
 * Input:
  * None: in which case all installed packages are evaluated
  * List of package names for evaluation
 * Output: two well-formatted outputs for evaluated packages:
  * For packages that conform to new structured copyright file, the package name, package version and license info (clearly expressed using well-known/enumerated license types with exception text as needed)
  * List of packages that don't conform to the structured copyright file

Summary

The OEM team, and others, need to know what licenses each package is under, so that they can summarize this for clients. The debian/copyright file in the package contains this information, but it is currently not in a machine-parseable format. Debian is working on changing the format, and this spec aims at adopting the proposed new format, and helping Debian achieve that. This spec also includes the development of tools to parse the new format.

Release Note

Rationale

  • It is essential for open source distributions to be able to machine generate well formatted license information for all packages in an image (or a subset) so that all interested parties can have a degree of confidence that proper license vetting has occurred and that legal liabilities and etc. are known.
  • Development of this tool will help Ubuntu lead the adoption of the Debian standard for structured copyright files.
  • It will also greatly assist the OEM team as it continues to develop and release projects

Use Cases

  • Execute something (the parser) in a running image:
  • Input:
    • None: in which case all installed packages are evaluated
    • List of package names for evaluation
  • Output: two well-formatted outputs for evaluated packages:
    • For packages that conform to new structured copyright file, the package name, package version and license info (clearly expressed using well-known/enumerated license types with exception text as needed)
    • List of packages that don't conform to the structured copyright file

Assumptions

Design

Implementation

UI Changes

Code Changes

Migration

Test/Demo Plan

Unresolved issues

BoF agenda and discussion

MichaelVogt: The content of the debian/copyright file is availalbe on changelogs.ubuntu.com (e.g. http://changelogs.ubuntu.com/changelogs/pool/main/a/apt/apt_0.7.19ubuntu1/copyright). Not machine readable (or only to a certain extend) but at least not each package needs to be downloaded fully. There is also http://wiki.debian.org/Proposals/CopyrightFormat with a proposal to make debian/copyright machine readable.

CategorySpec

FoundationsTeam/Specs/PackageLicenseTracking (last edited 2009-11-20 16:25:19 by 63)