Check-Script: copyright-file Author: Christian Schwarz Abbrev: cpy Type: binary Unpack-Level: 1 Needs-Info: copyright-file Info: This script checks if a binary package conforms to policy with regard to copyright files. . Each binary package must either have a /usr/share/doc/<foo>/copyright file or must have a symlink /usr/share/doc/<foo> -> <bar>, where <bar> comes from the same source package and pkg foo declares a "Depends" relation on bar. Tag: no-copyright-file Severity: serious Certainty: certain Info: Each binary package has to include a plain file /usr/share/doc/pkg/copyright Ref: policy 12.5 Tested: empty Tag: copyright-refers-to-old-directory Severity: important Certainty: certain Info: The common licenses (GPL, BSD, Artistic, etc) have been moved from /usr/doc/copyright to /usr/share/common-licenses. Copyright files should be updated. Ref: policy 12.5 Tag: copyright-file-compressed Severity: serious Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright must not be compressed. Ref: policy 12.5 Tag: copyright-file-is-symlink Severity: serious Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright must not be a symbolic link. Ref: policy 12.5 Tag: copyright-file-contains-full-gpl-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the GPL v2 or v3. It should refer to the file /usr/share/common-licenses/GPL-2 or GPL-3 instead. Ref: policy 12.5 Tag: copyright-file-contains-full-gfdl-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the GFDL v1.2. It should refer to the file /usr/share/common-licenses/GFDL-1.2 instead. Ref: policy 12.5 Tag: copyright-file-contains-full-apache-2-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the Apache 2.0 license. It should refer to the file /usr/share/common-licenses/Apache-2.0 instead. Ref: policy 12.5 Tag: usr-share-doc-symlink-without-dependency Severity: important Certainty: certain Info: If the package installs a symbolic link /usr/share/doc/pkg1 -> pkg2, then pkg1 has to depend on pkg2 with the same version as pkg1. . Note, that adding the "Depends:" entry just to fix this bug is not a good solution. It's suggested that you include a real /usr/share/doc/pkg1 directory within pkg1 and copy the copyright file into that directory. Ref: policy 12.5 Tag: usr-share-doc-symlink-to-foreign-package Severity: important Certainty: certain Info: If the package installs a symbolic link /usr/share/doc/pkg1 -> pkg2, then pkg1 and pkg2 must both come from the same source package. . It's suggested that you include a real /usr/share/doc/pkg1 directory within pkg1 and copy the copyright file to that directory. Ref: policy 12.5 Tag: cannot-check-whether-usr-share-doc-symlink-points-to-foreign-package Severity: minor Certainty: possible Info: There is a symlink /usr/share/doc/pkg1 -> pkg2 in your package. This means that pkg1 and pkg2 must both come from the same source package. I can't check this right now however since I'm only checking a binary package and I only can check this when I'm checking both the binary and the corresponding source package. Tag: old-style-copyright-file Severity: important Certainty: certain Info: The package installs a /usr/doc/copyright/pkg file. Instead, you should place the copyright file in /usr/share/doc/pkg/copyright. Ref: policy 12.5 Tag: old-fsf-address-in-copyright-file Severity: normal Certainty: certain Info: The /usr/share/doc/pkg/copyright file refers to the old postal address of the Free Software Foundation (FSF). The new address is: . Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Tag: helper-templates-in-copyright Severity: important Certainty: certain Info: The /usr/share/doc/pkg/copyright file still contains the template contents from a packaging helper. Please include the actual license and download information about the package. Tag: copyright-refers-to-compressed-license Severity: important Certainty: certain Info: The /usr/share/doc/pkg/copyright file refers to a standard license /usr/share/common-licenses/{GPL,LGPL,Artistic,BSD}.gz as a compressed file. Please update the reference (the licenses are installed uncompressed). Tag: usr-share-doc-symlink-points-outside-of-usr-share-doc Severity: important Certainty: certain Info: The /usr/share/doc/pkg symbolic link is pointing to a directory outside of /usr/share/doc. Ref: policy 12.5 Tag: copyright-does-not-refer-to-common-license-file Severity: normal Certainty: certain Info: If your package uses any one of the licenses in /usr/share/common-licenses, the copyright file should refer to files therein. Ref: policy 12.5 Tag: copyright-refers-to-incorrect-directory Severity: important Certainty: certain Ref: policy 12.5 Info: In the directory name /usr/share/common-licenses, licenses is spelled with an "s", not as licences with a "c". Tag: copyright-file-lacks-pointer-to-perl-license Severity: important Certainty: possible Ref: policy 12.5 Info: If your package is released under the same terms as Perl itself, it should refer to the Artistic and GPL license files in the /usr/share/common-licenses directory. Tag: copyright-should-refer-to-common-license-file-for-gpl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU General Public License" or "GPL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the GPL on Debian systems. . If the package uses some other license that just mentions the GPL and that Maemian should detect as an exception, please file a Maemian bug. If the copyright file must mention the GPL for reasons other than stating the license of the package, please add a Maemian override. Tag: copyright-should-refer-to-common-license-file-for-gfdl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU Free Documentation License" or "GFDL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the GFDL on Debian systems. . If the package uses some other license that just mentions the GFDL and that Maemian should detect as an exception, please file a Maemian bug. If the copyright file must mention the GFDL for reasons other than stating the license of the package, please add a Maemian override. Tag: copyright-should-refer-to-common-license-file-for-lgpl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU Lesser General Public License", "GNU Library General Public License", or "LGPL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the LGPL on Debian systems. . If the package uses some other license that just mentions the LGPL and that Maemian should detect as an exception, please file a Maemian bug. If the copyright file must mention the LGPL for reasons other than stating the license of the package, please add a Maemian override. Tag: copyright-lists-upstream-authors-with-dh_make-boilerplate Severity: normal Certainty: certain Info: There is "Upstream Author(s)" in your copyright file. This was most likely a remnant from the dh_make template. . There's either one upstream author, in which case you should remove the "(s)", or there are several upstream authors, in which case you should remove the "(" and ")". . o/~ join us now and carefully edit debian/copyright files! o/~ Tag: copyright-has-url-from-dh_make-boilerplate Severity: normal Certainty: certain Ref: policy 12.5 Info: There is "url://example.com" in your copyright file. This was most likely a remnant from the dh_make template. . Make sure you include the real location where you obtained the upstream sources (if any). Tag: debian-copyright-file-uses-obsolete-national-encoding Severity: normal Certainty: certain Info: The Debian copyright file should be valid UTF-8, an encoding of the Unicode character set. . There are many ways to convert a copyright file from an obsoleted encoding like ISO-8859-1; you may for example use "iconv" like: . $ iconv -f ISO-8859-1 -t UTF-8 copyright > copyright.new $ mv copyright.new copyright Tag: copyright-contains-dh_make-todo-boilerplate Severity: normal Certainty: certain Ref: policy 12.5 Info: The string "Please also look if..." appears in the copyright file, which indicates that you either didn't check the whole source to find additional copyright/license, or that you didn't remove that paragraph after having done so. Tag: copyright-contains-dh-make-perl-boilerplate Severity: normal Certainty: certain Ref: policy 12.5 Info: The string "This copyright info was automatically extracted..." appears in the copyright file, which indicates that you either didn't check the whole source to find additional copyright/license, or that you didn't remove that paragraph after having done so. Tag: copyright-with-old-dh-make-debian-copyright Severity: wishlist Certainty: certain Info: The copyright file contains the incomplete Debian packaging copyright boilerplate from older versions of dh_make. (C) is not considered as a valid way to express the copyright ownership. The word Copyright or the © symbol should be used instead or in addition to (C). Tag: copyright-refers-to-bad-php-license Severity: serious Certainty: possible Info: This package appears to be covered by version 2.x of the PHP license, which is not appropriate for anything other than PHP itself. Ref: http://ftp-master.debian.org/REJECT-FAQ.html Tag: copyright-refers-to-problematic-php-license Severity: serious Certainty: wild-guess Info: This package appears to be covered by version 3.0 (exactly) of the PHP license. This license is not applicable to anything that is not PHP and has no contributions from the PHP Group. Ref: http://ftp-master.debian.org/REJECT-FAQ.html Tag: copyright-without-copyright-notice Severity: normal Certainty: certain Ref: http://ftp-master.debian.org/REJECT-FAQ.html Info: The copyright file for this package does not appear to contain a copyright notice. You should copy the copyright notice from the upstream source (or add one of your own for a native package). A copyright notice must consist of Copyright, Copr., or the Unicode symbol of C in a circle followed by the years and the copyright holder. A copyright notice is not required for a work to be copyrighted, but Debian requires the copyright file include the authors and years of copyright, and including a valid copyright notice is the best way to do that. . If the package is in the public domain rather than copyrighted, be sure to mention "public domain" in the copyright file. Please be aware that this is very rare and not the same as a DFSG-free license. True public domain software is generally limited to such special cases as a work product of a United States government agency. Tag: spelling-error-in-copyright Severity: normal Certainty: possible Info: Maemian found a spelling error in the copyright file. Maemian has a list of common misspellings that it looks for. It does not have a dictionary like a spelling checker does. Tag: possible-gpl-code-linked-with-openssl Severity: serious Certainty: wild-guess Info: This package appears to be covered by the GNU GPL but depends on the OpenSSL libssl package and does not mention a license exemption or exception for OpenSSL in its copyright file. The GPL (including version 3) is incompatible with some terms of the OpenSSL license, and therefore Debian does not allow GPL-licensed code linked with OpenSSL libraries unless there is a license exception explicitly permitting this. . If only the Debian packaging, or some other part of the package not linked with OpenSSL, is covered by the GNU GPL, please add a lintian override for this tag. Maemian currently has no good way of distinguishing between that case and problematic packages. Tag: copyright-refers-to-symlink-license Severity: pedantic Certainty: possible Info: The copyright file refers to the versionless symlink in /usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL license. This symlink is updated to point to the latest version of the license when a new one is released. The package appears to allow relicensing under later versions of its license, so this is legally consistent, but it implies that Debian will relicense the package under later versions of those licenses as they're released. It is normally better to point to the version of the license the package references in its license statement. . For example, if the package says something like "you may redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version", the debian/copyright file should refer to /usr/share/common-licenses/GPL-2, not /GPL. Tag: copyright-refers-to-versionless-license-file Severity: normal Certainty: possible Info: The copyright file refers to the versionless symlink in /usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL license, but the package does not appear to allow distribution under later versions of the license. This symlink will change with each release of a new version of the license and may therefore point to a different version than the package is released under. debian/copyright should instead refers to the specific version of the license that the package references. . For example, if the package says something like "you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991," the debian/copyright file should refer to /usr/share/common-licenses/GPL-2, not /GPL. Tag: copyright-refers-to-nonexistent-license-file Severity: normal Certainty: certain Info: The copyright file refers to a license in /usr/share/common-licenses that doesn't exist. Usually this is a typo, such as accidentally omitting the - between the license name and the version number.