[[!meta title="DEP-5: Machine-readable license summary"]] Title: Machine-readable license summary. DEP: 5 State: DRAFT Date: 2009-07-21 Drivers: Charles Plessy URL: http://git.debian.org/?p=users/plessy/license-summary.git;a=blob_plain;f=dep5.mdwn;hb=HEAD License: Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. Abstract: Establish a standard, machine-readable format for license summaries, to facilitate automated checking and reporting of licenses for packages and sets of packages. [[!toc ]] # Introduction This is a proposal to make machine-interpretable license summaries. This is particularly an issue in the case of free software distributions, in which different works with different licenses are combined. This document proposes a simple format for summarising license terms and copyrights, in original upstream programs and in their packaged version. This tool will make the task easier for users to select a program according to their licensing preferences, and for the developpers of software distributions to ensure that only compatible works are combined. # Rationale The diversity of free software licenses means that developpers, users and distributors needs to care not only about the freeness of a given work, but also its license's compatibility with the other works it uses. The arrival of the GPL version 3, its incompatibility with version 2, and the difficulty to spot the software where the incompatibility might be problematic is one prominent occurrence of this limitation. There are earlier precedents, also. One is the GPL/OpenSSL incompatibility. Apart from semi-mechanised inspection, like grepping the sources or free-form license summaries, which is prone to numerous false positives (packaging under the GPL but software under another license) or negatives (GPL software but with an "OpenSSL special exception" dual licensing form), there is no reliable way to know which software in binary Linux distributions might be problematic. And there is more to come. There are issues with shipping GPLv2-only software with a CDDL operating system such as Nexenta. The GPL version 3 solves this issue, but not all GPL software can switch to it and we have no way to know how many programs should be stripped from such a system. Lastly, a user might want to have a way to avoid software with certain licenses that do not fit their work procedures or their philosophy, even if the licenses are recoginsed by many as free. For example, the Affero GPL. This proposal tries to address these issues by the use of license summaries that are readable by humans and machines. For the sake of human-readability this proposal avoids any complex field names or syntax rules. # Implementation ## Format It is proposed to implement this proposal in a pseudo-RFC-822 format that has similarities with Debian control files. The main differences are: - Plain comments are allowed and are not required to start with sharp (#) signs. - Within multi-line field bodies, empty lines do not need to be symbolised with a dot. - A line with multiple spaces does not end the machine-readable section. ### Specification of the pseudo-RFC-822 format Fields are logical elements composed of a field name, followed by a colon that can be flanked by spaces, followed by a field body, and terminated by a line terminator. - A field name is composed of printable characters, except colons. - The field body is composed of any character. Leading spaces of the body are ignored. To avoid problems with multi-line values, any line terminator must be escaped by following it with a space. The line that contains that space is called a continuation line. - Lines that are not continuation lines and do not start a new field are plain comments. - Fields are grouped in paragraphs that are separated by empty lines. The paragraphs are organised in a sequential order. Within a paragraph, the fields are not ordered. If the same field appears more than once in the same paragraph, their contents are added. ## Fields All fields are optional. * **`Format`**: URI of the format specification, such as: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=REVISION * **`Name`**: Single line (in most cases a single word), containing the name of the software. * **`Contact`**: Line(s) of RFC2822 address or URIs or free text, containing the preferred address(es) to reach current maintainer(s). * **`Source`**: URI(s) indicating the primary point of distribution of the software. * **`Disclaimer`**: Free content. On Debian systems, this field can be used in the case of packages distributed in the non-free and contrib section of the Debian archive (see [Policy 12.5](http://www.debian.org/doc/debian-policy/ch-docs.html#s-copyrightfile) * **`Overview`**: Synthethic summary of the licencing of the package as a whole. The above five fields are especially useful at the beginning of the document. Example 1: Format : http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=REVISION Name: SOFTware Contact: John Doe Source: http://www.example.com/software/project Example 2, with comment and prettification with spaces, and no Format field: Machine-readable license summary, see ’http://dep.debian.net/deps/dep5/’. Name : SOFTware Contact : Jane Smith Source : http://www.example.com/software/project-3.14.tar.bz2 Overview : This package combines works under the GNU GPL license version 2 or superior, the GNU GPL license version 3, and the GNU Lesser GPL license version 2.1 only, and therefore can be treated as a whole as a work licensed under the terms of the GNU GPL version 3. The summary of licenses and copyrights is done in one or more paragraphs. * **`Files`**: List of space-separated pathnames indicating files that have the same licence. Question marks indicate any character and asterisks indicate any string of characters. When this field is omitted in the first paragraph containing a `License` field, its value will be assumed to be '*'. When omitted in other paragraphs, its value is assumed to be 'unknown'. If multiple `Files` declaratioun match the same file, then only the last match counts. * **`Copyright`**: One or more free-form copyright statement(s) that apply to the files matched by the above pattern. * **`License`**: Licensing terms for the files listed in the **`Files`** field of the same paragraph. If the files have no copyright holders nor licence because they are in the Public Domain, the **`License`** field is used to indicate this fact. The content of this field is structured in two parts. * First line: licence identifier(s) in abbreviated format (see *Short names* section). If empty, it is given the default value 'other'. * Remaining lines (optional): Full text of the license(s), or a summary notice. If left empty, the content of the first `License` field of the machine-readable summary that declares the same short name can be used. Example 1, where all the distributed files share the same license: Copyright: © 2004-2009 by Internet Systems Consortium, Inc. ("ISC") Copyright: © 1995-2003 by Internet Software Consortium License: ISC Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Example 2: dual-licensed files mixed with sigle-licensed files. Files: src/js/editline/* Copyright: 1993, John Doe 1993, Joe Average License: GPL-2+ or MIT Files: src/js/editparagraph/* Copyright: 1993, John Doe License: GPL-2+ Files: src/js/editline/*.pl Copyright: 1993, Joe Average License: MIT License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ### Extra fields. Extra fields can be added to any section. It is not recommended to prefix their name by **`X-`**. ### Comments. Lines that are not starting a field or that are not part of a field are free-form comments that are not parsed. ## Fields Detail ### License #### Short name The "`License`" field, to be machine-parseable, refers in its first lines to detailed licenses via unambiguous identifiers. Each identifier is either the short name of a frequently used and well-known license, or an arbitrary identifier unique within the file, pointing to an explicit License block. For the licenses existing in multiple versions, the version number is added, using a dash as a separator. If omitted, the lowest version number is implied. When the licence permits to use the terms of any later version, the short name is finished with a plus sign. A list of short names for well-known licenses is given below. These names are expected to be used consistently in all files using this machine-readable format, so that external parsers can recognise them. [[!table data=""" **Keyword** | **Meaning**. Links usually point to latest version. `Apache` | [Apache](http://www.apache.org/licenses/LICENSE-2.0.txt) license. `Artistic` | [Artistic](http://dev.perl.org/licenses/artistic.html) license. `BSD` | [Berkeley software distribution](http://www.freebsd.org/copyright/license.html) license. `NetBSD` | [NetBSD](http://www.netbsd.org/about/redistribution.html#default) Foundation's (TNF) license. `FreeBSD` | [FreeBSD](http://www.freebsd.org/copyright/freebsd-license.html) Project license. `ISC` | [Internet Software Consortium](https://www.isc.org/software/license)'s license, sometimes also known as the OpenBSD License. `BSL 1.0` | [Boost Software License, Version 1.0](http://www.boost.org/LICENSE_1_0.txt) `CC-BY` | Creative Commons [Attribution](http://creativecommons.org/licenses/by/3.0/) license. `CC-BY-SA` | Creative Commons [Attribution Share Alike](http://creativecommons.org/licenses/by-sa/3.0/) license. `CC-BY-ND` | Creative Commons [Attribution No Derivatives](http://creativecommons.org/licenses/by-nd/3.0/) license. `CC-BY-NC` | Creative Commons [Attribution Non-Commercial](http://creativecommons.org/licenses/by-nc/3.0/) license. `CC-BY-NC-SA` | Creative Commons [Attribution Non-Commercial Share Alike](http://creativecommons.org/licenses/by-nc-sa/3.0/) license. `CC-BY-NC-ND` | Creative Commons [Attribution Non-Commercial No Derivatives](http://creativecommons.org/licenses/by-nc-nd/3.0/) license. `CC0` | Creative Commons [Universal waiver](http://creativecommons.org/license/zero/). `CDDL` | [Common Development and Distribution License](http://www.sun.com/cddl/cddl.html). `CPL` | IBM [Common Public License](http://www.ibm.com/developerworks/library/os-cpl.html). `Eiffel` | The [Eiffel](http://www.eiffel-nice.org/license/eiffel-forum-license-2.html) Forum License. `Expat` | The [Expat](http://www.jclark.com/xml/copying.txt) license. `GPL` | GNU [General Public License](http://www.gnu.org/copyleft/gpl.html). `LGPL` | GNU [Lesser General Public License](http://www.gnu.org/licenses/lgpl.html) (GNU Library General Public License for versions lower than 2.1). `AGPL` | GNU [Affero General Public License](http://www.gnu.org/licenses/agpl.html). `GFDL` | [GNU Free Documentation License](http://www.gnu.org/licenses/fdl.html). `GAP` | [GNU All Permissive](http://www.gnu.org/licenses/license-list.html#GNUAllPermissive) license. `LPPL` | [LaTeX Project Public License](http://www.latex-project.org/lppl/). `MPL` | [Mozilla Public License](http://www.mozilla.org/MPL/MPL-1.1.html). `Perl` | [Perl](http://dev.perl.org/licenses/) license (equates to "GPL-1+ or Artistic-1 `PHP` | [PHP](http://www.php.net/license/) license. `PSF` | [Python Software Foundation](http://www.python.org/psf/license/) license. `QPL` | [Q Public License](http://doc.trolltech.com/3.0/license.html). `W3C-Software` | [W3C Software](http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231) License. `Zope` | [Zope Public License](http://www.zope.org/Resources/License/). `other` | Any other custom license. *License notice text must be copied verbatim.*i """]] Exemptions and clarifications are signalled in plain text, by "with ''keywords'' exemption". This document provides a list of keywords that refer to the most frequent exemptions. The GPL "`Font`" clarification refers to the text added to the license notice of each file as specified at [How does the GPL apply to fonts?](http://www.gnu.org/licenses/gpl-faq.html#FontException). The text needed is: The GPL "`OpenSSL`" clarification gives permission to linked code with OpenSSL library, which contains GPL-incompatible clauses. #### Syntax License names are case-insensitive. In case of multi-licensing, the license short names are separated by `or` for code where the user can chose between different licenses, and by `and` for code whose use must comply with the terms of multiple licenses. For instance, this is a simple, "GPL version 2 or later" field: License: GPL-2+ This is a dual-licensed GPL/Artistic work such as Perl: License: GPL-2+ or Artistic-2.0 This is for a file that has both GPL and classic BSD code in it: License: GPL-2+ and BSD-C2 For the most complex cases, the comma is used to disambiguate the priority of `or`s and `and`s: `and` has the priority over `or`, unless preceded by a comma. For instance: `A or B and C` means `A or (B and C)`. `A or B, and C` means `(A or B), and C`. This is for a file that has Perl code and classic BSD code in it: License: GPL-2+ or Artistic-2.0, and BSD-C3 A GPL-2+ work with the OpenSSL exception is in effect a dual-licensed work that can be redistributed either under the GPL-2+, or under the GPL-2+ with the OpenSSL exception. It is thus expressed as `GPL-2+ with OpenSSL exemption`: License: GPL-2+ with OpenSSL exemption In addition, as a special exception, the author of this program gives permission to link the code of its release with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. ### Full examples #### Simple package distributed in Debian, with the packging work being implicitely licensed under the same terms as the program itself. Name : X Solitaire Contact : John Doe Source : ftp://example.com/games License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. On Debian systems the full text of the GNU General Public License can be found in the `/usr/share/common-licenses/GPL-2' file. #### Complex Please refer to the following online examples: - http://packages.debian.org/changelogs/pool/main/libb/libbio-graphics-perl/current/copyright - http://packages.debian.org/changelogs/pool/main/v/velvet/current/copyright - http://packages.debian.org/changelogs/pool/non-free/s/seaview/current/copyright - http://svn.debian.org/wsvn/debian-med/trunk/packages/staden-io-lib/trunk/debian/copyright ## Frequently asked questions ### When to use the copyright field. The ‘Copyright’ field is optional. Nevertheless, some license strictly require the copyright statement to be reproduced with in binary distributions. In some situations, the ‘License’ field is enough as the copyright statement is often part of it. In case where there are multiple works with the same license terms but different copyright statements, the ‘Copyright’ field can be used in conjunction with the stand-alone ‘License’ field to simplifiy the summary. For instance: Files: scripts/* Copyright: 1999-2003 Joe Foo , 2005-2008 Jack Bar License: FreeBSD ### How to add comments Comments can be added in free form or with an ad-hoc extra field, for instance ‘Comment’. Some situations are more suitable with one solution or the other. For instance: Files: foo/* License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. On Debian systems, the full text of the GNU general public license version 2 can be found in ‘/usr/share/common-licenses/GPL-2’. In that case, the above information can be encoded in the parser itself in a much more efficient way. Files: bar/* License: GPL-2+ Comment: If you use this algorithm in your research, please cite ‘Joe Baz et al. On the effect of altitude on the Swiss pinaillette. Journal of tetratrichotomy, 2009, 23(4) 42-48.’ While not part of the license, authors of that kind of comments often would like to see it displayed together. ## Appendix: Note about the use of this format in Debian: The Debian Policy (§12.5) demands that each packages is accompanied by a file, `debian/copyright` in source packages and `/usr/share/doc/package/copyright` in binary packages, that contains a verbatim copy of its copyright and distribution license. In addition, it requires that copyrights must be extractable by mechanical means. This proposal for machine-readable copyright and license summary files has been crafted for Debian's use, but it is our hope that other software distributions, as well as upstream developers will adopt it, so that review efforts can be easily reproduced and shared. The copyright of the Debian packaging and the history of package maintainers is simply indicated in a **`Files: debian/*`** section. In the case packages in the contrib or non-free sections of the Debian archive, the **`Disclaimer`** field can be used for explaining that the contrib or non-free package is not part of the Debian GNU/Linux distribution and briefly explain why (as per Policy §12.5). The Policy section §12.5 demands that packages distributed in the ''non-free'' and ''contrib'' sections of the Debian archive carry a disclaimer in `debian/copyright` that reminds that these packages are not part of the Debian operating system, and explain why they can not be distributed in the ''main'' section. The **`Disclaimer`** field was created for this purpose. For a ''non-free'' package to be autobuilt, `debian/copyright` must contain an explanation that autobuilding is not forbidden (see [20061129152824.GT2560@mails.so.argh.org](http://lists.debian.org/msgid-search/20061129152824.GT2560@mails.so.argh.org)). The Disclaimer field or a free form comment would be the right place for this.