1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1105876: lintian: false-positive unused-license-paragraph-in-dep5-c

    From Roland Hieber@21:1/5 to All on Fri May 16 15:20:01 2025
    Package: lintian
    Version: 2.122.0
    Severity: normal

    Dear maintainers,

    While packaging composefs for Debian (Bug #1100914), lintian gave me the following informational warning:

    I: composefs source: unused-license-paragraph-in-dep5-copyright lgpl-2.1+ and gpl-2+ or apache-2 and gpl-2 or apache-2 [debian/copyright:8]

    My debian/copyright (see [1]) includes License paragraphs in several Files stanzas as well as one summarizing the packaging terms of the project as a whole
    in the Header stanza. This is according to the DEP-5 spec [2]:

    "The Copyright and License fields in the header stanza may complement but do
    not replace the fields in the Files stanzas. If present, they summarise the
    copyright notices or redistribution terms for the package as a whole."

    [1]: https://salsa.debian.org/rohieb/composefs/-/blob/2f1d3d15411a2459fd/debian/copyright
    [2]: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#header-stanza

    Apparently the additional License paragraph in the Header stanza is confusing lintian (or I'm not understanding the spec correctly, please inform me if this is the case :-))

    Thanks,

    - Roland

    -- System Information:
    Debian Release: trixie/sid
    APT prefers testing-debug
    APT policy: (991, 'testing-debug'), (991, 'testing')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.12.22-amd64 (SMP w/4 CPU threads; PREEMPT)
    Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
    Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages lintian depends on:
    ii appstream 1.0.5-1
    ii binutils 2.44-3
    ii bzip2 1.0.8-6
    ii diffstat 1.67-1
    ii dpkg 1.22.18
    ii dpkg-dev 1.22.18
    ii file 1:5.46-5
    ii gettext 0.23.1-2
    ii gpg 2.4.7-17
    ii intltool-debian 0.35.0+20060710.6
    ii iso-codes 4.18.0-1
    ii libapt-pkg-perl 0.1.42
    ii libarchive-zip-perl 1.68-1
    ii libberkeleydb-perl 0.66-1
    ii libcapture-tiny-perl 0.50-1
    ii libclass-xsaccessor-perl 1.19-4+b5
    ii libclone-perl 0.47-1+b1
    ii libconfig-tiny-perl 2.30-1
    ii libconst-fast-perl 0.014-2
    ii libcpanel-json-xs-perl 4.39-1
    ii libdata-dpath-perl 0.60-1
    ii libdata-validate-domain-perl 0.15-1
    ii libdata-validate-uri-perl 0.07-3
    ii libdevel-size-perl 0.84-1+b1
    pn libdigest-sha-perl <none>
    ii libdpkg-perl 1.22.18
    ii libemail-address-xs-perl 1.05-1+b4
    pn libencode-perl <none>
    ii libfile-basedir-perl 0.09-2
    ii libfile-find-rule-perl 0.34-3
    ii libfont-ttf-perl 1.06-2
    ii libhtml-html5-entities-perl 0.004-3
    ii libhtml-tokeparser-simple-perl 3.16-4
    ii libio-interactive-perl 1.027-1
    ii libipc-run3-perl 0.049-1
    ii libjson-maybexs-perl 1.004008-1
    ii liblist-compare-perl 0.55-2
    ii liblist-someutils-perl 0.59-1
    ii liblist-utilsby-perl 0.12-2
    ii libmldbm-perl 2.05-4
    ii libmoo-perl 2.005005-1
    ii libmoox-aliases-perl 0.001006-2
    ii libnamespace-clean-perl 0.27-2
    ii libpath-tiny-perl 0.148-1
    ii libperlio-gzip-perl 0.20-1+b4
    ii libperlio-utf8-strict-perl 0.010-1+b3
    ii libproc-processtable-perl 0.636-1+b3
    ii libregexp-wildcards-perl 1.05-3
    ii libsereal-decoder-perl 5.004+ds-1+b3
    ii libsereal-encoder-perl 5.004+ds-1+b3
    ii libsort-versions-perl 1.62-3
    ii libsyntax-keyword-try-perl 0.30-1+b1
    ii libterm-readkey-perl 2.38-2+b4
    ii libtext-levenshteinxs-perl 0.03-5+b4
    ii libtext-markdown-discount-perl 0.18-1
    ii libtext-xslate-perl 3.5.9-2+b1
    ii libtime-duration-perl 1.21-2
    ii libtime-moment-perl 0.44-2+b4
    ii libtimedate-perl 2.3300-2
    ii libunicode-utf8-perl 0.62-3
    ii liburi-perl 5.30-1
    ii libwww-mechanize-perl 2.19-1
    ii libwww-perl 6.78-1
    ii libxml-libxml-perl 2.0207+dfsg+really+2.0134-5+b2
    ii libyaml-libyaml-perl 0.903.0+ds-1
    ii lzip [lzip-decompressor] 1.25-3
    ii lzop 1.04-2
    ii man-db 2.13.1-1
    ii patchutils 0.4.2-1
    ii perl [libversion-perl] 5.40.1-3
    ii t1utils 1.41-4
    ii unzip 6.0-29
    ii xz-utils 5.8.1-1

    lintian recommends no packages.

    Versions of packages lintian suggests:
    ii binutils-multiarch 2.44-3
    ii libtext-template-perl 1.61-1

    -- debconf-show failed

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Soren Stoutner@21:1/5 to All on Fri May 16 14:33:44 2025
    On Friday, May 16, 2025 6:15:51 AM Mountain Standard Time Roland Hieber wrote:
    Package: lintian
    Version: 2.122.0
    Severity: normal

    Dear maintainers,

    While packaging composefs for Debian (Bug #1100914), lintian gave me the following informational warning:

    I: composefs source: unused-license-paragraph-in-dep5-copyright
    lgpl-2.1+
    and gpl-2+ or apache-2 and gpl-2 or apache-2 [debian/copyright:8]

    My debian/copyright (see [1]) includes License paragraphs in several Files stanzas as well as one summarizing the packaging terms of the project as a whole in the Header stanza. This is according to the DEP-5 spec [2]:

    "The Copyright and License fields in the header stanza may complement
    but
    do not replace the fields in the Files stanzas. If present, they summarise the copyright notices or redistribution terms for the package as a whole."

    [1]: https://salsa.debian.org/rohieb/composefs/-/blob/2f1d3d15411a2459fd/debian/
    co
    pyright [2]: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/#header-sta nza

    Apparently the additional License paragraph in the Header stanza is
    confusing
    lintian (or I'm not understanding the spec correctly, please inform me if
    this
    is the case :-))

    As a mater of practice, I haver never seen a Debian package with a license field in the header stanza, even though the documentation talks about being able to do that as an option. Everyone just puts that information in the "Files: *" stanza, which is where people are accustomed to look for it. Perhaps the documentation should be updated.

    In addition, looking over your debian/copyright file, you can combine the stanzas that begin on lines 25, 30, 48, 64, and 68 into one stanza. This is because they all share the same license (GPL-2 or Apache-2). It is not necessary that they all share the same copyright.

    The DEP-5 format stanzas can be interpreted as saying the following: “All of
    the files in this stanza are released under the license specified. If you want to make any changes to these files or redistribute them, you need to follow the requirements of the license. If, for some reason, you need to relicense all of these files under a different license, you would need to get permission of all of the copyright holders listed in the stanza. If you would like to relicense only one of these files, look at the header to the file as well as the other upstream copyright information to figure out who hold the copyright for the individual file you are interested in.”

    For the combined stanza described above, your copyright line would be:

    Copyright: 2023 Alexander Larsson <alexl@redhat.com>
    2021 Giuseppe Scrivano <giuseppe@scrivano.org>
    2021 Alibaba Cloud
    2017-2018 HUAWEI, Inc.

    Obviously, a lot of the copyright information is missing from the upstream repository. Often, when this is the case, I contact upstream to see if they can add a comprehensive copyright assertion in COPYING for all files not otherwise annotated in their individual file headers.

    Note that the above recommendations were made just from reading over the existing debian/copyright file and the upstream COPYING. I assumed the current contents of debian/copyright correctly describes the copyright and licensing of the upstream files.

    The other note I would make is that it is common to start with a "Files: *" stanza, then list a “Files: debian/*” stanza, and then include any overrides
    to the upstream files. Here is a complex debian/copyright example you can refer to:

    https://salsa.debian.org/debian/courier/-/blob/master/debian/copyright? ref_type=heads

    --
    Soren Stoutner
    soren@debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmgnrzgACgkQwufLJ66w tgMJVQ/8D8B4KvXNH0Cwx0igRJ2olJBWNKCGkj+FwlqMNdEIEGtzCCgLI7Kkv15f kMb1P/pE1x/xi7FGvGG6S0kZNEnkXsZCqN/fvynq6JhPC30RGlngMntXdoH2I9hY xbeb7ygNWKEf4syRoSn1EZgnlANThsZWLkpAKh93dNQsrbbyvgOC4PCONUZiTQH1 eNkhCdZRintqUWAenUhL20IXrMtgdJ2T7KXXMB4pLapOwfTV2tuKabPsE3c0ex7U V+ZTWsDz3bMV4BtjITfjXobNP4JhN4S31HIOYG/EGCqEYjcRZcni/3IO2mr04Hvb 8vecNiiSY3xDhGlYyU171cpL8M8Z/czfKajw0cuJ7yDwZyTfvZ6HeB4zTFXlN6Sv Z94Qq1Wj67H5QMd0Uxk2TomwoGqcE8c9EheftU3GmocNy/NitKe99gsgM5W373kv jSFmVZlvJ4lQfSM7S/GHY6z1jphNVmyuJdYZc/5hhpVBRCXIz1GvDyx7hTKzqoxC u7Ywp8Y2qiMqK76qEpRmg02o9BWjbUB7mCd3VrvX4OqGBfM7eH5EDIVx6Lfjdox1 dUIfd01KOZ0252451L/k/ThPkjhKEL+BqDkqoapwAsqaKT1X7XmhgBC+HouiUgtJ mrBl5nyhhLfzJdL/qva6Wd8KV53x5ECznLPJn3BVlPFxp9HYfGA=
    =0R8r
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)