Check-Script: copyright-file Author: Christian Schwarz Abbrev: cpy Type: binary Needs-Info: copyright-file, index Info: This script checks if a binary package conforms to policy with regard to copyright files. . Each binary package must either have a /usr/share/doc/<foo>/copyright file or must have a symlink /usr/share/doc/<foo> -> <bar>, where <bar> comes from the same source package and pkg foo declares a "Depends" relation on bar. Tag: no-copyright-file Severity: serious Certainty: certain Info: Each binary package has to include a plain file /usr/share/doc/pkg/copyright Ref: policy 12.5 Tested: empty Tag: copyright-refers-to-old-directory Severity: serious Certainty: certain Info: The common licenses (GPL, BSD, Artistic, etc) have been moved from /usr/doc/copyright to /usr/share/common-licenses. Copyright files should be updated. Ref: policy 12.5 Tag: copyright-file-compressed Severity: serious Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright must not be compressed. Ref: policy 12.5 Tag: copyright-file-is-symlink Severity: serious Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright must not be a symbolic link. Ref: policy 12.5 Tag: copyright-file-contains-full-gpl-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the GPL v1, v2, or v3. It should refer to the file /usr/share/common-licenses/GPL-1, GPL-2, or GPL-3 instead. Ref: policy 12.5 Tag: copyright-file-contains-full-gfdl-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the GFDL v1.2. It should refer to the file /usr/share/common-licenses/GFDL-1.2 instead. Ref: policy 12.5 Tag: copyright-file-contains-full-apache-2-license Severity: important Certainty: certain Info: The copyright file /usr/share/doc/pkg/copyright contains the complete text of the Apache 2.0 license. It should refer to the file /usr/share/common-licenses/Apache-2.0 instead. Ref: policy 12.5 Tag: usr-share-doc-symlink-without-dependency Severity: serious Certainty: possible Info: If the package installs a symbolic link /usr/share/doc/pkg1 -> pkg2, then pkg1 must depend on pkg2 directory, with the same version as pkg1. . Adding the dependency just to fix this bug is often not a good solution. Usually, it's better to include a real /usr/share/doc/pkg1 directory within pkg1 and copy the copyright file into that directory. . Transitive dependencies are not allowed here. In other words, if the documentation directory is shipped in pkg3 and pkg1 depends on pkg2, which in turn depends on pkg3, that's still an error. Copyright file extractors are not required to go more than one level deep when resolving dependencies. Each package should have a direct dependency on the package which includes its documentation directory. Ref: policy 12.5 Tag: usr-share-doc-symlink-to-foreign-package Severity: serious Certainty: certain Info: If the package installs a symbolic link /usr/share/doc/pkg1 -> pkg2, then pkg1 and pkg2 must both come from the same source package. . The best solution is probably to stop symlinking the /usr/share/doc directory for this package and instead include a real /usr/share/doc/pkg1 directory within pkg1 with the appropriate contents (such as the copyright and changelog.Debian.gz files). Ref: policy 12.5 Tag: cannot-check-whether-usr-share-doc-symlink-points-to-foreign-package Severity: minor Certainty: possible Info: There is a symlink /usr/share/doc/pkg1 -> pkg2 in your package. This means that pkg1 and pkg2 must both come from the same source package. I can't check this right now however since I'm only checking a binary package and I only can check this when I'm checking both the binary and the corresponding source package. Tag: old-style-copyright-file Severity: serious Certainty: certain Info: The package installs a /usr/doc/copyright/pkg file. Instead, you should place the copyright file in /usr/share/doc/pkg/copyright. Ref: policy 12.5 Tag: old-fsf-address-in-copyright-file Severity: normal Certainty: certain Info: The /usr/share/doc/pkg/copyright file refers to the old postal address of the Free Software Foundation (FSF). The new address is: . Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Tag: helper-templates-in-copyright Severity: important Certainty: certain Info: The /usr/share/doc/pkg/copyright file still contains template markers from a packaging helper. Please fill in the actual license, upstream copyright holders, and download information about the package and remove any remaining templates generated by the packaging helper. Tag: copyright-refers-to-compressed-license Severity: important Certainty: certain Info: The /usr/share/doc/pkg/copyright file refers to a standard license /usr/share/common-licenses/{GPL,LGPL,Artistic,BSD}.gz as a compressed file. Please update the reference (the licenses are installed uncompressed). Tag: usr-share-doc-symlink-points-outside-of-usr-share-doc Severity: important Certainty: certain Info: The /usr/share/doc/pkg symbolic link is pointing to a directory outside of /usr/share/doc. Ref: policy 12.5 Tag: copyright-does-not-refer-to-common-license-file Severity: normal Certainty: certain Info: If your package uses any one of the licenses in /usr/share/common-licenses, the copyright file should refer to files therein. Ref: policy 12.5 Tag: copyright-refers-to-incorrect-directory Severity: serious Certainty: certain Ref: policy 12.5 Info: In the directory name /usr/share/common-licenses, licenses is spelled with an "s", not as licences with a "c". Tag: copyright-file-lacks-pointer-to-perl-license Severity: important Certainty: possible Ref: policy 12.5 Info: If your package is released under the same terms as Perl itself, it should refer to the Artistic and GPL license files in the /usr/share/common-licenses directory. Tag: copyright-should-refer-to-common-license-file-for-gpl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU General Public License" or "GPL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the GPL on Debian systems. . If the package uses some other license that just mentions the GPL and that Lintian should detect as an exception, please file a Lintian bug. If the copyright file must mention the GPL for reasons other than stating the license of the package, please add a Lintian override. Tag: copyright-should-refer-to-common-license-file-for-gfdl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU Free Documentation License" or "GFDL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the GFDL on Debian systems. . If the package uses some other license that just mentions the GFDL and that Lintian should detect as an exception, please file a Lintian bug. If the copyright file must mention the GFDL for reasons other than stating the license of the package, please add a Lintian override. Tag: copyright-should-refer-to-common-license-file-for-lgpl Severity: important Certainty: possible Ref: policy 12.5 Info: The strings "GNU Lesser General Public License", "GNU Library General Public License", or "LGPL" appear in the copyright file for this package, but the copyright file does not reference /usr/share/common-licenses as the location of the LGPL on Debian systems. . If the package uses some other license that just mentions the LGPL and that Lintian should detect as an exception, please file a Lintian bug. If the copyright file must mention the LGPL for reasons other than stating the license of the package, please add a Lintian override. Tag: copyright-has-url-from-dh_make-boilerplate Severity: normal Certainty: certain Ref: policy 12.5 Info: There is "url://example.com" in your copyright file. This was most likely a remnant from the dh_make template. . Make sure you include the real location where you obtained the upstream sources (if any). Tag: debian-copyright-file-uses-obsolete-national-encoding Severity: normal Certainty: certain Info: The Debian copyright file should be valid UTF-8, an encoding of the Unicode character set. . There are many ways to convert a copyright file from an obsoleted encoding like ISO-8859-1; you may for example use "iconv" like: . $ iconv -f ISO-8859-1 -t UTF-8 copyright > copyright.new $ mv copyright.new copyright Tag: copyright-contains-dh_make-todo-boilerplate Severity: serious Certainty: possible Ref: policy 12.5 Info: The string "Please also look if..." appears in the copyright file, which indicates that you either didn't check the whole source to find additional copyright/license, or that you didn't remove that paragraph after having done so. Tag: copyright-contains-dh-make-perl-boilerplate Severity: normal Certainty: certain Ref: policy 12.5 Info: The string "This copyright info was automatically extracted" appears in the copyright file, which indicates that you either didn't check the whole source to find additional copyright/license, or that you didn't remove that paragraph after having done so. Tag: copyright-with-old-dh-make-debian-copyright Severity: pedantic Certainty: certain Info: The copyright file contains the incomplete Debian packaging copyright boilerplate from older versions of dh_make. (C) alone is not considered a valid copyright notice in some countries. The word Copyright or the © symbol should be used instead or in addition to (C). . Copyright notices like this are, in any country that's a signatory to the Berne Convention, not required to claim copyright on a work, but their presence may allow claiming additional damages should a copyright case go to court. If you provide a notice, you may as well provide one that's legally recognized in a broader range of countries. Tag: copyright-refers-to-bad-php-license Severity: serious Certainty: possible Info: This package appears to be covered by version 2.x of the PHP license, which is not appropriate for anything other than the PHP interpreter itself. . Note that PEAR modules are not a part of the PHP interpreter and cannot use this license. Ref: http://ftp-master.debian.org/REJECT-FAQ.html, #616436 Tag: copyright-refers-to-problematic-php-license Severity: serious Certainty: wild-guess Info: This package appears to be covered by version 3.0 (exactly) of the PHP license. This license is not applicable to anything that is not PHP and has no contributions from the PHP Group. Ref: http://ftp-master.debian.org/REJECT-FAQ.html Tag: copyright-without-copyright-notice Severity: normal Certainty: certain Ref: http://ftp-master.debian.org/REJECT-FAQ.html Info: The copyright file for this package does not appear to contain a copyright notice. You should copy the copyright notice from the upstream source (or add one of your own for a native package). A copyright notice must consist of Copyright, Copr., or the Unicode symbol of C in a circle followed by the years and the copyright holder. A copyright notice is not required for a work to be copyrighted, but Debian requires the copyright file include the authors and years of copyright, and including a valid copyright notice is the best way to do that. Examples: . Copyright YYYY Firstname Lastname <address@example.com> Copr. YYYY-YYYY Firstname Lastname <address@example.com> © YYYY,YYYY Firstname Lastname <address@example.com> . If the package is in the public domain rather than copyrighted, be sure to mention "public domain" in the copyright file. Please be aware that this is very rare and not the same as a DFSG-free license. True public domain software is generally limited to such special cases as a work product of a United States government agency. Tag: spelling-error-in-copyright Severity: minor Certainty: possible Info: Lintian found a spelling error in the copyright file. Lintian has a list of common misspellings that it looks for. It does not have a dictionary like a spelling checker does. If this is a spelling error in the upstream license, in supporting email messages, or a case of Lintian being confused by non-English text, add an override. Tag: possible-gpl-code-linked-with-openssl Severity: serious Certainty: wild-guess Info: This package appears to be covered by the GNU GPL but depends on the OpenSSL libssl package and does not mention a license exemption or exception for OpenSSL in its copyright file. The GPL (including version 3) is incompatible with some terms of the OpenSSL license, and therefore Debian does not allow GPL-licensed code linked with OpenSSL libraries unless there is a license exception explicitly permitting this. . If only the Debian packaging, or some other part of the package not linked with OpenSSL, is covered by the GNU GPL, please add a lintian override for this tag. Lintian currently has no good way of distinguishing between that case and problematic packages. Tag: copyright-refers-to-symlink-license Severity: pedantic Certainty: possible Info: The copyright file refers to the versionless symlink in /usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL license. This symlink is updated to point to the latest version of the license when a new one is released. The package appears to allow relicensing under later versions of its license, so this is legally consistent, but it implies that Debian will relicense the package under later versions of those licenses as they're released. It is normally better to point to the version of the license the package references in its license statement. . For example, if the package says something like "you may redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version", the debian/copyright file should refer to /usr/share/common-licenses/GPL-2, not /GPL. . For packages released under the same terms as Perl, Perl references the GPL version 1, so point to /usr/share/common-licenses/GPL-1. Tag: copyright-refers-to-versionless-license-file Severity: normal Certainty: possible Info: The copyright file refers to the versionless symlink in /usr/share/common-licenses for the full text of the GPL, LGPL, or GFDL license, but the package does not appear to allow distribution under later versions of the license. This symlink will change with each release of a new version of the license and may therefore point to a different version than the package is released under. debian/copyright should instead refers to the specific version of the license that the package references. . For example, if the package says something like "you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991," the debian/copyright file should refer to /usr/share/common-licenses/GPL-2, not /GPL. Tag: copyright-refers-to-nonexistent-license-file Severity: normal Certainty: certain Info: The copyright file refers to a license in /usr/share/common-licenses that doesn't exist. Usually this is a typo, such as accidentally omitting the - between the license name and the version number. Tag: copyright-refers-to-deprecated-bsd-license-file Severity: minor Certainty: certain Ref: policy 12.5 Info: The copyright file refers to /usr/share/common-licenses/BSD. Due to the brevity of this license, the specificity of this copy to code whose copyright is held by the Regents of the University of California, and the frequency of minor wording changes in the license, its text should be included in the copyright file directly rather than referencing this file. . This file may be removed from a future version of base-files if references to it drop sufficiently. Tag: copyright-has-crs Severity: pedantic Certainty: certain Info: The copyright file has lines ending in CRLF instead of just LF. . Running the following command against the given file removes any CR character in the file: . sed -i 's/\r//g' path/to/file