Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Your IP : 18.221.97.20
Check-Script: copyright-file
Author: Christian Schwarz <schwarz@debian.org>
Abbrev: cpy
Type: binary
Needs-Info: copyright-file, unpacked
Info: This script checks if a binary package conforms to policy
with regard to copyright files.
.
Each binary package must either have a
/usr/share/doc/<foo>/copyright file or must have a symlink
/usr/share/doc/<foo> -> <bar>, where <bar> comes
from the same source package and pkg foo declares a "Depends" relation on
bar.
Tag: no-copyright-file
Severity: serious
Certainty: certain
Info: Each binary package has to include a plain file
/usr/share/doc/<i>pkg</i>/copyright
Ref: policy 12.5
Tag: copyright-refers-to-old-directory
Severity: serious
Certainty: certain
Info: The common licenses (GPL, BSD, Artistic, etc) have been moved from
/usr/doc/copyright to /usr/share/common-licenses.
Copyright files should be updated.
Ref: policy 12.5
Tag: copyright-file-compressed
Severity: serious
Certainty: certain
Info: The copyright file /usr/share/doc/<i>pkg</i>/copyright must not be
compressed.
Ref: policy 12.5
Tag: copyright-file-is-symlink
Severity: serious
Certainty: certain
Info: The copyright file /usr/share/doc/<i>pkg</i>/copyright must not be a
symbolic link.
Ref: policy 12.5
Tag: copyright-file-contains-full-gpl-license
Severity: important
Certainty: certain
Info: The copyright file /usr/share/doc/<i>pkg</i>/copyright contains the
complete text of the GPL v1, v2, or v3. It should refer to the file
<tt>/usr/share/common-licenses/GPL-1</tt>, <tt>GPL-2</tt>, or
<tt>GPL-3</tt> instead.
Ref: policy 12.5
Tag: copyright-file-contains-full-gfdl-license
Severity: important
Certainty: certain
Info: The copyright file /usr/share/doc/<i>pkg</i>/copyright contains the
complete text of the GFDL v1.2. It should refer to the file
<tt>/usr/share/common-licenses/GFDL-1.2</tt> instead.
Ref: policy 12.5
Tag: copyright-file-contains-full-apache-2-license
Severity: important
Certainty: certain
Info: The copyright file /usr/share/doc/<i>pkg</i>/copyright contains the
complete text of the Apache 2.0 license. It should refer to the file
<tt>/usr/share/common-licenses/Apache-2.0</tt> instead.
Ref: policy 12.5
Tag: usr-share-doc-symlink-without-dependency
Severity: serious
Certainty: possible
Info: If the package installs a symbolic link
<tt>/usr/share/doc/<i>pkg1</i> -> <i>pkg2</i></tt>, then <i>pkg1</i>
must depend on <i>pkg2</i> directory, with the same version as
<i>pkg1</i>.
.
Adding the dependency just to fix this bug is often not a good solution.
Usually, it's better to include a real <tt>/usr/share/doc/<i>pkg1</i></tt>
directory within <i>pkg1</i> and copy the copyright file into that
directory.
.
Transitive dependencies are not allowed here. In other words, if the
documentation directory is shipped in <i>pkg3</i> and <i>pkg1</i> depends
on <i>pkg2</i>, which in turn depends on <i>pkg3</i>, that's still an
error. Copyright file extractors are not required to go more than one
level deep when resolving dependencies. Each package should have a
direct dependency on the package which includes its documentation
directory.
Ref: policy 12.5
Tag: usr-share-doc-symlink-to-foreign-package
Severity: serious
Certainty: certain
Info: If the package installs a symbolic link
<tt>/usr/share/doc/<i>pkg1</i> -> <i>pkg2</i></tt>, then <i>pkg1</i>
and <i>pkg2</i> must both come from the same source package.
.
The best solution is probably to stop symlinking the
<tt>/usr/share/doc</tt> directory for this package and instead include a
real /usr/share/doc/<i>pkg1</i> directory within <i>pkg1</i> with the
appropriate contents (such as the <tt>copyright</tt> and
<tt>changelog.Debian.gz</tt> files).
Ref: policy 12.5
Tag: cannot-check-whether-usr-share-doc-symlink-points-to-foreign-package
Severity: minor
Certainty: possible
Info: There is a symlink /usr/share/doc/<i>pkg1</i> -> <i>pkg2</i>
in your package. This means that <i>pkg1</i> and <i>pkg2</i> must
both come from the same source package. Lintian cannot check this right now
however.
.
Please reprocess this binary together with its source package to avoid
this tag.
Tag: old-fsf-address-in-copyright-file
Severity: normal
Certainty: certain
Info: The /usr/share/doc/<i>pkg</i>/copyright file refers to the old postal
address of the Free Software Foundation (FSF). The new address is:
.
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1301, USA.
Tag: helper-templates-in-copyright
Severity: important
Certainty: certain
Info: The /usr/share/doc/<i>pkg</i>/copyright file still contains
template markers from a packaging helper. Please fill in the actual
license, upstream copyright holders, and download information about the
package and remove any remaining templates generated by the packaging
helper.
Tag: copyright-refers-to-compressed-license
Severity: important
Certainty: certain
Info: The /usr/share/doc/<i>pkg</i>/copyright file refers to a standard license
/usr/share/common-licenses/{GPL,LGPL,Artistic,BSD}.gz as a compressed
file. Please update the reference (the licenses are installed
uncompressed).
Tag: usr-share-doc-symlink-points-outside-of-usr-share-doc
Severity: important
Certainty: certain
Info: The /usr/share/doc/<i>pkg</i> symbolic link is pointing to a directory
outside of <tt>/usr/share/doc</tt>.
Ref: policy 12.5
Tag: copyright-does-not-refer-to-common-license-file
Severity: normal
Certainty: certain
Info: If your package uses any one of the licenses in
<tt>/usr/share/common-licenses</tt>, the copyright file should refer to
files therein.
Ref: policy 12.5
Tag: copyright-refers-to-incorrect-directory
Severity: serious
Certainty: certain
Ref: policy 12.5
Info: In the directory name /usr/share/common-licenses, licenses is spelled
with an "s", not as licences with a "c".
Tag: copyright-file-lacks-pointer-to-perl-license
Severity: important
Certainty: possible
Ref: policy 12.5
Info: If your package is released under the same terms as Perl itself,
it should refer to the Artistic and GPL license files in the
<tt>/usr/share/common-licenses</tt> directory.
Tag: copyright-should-refer-to-common-license-file-for-apache-2
Severity: important
Certainty: possible
Ref: policy 12.5
Info: The strings "Apache License, Version" or "Apache-2" appear in the
copyright file for this package, but the copyright file does not
reference <tt>/usr/share/common-licenses</tt> as the location of the
Apache-2 on Debian systems.
.
If the package uses some other license that just mentions the Apache-2 and
that Lintian should detect as an exception, please file a Lintian bug.
If the copyright file must mention the Apache-2 for reasons other than
stating the license of the package, please add a Lintian override.
Tag: copyright-should-refer-to-common-license-file-for-gpl
Severity: important
Certainty: possible
Ref: policy 12.5
Info: The strings "GNU General Public License" or "GPL" appear in the
copyright file for this package, but the copyright file does not
reference <tt>/usr/share/common-licenses</tt> as the location of the GPL
on Debian systems.
.
If the package uses some other license that just mentions the GPL and
that Lintian should detect as an exception, please file a Lintian bug.
If the copyright file must mention the GPL for reasons other than stating
the license of the package, please add a Lintian override.
Tag: copyright-should-refer-to-common-license-file-for-gfdl
Severity: important
Certainty: possible
Ref: policy 12.5
Info: The strings "GNU Free Documentation License" or "GFDL" appear in the
copyright file for this package, but the copyright file does not
reference <tt>/usr/share/common-licenses</tt> as the location of the GFDL
on Debian systems.
.
If the package uses some other license that just mentions the GFDL and
that Lintian should detect as an exception, please file a Lintian bug.
If the copyright file must mention the GFDL for reasons other than stating
the license of the package, please add a Lintian override.
Tag: copyright-should-refer-to-common-license-file-for-lgpl
Severity: important
Certainty: possible
Ref: policy 12.5
Info: The strings "GNU Lesser General Public License", "GNU Library
General Public License", or "LGPL" appear in the copyright file for this
package, but the copyright file does not reference
<tt>/usr/share/common-licenses</tt> as the location of the LGPL on Debian
systems.
.
If the package uses some other license that just mentions the LGPL and
that Lintian should detect as an exception, please file a Lintian bug.
If the copyright file must mention the LGPL for reasons other than stating
the license of the package, please add a Lintian override.
Tag: copyright-has-url-from-dh_make-boilerplate
Severity: normal
Certainty: certain
Ref: policy 12.5
Info: There is "url://example.com" in your copyright file. This was most
likely a remnant from the dh_make template.
.
Make sure you include the real location where you obtained the
upstream sources (if any).
Tag: debian-copyright-file-uses-obsolete-national-encoding
Severity: serious
Certainty: certain
Ref: policy 12.5
Info: The Debian copyright file must be valid UTF-8, an encoding of
the Unicode character set.
.
There are many ways to convert a copyright file from an obsoleted encoding
like ISO-8859-1; you may for example use "iconv" like:
.
$ iconv -f ISO-8859-1 -t UTF-8 copyright > copyright.new
$ mv copyright.new copyright
Tag: copyright-contains-dh_make-todo-boilerplate
Severity: serious
Certainty: possible
Ref: policy 12.5
Info: The string "Please also look if..." appears in the copyright
file, which indicates that you either didn't check the whole source
to find additional copyright/license, or that you didn't remove that
paragraph after having done so.
Tag: copyright-contains-automatically-extracted-boilerplate
Severity: normal
Certainty: certain
Ref: policy 12.5
Info: The string "This copyright info was automatically extracted"
appears in the copyright file, which indicates that you either didn't
check the whole source to find additional copyright/license, or that
you didn't remove that paragraph after having done so.
Tag: copyright-with-old-dh-make-debian-copyright
Severity: pedantic
Certainty: certain
Info: The copyright file contains the incomplete Debian packaging
copyright boilerplate from older versions of <tt>dh_make</tt>.
<tt>(C)</tt> alone is not considered a valid copyright notice in some
countries. The word <tt>Copyright</tt> or the © symbol should be used
instead or in addition to <tt>(C)</tt>.
.
Copyright notices like this are, in any country that's a signatory to the
Berne Convention, not required to claim copyright on a work, but their
presence may allow claiming additional damages should a copyright case go
to court. If you provide a notice, you may as well provide one that's
legally recognized in a broader range of countries.
Tag: copyright-without-copyright-notice
Severity: normal
Certainty: certain
Ref: https://ftp-master.debian.org/REJECT-FAQ.html
Info: The copyright file for this package does not appear to contain a
copyright notice. You should copy the copyright notice from the upstream
source (or add one of your own for a native package). A copyright notice
must consist of Copyright, Copr., or the Unicode symbol of C in a circle
followed by the years and the copyright holder. A copyright notice is
not required for a work to be copyrighted, but Debian requires the
copyright file include the authors and years of copyright, and including
a valid copyright notice is the best way to do that. Examples:
.
Copyright YYYY Firstname Lastname <address@example.com>
Copr. YYYY-YYYY Firstname Lastname <address@example.com>
© YYYY,YYYY Firstname Lastname <address@example.com>
.
If the package is in the public domain rather than copyrighted, be sure
to mention "public domain" in the copyright file. Please be aware that
this is very rare and not the same as a DFSG-free license. True public
domain software is generally limited to such special cases as a work
product of a United States government agency.
Tag: spelling-error-in-copyright
Severity: minor
Certainty: possible
Info: Lintian found a spelling error in the copyright file. Lintian has a
list of common misspellings that it looks for. It does not have a
dictionary like a spelling checker does. If this is a spelling error in
the upstream license, in supporting email messages, or a case of Lintian
being confused by non-English text, add an override.
Tag: possible-gpl-code-linked-with-openssl
Severity: serious
Certainty: wild-guess
Info: This package appears to be covered by the GNU GPL but depends on
the OpenSSL libssl package and does not mention a license exemption or
exception for OpenSSL in its copyright file. The GPL (including version
3) is incompatible with some terms of the OpenSSL license, and therefore
Debian does not allow GPL-licensed code linked with OpenSSL libraries
unless there is a license exception explicitly permitting this.
.
If only the Debian packaging, or some other part of the package not
linked with OpenSSL, is covered by the GNU GPL, please add a Lintian
override for this tag. Lintian currently has no good way of
distinguishing between that case and problematic packages.
Tag: copyright-refers-to-symlink-license
Severity: pedantic
Certainty: possible
Info: The copyright file refers to the versionless symlink in
<tt>/usr/share/common-licenses</tt> for the full text of the GPL, LGPL,
or GFDL license. This symlink is updated to point to the latest version
of the license when a new one is released. The package appears to allow
relicensing under later versions of its license, so this is legally
consistent, but it implies that Debian will relicense the package under
later versions of those licenses as they're released. It is normally
better to point to the version of the license the package references in
its license statement.
.
For example, if the package says something like "you may redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2, or (at your
option) any later version", the <tt>debian/copyright</tt> file should
refer to <tt>/usr/share/common-licenses/GPL-2</tt>, not <tt>/GPL</tt>.
.
For packages released under the same terms as Perl, Perl references the
GPL version 1, so point to <tt>/usr/share/common-licenses/GPL-1</tt>.
Tag: copyright-refers-to-versionless-license-file
Severity: normal
Certainty: possible
Info: The copyright file refers to the versionless symlink in
<tt>/usr/share/common-licenses</tt> for the full text of the GPL, LGPL,
or GFDL license, but the package does not appear to allow distribution
under later versions of the license. This symlink will change with each
release of a new version of the license and may therefore point to a
different version than the package is released under.
<tt>debian/copyright</tt> should instead refers to the specific version
of the license that the package references.
.
For example, if the package says something like "you can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; version 2 dated June, 1991,"
the <tt>debian/copyright</tt> file should refer to
<tt>/usr/share/common-licenses/GPL-2</tt>, not <tt>/GPL</tt>.
Tag: copyright-refers-to-nonexistent-license-file
Severity: normal
Certainty: certain
Info: The copyright file refers to a license in
<tt>/usr/share/common-licenses</tt> that doesn't exist. Usually this is
a typo, such as accidentally omitting the <tt>-</tt> between the license
name and the version number.
Tag: copyright-refers-to-deprecated-bsd-license-file
Severity: minor
Certainty: certain
Ref: policy 12.5
Info: The copyright file refers to
<tt>/usr/share/common-licenses/BSD</tt>. Due to the brevity of this
license, the specificity of this copy to code whose copyright is held by
the Regents of the University of California, and the frequency of minor
wording changes in the license, its text should be included in the
copyright file directly rather than referencing this file.
.
This file may be removed from a future version of base-files if
references to it drop sufficiently.
Tag: copyright-has-crs
Severity: pedantic
Certainty: certain
Info: The copyright file has lines ending in CRLF instead of just LF.
.
Running the following command against the given file removes any
<tt>CR</tt> character in the file:
.
<tt>sed -i 's/\r//g' path/to/file</tt>
|