Very likely several copyright violations under t/text/ (non-free song texts)

[xtaran]

I don't think the following song texts are published under the Artistic License 2.0 or any other free software or free artwork license:

• t/text/boy-named-sue.txt (See https://en.wikipedia.org/wiki/A_Boy_Named_Sue)
• t/text/me-and-bobbie-mcgee.txt (See https://en.wikipedia.org/wiki/Me_and_Bobby_McGee)
• t/text/shut-up-be-happy.txt
• t/text/science-of-myth.txt

This means that e.g. Debian needs to unpack your tar ball, remove those files, create a new tar ball for uploading to Debian as well as to patch the test suite to either skip the related tests or modify them to use other text files instead. And I'm sure, CPAN won't be happy about unlicensed lyrics either.

So I strongly recommend to either document the license of these song texts (if you have one) or remove them from the repository. (IMHO git rm should suffice, but IANAL.)

And JFTR: I report this, because Debian can't ship such non-free files. And IMHO it would be way better to remove those files from the original ack source distribution than just from the Debian package since then all ack users would and distributors would benefit from a clear legal situation and not only Debian, its derivatives and their distributors.

[petdance]

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883293

[petdance]

This means that e.g. Debian needs to unpack your tar ball, remove those files, create a new tar ball for uploading to Debian

@xtaran The way I'm reading https://packages.debian.org/stretch/all/ack/filelist, none of the test files are in the Debian package. Is that correct? Or am I looking at the wrong thing?

[gregoa]

They are in the source package (which is the original tarball plus the tarred up debian/ directory), and Debian also publishes these source packages, so they also have to consist only of files with free licenses.

If you e.g. look at https://packages.debian.org/source/testing/ack you'll see the ack_2.18.orig.tar.gz at the bottom, which is the same as https://cpan.metacpan.org/authors/id/P/PE/PETDANCE/ack-2.18.tar.gz. Or on each Debian mirror, e.g. http://ftp.ch.debian.org/debian/pool/main/a/ack/ (here you see both the binary packages - the .debs whose contents you found at https://packages.debian.org/stretch/all/ack/filelist - and the source packages - .orig.tar.gz, .debian.tar.xz, .dsc).

[petdance]

Thank you. I've never looked into any of the mechanics of Debian/Redhat/etc packaging.

they also have to consist only of files with free licenses.

I assume that things licensed under Creative Commons would be OK?

[gregoa]

On Sat, 02 Dec 2017 18:35:45 +0000, Andy Lester wrote:

Thank you. I've never looked into any of the mechanics of Debian/Redhat/etc packaging.

No problem!

they also have to consist only of files with free licenses. I assume that things licensed under Creative Commons would be OK?

Most CC licenses are ok; exceptions are all -NC (non-commercial) and -ND (no derivatives) variants; and also CC 1.0 and 2.x had some issues. For some historic background: https://lists.debian.org/debian-legal/2005/03/msg00406.html

And the answers at https://creativecommons.org/choose/ ("This is a Free Culture License!" vs. "This is not a Free Culture License.") seem to reflect the Debian criteria quite well.

Cheers, gregor

-- .''. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 . ' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe - NP: John Zorn & Masada: Shechem

[petdance]

exceptions are all -NC (non-commercial) and -ND (no derivatives) variants

Interesting. Thanks for that clarification.

[xtaran]

@petdance: Thanks for caring! @gregoa: Thanks for helping out while I was travelling.

[petdance]

I've released a dev release 2.19_01 to CPAN, and it's tagged with 2.19_01 in git. Would one of you be so kind as to check it out, to make sure it all looks good?

I'd like to release an actual release, 2.20, in the next day or two.

[xtaran]

Thanks! Will have a look this evening.

[xtaran]

Thanks a lot for fixing this so quickly despite it surely was quite some work to replace all the excerpts in the tests!

Anyway, looks all fine for me:

• The new replacement texts are all clearly identifiable as in the public domain (e.g. on Wikipedia).
• The test suite passes both, at build-time as well as with as-installed testing (at least on my laptop running Debian Unstable, i.e. I can't verify if it fixes the Ubuntu as-installed test suite failures discussed in #652)

So from my point of view, 2.19_01 fixed this issue with copyrighted examples texts very well. Feel free to close this issue (#655).

Will upload ack 2.19_01 to Debian Experimental now (as it's a release candidate primarily meant for testing) and later the final release ack 2.20 to Debian Unstable.

[xtaran]

To make it easier to check if this upload makes any change with regards to the autopkgtest issue in Ubuntu (#652) I changed my plan and uploaded 2.19_01 directly to Debian Unstable. Should hit Ubuntu Bionic (current development release) within this weekend.

[petdance]

Thanks for checking into it. I have some problems on Windows with the tests that I may fix up before 2.20. But 2.20 should go out by Monday.

[petdance]

ack 2.20 has been released to CPAN and is on the master branch here. All texts in the t/text directory are now public domain.