Package: icewm-themes Version: 1.2.26-2 Severity: serious Justification: ยง12.5 copyright must say where the upstream sources were obtained
We were looking at this package as a result of a question on #debian and realised that, on the basis of the information in debian/copyright, we had no idea where these themes had actually come from and that there was no evidence that these themes were indeed licensed under the GPL-2 as asserted. Currently, debian/copyright points to http://www.icewm.org/index.php?page=download for tarballs, but none are apparent on this page, just a link to a generic theme download site box-look.org. I looked for a few of the themes there and didn't find them. There is then a pretty vague statement that "most themes have been downloaded or updated" from http://themes.freshmeat.net/ This website no longer exists and redirects to a generic software archive page. I tried to find a few of these themes in this generic archive and was not able to do so. "Most" is also not sufficient for me to work out which themes are from this site or perhaps some other site. Next is a statement that some themes were obtained from: http://samael.k.pl/~michal/aeteria.html which is a webserver that doesn't appear to ever respond. Also, which themes were from there? grep gives me a list of a few, but is that all of them? I guess I would expect debian/copyright to tell me this in an aggregated work like this. I then moved on from debian/copyright and looked for more information to work out where these themes had come from. The package comes with a README.source that looked promising as a way of documenting where the themes came from... excellent... except: "modifications are applied through the dpatch mechanism." A minor thing -- this package no longer uses dpatch as of the last upload. "The currently available themes (and those that are processed by Makefile) are listed in THEME.list." What THEME.list? "They are either downloadable from the mentioned location" Mentioned where? Is this in the missing THEME.list? It's certainly not in copyright. It's not in the default.theme file in the theme directories. "apt-get source icewm-themes" That doesn't really sound like instructions for where the upstream sources were obtained... it's a bit self-referential! "make getfromdeb" gets them only from the source package. "make shownew" shows new dirs, looking like theme dirs and "make checkin" adds all new dirs to the THEME.list. None of these targets exist in the Makefile. I understand that debian/copyright for a package that is assembled from multiple sources like this is a complicated thing to write and maintain. I would, however, expect to see the information required by policy to be listed and the information required by the ftp team to be listed. For example, the ftp team has previously offered the following advice on what should be in a copyright file: http://lists.debian.org/debian-devel-announce/2006/03/msg00023.html Based on that, it would be nice to clearly describe EACH theme: Theme: blah URL: http://example.org/themes/blah Copyright: 2001-2003 Jane Smith Licence: This is free software blah blah... (the copyright format 1.0 (formerly known as DEP-5) may be of use here too, but doesn't handle multi-component sources like this gracefully) Ideally, each directory would have some sort of README or AUTHORS as some of them already do. In this files, the creator of the theme is stating that the licence is as claimed in debian/copyright. I realise that this is not always possible though. Shame. Being able to demonstrate that the licence is what you say it is wins over an assertion without evidence. For your information, the visitor to #debian who brought this up stated that he believed that a number of these themes were NOT GPLv2 as asserted and that some were undistributable. I guess you can expect him to file a separate bug report about that. cheers Stuart -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
