[opensuse-packaging] Fwd: Prep'ing python-volatiliity replacement package volatility3 for factory submission. Can someone please review the license and the Obsoletes/Provides statements
All, I'm prepping https://build.opensuse.org/package/show/security:forensics/volatility3 for submission to factory, but: - I'm not sure which license to use. I've copied the contents of the LICENSE.txt file below my signature (see below) - Because this is a replacement package I'm obsoleting python-volatility (python2 only), but the fact the version number for this is lower than it was for python-volatility leaves me in doubt if I did it right. I would normally say: Obsoletes: python-volatility <= 2.6.1 But because the version number for the new package is less than 2.6.1 that is causing [ 18s] volatility3.noarch: W: self-obsoletion python-volatility <= 2.6.1 obsoletes python-volatility = 1.0.0+beta.1 [ 18s] volatility3.noarch: W: self-obsoletion volatility <= 2.4 obsoletes volatility = 1.0.0+beta.1 [ 18s] The package obsoletes itself. This is known to cause errors in various tools [ 18s] and should thus be avoided, usually by using appropriately versioned Obsoletes [ 18s] and/or Provides and avoiding unversioned ones. So, I'm just using = in the spec file currently. Obsoletes: python-volatility = 2.6.1 - I carried over the *.changes file. Not sure that should happen, or if I should start from a clean changes file. Advice appreciated, Thanks Greg -- Greg Freemyer Advances are made by answering questions. Discoveries are made by questioning answers. — Bernard Haisch =============== contents of LICENSE.txt file ================== Volatility Software License Version 1.0 dated October 3, 2019. This license covers the Volatility software, Copyright 2019 Volatility Foundation. Software The software referred to in this license includes the software named above, and any data (such as operating system profiles or configuration information), and documentation provided with the software. Purpose This license gives you permission to use, share, and build with this software for free, but requires you to share source code for changes, additions, and software that you build with it. Acceptance In order to receive this license, you must agree to its rules. The rules of this license are both obligations under that agreement and conditions to your license. You must not do anything with this software that triggers a rule that you cannot or will not follow. Copyright Each contributor licenses you to do everything with this software that would otherwise infringe that contributor's copyright in it. Notices You must ensure that everyone who gets a copy of any part of this software from you, with or without changes, also gets the text of this license or a link to https://www.volatilityfoundation.org/license/vsl-v1.0. You must not remove any copyright notice in the Software. Patent Each contributor licenses you to do everything with this software that would otherwise infringe any patent claims they can license or become able to license. Reliability No contributor can revoke this license. Copyleft If you make any Additions available to others, such as by providing copies of them or providing access to them over the Internet, you must make them publicly available, according to this paragraph. "Additions" includes changes or additions to the software, and any conte nt or materials, including any training materials, you create that contain any portion of the software. "Additions" also includes any translations or ports of the software. "Additions" also includes any software designed to execute the software and parse its results, suc h as a wrapper written for the software, but does not include shell or execution menu software designed to execute software generally. When this license requires you to make Additions available: - You must publish all source code for software under this license, in the preferred form for making changes, through a freely accessible distribution system widely used for similar source code, so the developer and others can find and copy it. - You must publish all data or content under this license, in a format customarily used to make changes to it, through a freely accessible distribution system, so the developer and others can find and copy it. - You are responsible to ensure you have rights in Additions necessary to comply with this section. Contributing If you contribute (or offer to contribute) any materials to Volatility Foundation for the software, such as by submitting a pull request to the repository for the software or related content run by Volatility Foundation, you agree to contribute them under the under the B SD 2-Clause Plus Patent License (in the case of software) or the Creative Commons Zero Public Domain Dedication (in the case of content), unless you clearly mark them "Not a Contribution." Trademarks This license grants you no rights to any trademarks or service marks. Termination If you violate any term of this license, your license ends immediately. No Liability As far as the law allows, the software comes as is, without any warranty or condition, and no contributor will be liable to anyone for any damages related to this software or this license, under any kind of legal claim. Versions Volatility Foundation is the steward of this license and may publish new versions of this license with new version numbers. You may use the software under the version of this license under which you received the software, or, at your choice, any later version. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Hello Greg, Am Sonntag, 3. Mai 2020, 19:38:07 CEST schrieb Greg Freemyer:
I'm prepping https://build.opensuse.org/package/show/security:forensics/volatility3 for submission to factory, but:
- I'm not sure which license to use. I've copied the contents of the LICENSE.txt file below my signature (see below)
Did the license change compared to 2.6.1? - if no: use GPL-2.0-or-later as in 2.6.1 - if yes -- ask upsteam for clarification (https://spdx.org/licenses/ has the list of widely used licenses) -- wait for SUSE legal review
- Because this is a replacement package I'm obsoleting python-volatility (python2 only), but the fact the version number for this is lower than it was for python-volatility leaves me in doubt if I did it right. I would normally say:
Obsoletes: python-volatility <= 2.6.1
But because the version number for the new package is less than 2.6.1 that is causing
[ 18s] volatility3.noarch: W: self-obsoletion python-volatility <= 2.6.1 obsoletes python-volatility = 1.0.0+beta.1 [ 18s] volatility3.noarch: W: self-obsoletion volatility <= 2.4 obsoletes volatility = 1.0.0+beta.1 [ 18s] The package obsoletes itself. This is known to cause errors in various tools [ 18s] and should thus be avoided, usually by using appropriately versioned Obsoletes [ 18s] and/or Provides and avoiding unversioned ones.
So, I'm just using = in the spec file currently.
Obsoletes: python-volatility = 2.6.1
you could do as well: Conflicts: python-volatility < 10.0.0 Provides: python-volatility = 10.0.0
- I carried over the *.changes file. Not sure that should happen, or if I should start from a clean changes file.
In think this is OK to carry the changes file over - it is clearly stated that this is a rewrite. Does this version still support Python2? In this case a singlespec would be applicable. HTH Axel -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
Greg Freemyer <greg.freemyer@gmail.com> writes:
All,
I'm prepping https://build.opensuse.org/package/show/security:forensics/volatility3 for submission to factory, but:
- I'm not sure which license to use. I've copied the contents of the LICENSE.txt file below my signature (see below)
- Because this is a replacement package I'm obsoleting python-volatility (python2 only), but the fact the version number for this is lower than it was for python-volatility leaves me in doubt if I did it right. I would normally say:
Obsoletes: python-volatility <= 2.6.1
But because the version number for the new package is less than 2.6.1 that is causing
[ 18s] volatility3.noarch: W: self-obsoletion python-volatility <= 2.6.1 obsoletes python-volatility = 1.0.0+beta.1 [ 18s] volatility3.noarch: W: self-obsoletion volatility <= 2.4 obsoletes volatility = 1.0.0+beta.1 [ 18s] The package obsoletes itself. This is known to cause errors in various tools [ 18s] and should thus be avoided, usually by using appropriately versioned Obsoletes [ 18s] and/or Provides and avoiding unversioned ones.
So, I'm just using = in the spec file currently.
You definitely should be using <=, if you just use = then users who happened not to upgrade recently and who don't have version 2.6.1 on their system, will not get upgraded to the replacement package (this is not a huge issue if upstream will never release 2.6.2, but if they do and it lands in the repos, then users might never get your replacement). Fedora has some guidelines on package renaming: https://docs.fedoraproject.org/en-US/packaging-guidelines/#renaming-or-repla... but unfortunately it does not mention anything what should be done when the new version decreases (you could bump the Epoch, but that is ugly and will stay with you for all eternity, so I don't really want to suggest that…).
Obsoletes: python-volatility = 2.6.1
- I carried over the *.changes file. Not sure that should happen, or if I should start from a clean changes file.
Advice appreciated,
Thanks Greg -- Greg Freemyer Advances are made by answering questions. Discoveries are made by questioning answers. — Bernard Haisch
=============== contents of LICENSE.txt file ==================
Volatility Software License Version 1.0 dated October 3, 2019. This license covers the Volatility software, Copyright 2019 Volatility Foundation.
Software The software referred to in this license includes the software named above, and any data (such as operating system profiles or configuration information), and documentation provided with the software.
Purpose This license gives you permission to use, share, and build with this software for free, but requires you to share source code for changes, additions, and software that you build with it.
Acceptance In order to receive this license, you must agree to its rules. The rules of this license are both obligations under that agreement and conditions to your license. You must not do anything with this software that triggers a rule that you cannot or will not follow.
Copyright Each contributor licenses you to do everything with this software that would otherwise infringe that contributor's copyright in it.
Notices You must ensure that everyone who gets a copy of any part of this software from you, with or without changes, also gets the text of this license or a link to https://www.volatilityfoundation.org/license/vsl-v1.0. You must not remove any copyright notice in the Software.
Patent Each contributor licenses you to do everything with this software that would otherwise infringe any patent claims they can license or become able to license.
Reliability No contributor can revoke this license.
Copyleft If you make any Additions available to others, such as by providing copies of them or providing access to them over the Internet, you must make them publicly available, according to this paragraph. "Additions" includes changes or additions to the software, and any conte nt or materials, including any training materials, you create that contain any portion of the software. "Additions" also includes any translations or ports of the software. "Additions" also includes any software designed to execute the software and parse its results, suc h as a wrapper written for the software, but does not include shell or execution menu software designed to execute software generally. When this license requires you to make Additions available:
- You must publish all source code for software under this license, in the preferred form for making changes, through a freely accessible distribution system widely used for similar source code, so the developer and others can find and copy it. - You must publish all data or content under this license, in a format customarily used to make changes to it, through a freely accessible distribution system, so the developer and others can find and copy it. - You are responsible to ensure you have rights in Additions necessary to comply with this section.
Contributing If you contribute (or offer to contribute) any materials to Volatility Foundation for the software, such as by submitting a pull request to the repository for the software or related content run by Volatility Foundation, you agree to contribute them under the under the B SD 2-Clause Plus Patent License (in the case of software) or the Creative Commons Zero Public Domain Dedication (in the case of content), unless you clearly mark them "Not a Contribution."
Trademarks This license grants you no rights to any trademarks or service marks.
Termination If you violate any term of this license, your license ends immediately.
No Liability As far as the law allows, the software comes as is, without any warranty or condition, and no contributor will be liable to anyone for any damages related to this software or this license, under any kind of legal claim.
Versions Volatility Foundation is the steward of this license and may publish new versions of this license with new version numbers. You may use the software under the version of this license under which you received the software, or, at your choice, any later version. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
-- Dan Čermák <dcermak@suse.com> Software Engineer Development tools SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
participants (3)
-
Axel Braun -
Dan Čermák -
Greg Freemyer