[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[task #16461] Submission of sinaps is not a password safe

From: Ineiev
Subject: [task #16461] Submission of sinaps is not a password safe
Date: Tue, 21 Nov 2023 04:32:00 -0500 (EST)

Follow-up Comment #9, task #16461 (project administration):

> Ok, so the documentation part is much tougher than I expected. Thank you for
all the input and guidance. Let me try to organize it a bit, please comment on
my thoughts.
> 1. I currently use doxygen to generate "HTML output". This is the term that
is used by doxygen itself, but it includes HTML, css, javascript, png and
*.md5 and *.map files.

What category includes the *.svg files?

>   a) The latter two are intermediate files and not part of the documentation
so I do not see the necessity to put in notices.

Since they are not part of the documentation, don't you see the necessity to
exclude them from the tarball?

>   b) The css and javascript files are boilerplate so I don't think I can or
should put a copyright in there. I am not sure about a license notice though.

The point you have here is, there are files in the wild you can't add legal
notices to---for example, proprietary files.  However, that doesn't override
the Savannah requirement for all copyrightable files included to have valid
copyright and license notices.

Also, looking at files like doc/doxygen-header.html, it may seem that you
don't fully realize what you said here.

> If you think I should include one, I can do it.

We can't continually monitor all the packages we host on Savannah, to say
nothing of fixing the new issues they may have.  You must be able and willing
to think yourself.

>   c) The HTML files already contain copyright and license notices.

Have you verified that, e.g. using a command like the following?

find doc/html/ -type f -name \*.html -exec less -N {} \;

Many files in doc/html/search/ have no notices.

>   d) The png files are also generated from the source code so I put a note
in the README to declare their license.

Do you mean, from the source code of your package?  Can you explain how a file
like folderopen.png was generated from it?

> 2. Just to clairfy: I think all the files mentioned above make up one
particular type of a "produced document" to which the GPLv2 of doxygen does
not apply.

Let us discuss the points that led you to such conclusion (once more omitting
the question about the version of the GPL).

> 3. I see that lynx does not render the menus; I added a direct link so the
license will be accessible.

Nice; perhaps it would be consistent to add a link to it not only to the "main
page" (by the way, index.html seems to include the license notice, but its
footer still surprisingly refers to "main page").

Now on the license notice itself in doc/html/index.html#autotoc_md6.  It says
that the copies of code in the documentation are not covered by the FDL, but
by GPLv3.  This is confusing in at least two ways:

1. The users may think that they have a GPLv3-only package.
2. The non-FDL'ed parts that are not clearly and explicitly separated from the
FDL'ed parts.

But the main problem is, such combination makes your documentation proprietary
because it mixes works under incompatible licenses, the FDL and the GPL.

> 4. Regarding doxygen.conf: Now that I have dropped all boilerplate, there is
no copied expression in there because all of the remaining settings were
handwritten after reading the documentation.

Dropping the boilerplate implies that it was there at some point, which in
turn suggests that the result was derived from the original file.


Reply to this item at:


Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]