Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided this notice is preserved.
Establishes a standard, machine-readable format for debian/copyright files within Debian packages to facilitate automated checking and reporting of licenses for packages and sets of packages. This specification was originally drafted as DEP-5.
This document describes a standard, machine-interpretable format for the debian/copyright file. This file is one of the most important files in Debian packaging, but, prior to this specification, no standard format was defined for it and its contents varied tremendously across packages. This made it difficult to automatically extract licensing information.
Use of this specification is optional.
Nothing in this proposal supersedes or modifies any of the requirements specified in Debian Policy regarding the appropriate detail or granularity to use when documenting copyright and license status in debian/copyright.
The diversity of free software licenses means that Debian needs to care not only about the freeness of a given work, but also its license's compatibility with the other parts of Debian it uses.
The arrival of the GPL version 3, its incompatibility with version 2, and our inability to spot the software where the incompatibility might be problematic is one prominent occurrence of this limitation.
There are earlier precedents, also. One is the GPL/OpenSSL incompatibility. Apart from grepping debian/copyright, which is prone to numerous false positives (packaging under the GPL but software under another license) or negatives (GPL software but with an "OpenSSL special exception" dual licensing form), there is no reliable way to know which software in Debian might be problematic.
And there is more to come. There are issues with shipping GPLv2-only software with a CDDL operating system such as Nexenta. The GPL version 3 solves this issue, but not all GPL software can switch to it and we have no way to know how much of Debian should be stripped from such a system.
Even where licenses are DFSG-free and mutually compatible, users may wish for a way to identify software under certain licenses (if, for example, they have special reasons to avoid certain licenses).
Many people have worked on this specification over the years. The following alphabetical list is incomplete; please suggest missing people: Russ Allbery, Ben Finney, Sam Hocevar, Steve Langasek, Charles Plessy, Noah Slater, Jonas Smedegaard, Lars Wirzenius.
The debian/copyright file must be machine-interpretable, yet human-readable, while communicating all mandated upstream information, copyright notices and licensing details.
The syntax of the file is the same as for other Debian control files, as specified in the Debian Policy Manual. See its section 5.1 for details. Extra fields can be added to any paragraph. No prefixing is necessary or desired, but please avoid names similar to standard ones so that mistakes are easier to catch. Future versions of the debian/copyright specification will attempt to avoid conflicting specifications for widely used extra fields.
There are four types of fields. The definition for each field in this document indicates which type of value it takes.
The entire value of a single-line field must be on a
single line. For example, the
Format field has a single-line value
specifying the version of the machine-readable format that
Field values defined as whitespace-separated lists may
be on one line or many. Values in the list are separated by
one or more whitespace characters (space, tab, or newline).
For example, the
contains a whitespace-separated list of filename
Line-based lists have one value per line. For example,
contains a line-based list of contact addresses.
Formatted text fields use the same rules as the long
description in a package's
Description field in Debian control files.
In some but not all cases, the first line may have special
meaning as a synopsis, similar to how the
Description field uses the first line for
the short description. See Debian Policy's section 5.6.13,
for details. For example,
Disclaimer is a formatted text field that
has no special first line, and
License is a formatted text field where
the first line indicates the short name or names of the
There are three kinds of paragraphs. The first paragraph in the file is called the header paragraph. Every other paragraph is either a Files paragraph or a stand-alone License paragraph. This is similar to source and binary package paragraphs in debian/control files.
The following fields may be present in a header paragraph.
License fields in the
paragraph may complement but do not replace the
paragraphs. If present, they summarise the
copyright notices or redistribution terms for the package
as a whole. For example, when a work combines a permissive
and a copyleft license,
License can be used to clarify the license
terms for the combination.
License together can also be used to
document a compilation copyright and license. It
is possible to use only
License in the header paragraph, but
Copyright alone makes no
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: SOFTware Upstream-Contact: John Doe <email@example.com> Source: http://www.example.com/software/project
The declaration of copyright and license for files may consist of one or more paragraphs. In the simplest case, a single paragraph with Files: * can be used to state the license and copyright for the whole package. Only the license and copyright information required by the Debian archive is required to be listed here.
The following fields may be present in a Files paragraph.
Files: * Copyright: 1975-2010 Ulla Upstream License: GPL-2+ Files: debian/* Copyright: 2010 Daniela Debianizer License: GPL-2+ Files: debian/patches/fancy-feature Copyright: 2010 Daniela Debianizer License: GPL-3+ Files: */*.1 Copyright: 2010 Manuela Manpager License: GPL-2+
In this example, all files are copyright by the upstream and licensed under the GPL, version 2 or later, with three exceptions. All the Debian packaging files are copyright by the packager, and further one specific file providing a new feature is licensed differently. Finally, there are some manual pages added to the package, written by a third person.
Since the license of the manual pages is the same as
the other files in the package, the last paragraph above
could instead be combined with the first paragraph,
listing both copyright statements in one
Copyright field. Whether to combine
paragraphs with the same license is left to the
discretion of the author of the debian/copyright file.
paragraphs can be used to provide the full license text for
a given license once, instead of repeating it in each
Files paragraph that refers to
it. The first line of the
License field must be a single license
short name or a short name followed by a license
The following fields may be present in a stand-alone License paragraph.
Example 1. tri-licensed files
Files: src/js/editline/* Copyright: 1993, John Doe 1993, Joe Average License: MPL-1.1 or GPL-2 or LGPL-2.1 License: MPL-1.1 [LICENSE TEXT] License: GPL-2 [LICENSE TEXT] License: LGPL-2.1 [LICENSE TEXT]
The following fields are defined for use in debian/copyright.
Single-line: URI of the format specification. The field that should be used for the current version of this document is:
Single-line: the name upstream uses for the software
Line-based list: the preferred address(es) to reach the upstream project. May be free-form text, but by convention will usually be written as a list of RFC5322 addresses or URIs.
Formatted text, no synopsis: an explanation of where the upstream source came from. Typically this would be a URL, but it might be a free-form explanation. The Debian Policy section 12.5 requires this information unless there are no upstream sources, which is mainly the case for native Debian packages. If the upstream source has been modified to remove non-free parts, that should be explained in this field.
Formatted text, no synopsis: this field is used for non-free or contrib packages to state that they are not part of Debian and to explain why (see Debian Policy section 12.5).
Formatted text, no synopsis: this field can provide additional information. For example, it might quote an e-mail from upstream justifying why the license is acceptable to the main archive, or an explanation of how this version of the package has been forked from a version known to be DFSG-free, even though the current upstream version is not.
Formatted text, with synopsis. In the header paragraph,
this field gives the license information for the package as
a whole, which may be different or simplified from a
combination of all the per-file license information. In a
Files paragraph, this field gives the licensing terms for
the files listed in the
field for this paragraph. In a stand-alone License
paragraph, it gives the licensing terms for those
paragraphs which reference it.
First line: an abbreviated name for the license, or expression giving alternatives (see the Short name section for a list of standard abbreviations). If there are licenses present in the package without a standard short name, an arbitrary short name may be assigned for these licenses. These arbitrary names are only guaranteed to be unique within a single copyright file.
If there are no remaining lines, then all of the short names or short names followed by license exceptions making up the first line must be described in stand-alone License paragraphs. Otherwise, this field should either include the full text of the license(s) or include a pointer to the license file under /usr/share/common-licenses. This field should include all text needed in order to fulfill both Debian Policy's requirement for including a copy of the software's distribution license (12.5), and any license requirements to include warranty disclaimers or other notices with the binary package.
Formatted text, no synopsis: one or more free-form
copyright statements. Any formatting is permitted; see the
examples below for some ideas for how to structure the
field to make it easier to read. In the header paragraph,
this field gives the copyright information for the package
as a whole, which may be different or simplified from a
combination of all the per-file copyright information. In
the Files paragraphs, it gives the copyright information
that applies to the files matched by the
Files pattern. If a work has no copyright
holder (i.e., it is in the public domain), that information
should be recorded here.
collects all relevant copyright notices for the files of
this paragraph. Not all copyright notices may apply to
every individual file, and years of publication for one
copyright holder may be gathered together. For example, if
file A has:
Copyright 2008 John Smith Copyright 2009 Angela Wattsand file B has:
Copyright 2010 Angela Wattsa single paragraph may still be used for both files. The
Copyrightfield for that paragraph would contain:
Copyright 2008 John Smith Copyright 2009, 2010 Angela Watts
Copyright field may
contain the original copyright statement copied exactly
(including the word "Copyright"), or it may shorten the text or
merge it with other copyright statements as described
above, as long as it does not sacrifice information.
Examples in this specification use both forms.
Whitespace-separated list: list of patterns indicating files covered by the license and copyright specified in this paragraph.
Filename patterns in the
Files field are specified using a
simplified shell glob syntax. Patterns are separated by
Only the wildcards * and ? apply; the former matches any number of characters (including none), the latter a single character. Both match slashs (/) and leading dots, unlike shell globs. The pattern *.in therefore matches any file whose name ends in .in anywhere in the source tree, not just at the top level.
Patterns match pathnames that start at the root of the source tree. Thus, "Makefile.in" matches only the file at the root of the tree, but "*/Makefile.in" matches at any depth.
The backslash (\) is used to remove the magic from the next character; see table below.
This is the same pattern syntax as fnmatch(3) without the
FNM_PATHNAME flag, or the
argument to the -path test of the
GNU find command, except that
 wildcards are not
are allowed. The last paragraph that matches a particular
file applies to it. More general paragraphs should
therefore be given first, followed by more specific
Exclusions are only supported by adding
Files paragraphs to override the previous
Much of the value of a machine-parseable copyright file
lies in being able to correlate the licenses of multiple
pieces of software. To that end, this spec defines standard
short names for a number of commonly used licenses, which
can be used in the first line of a
These short names have the specified meanings across all uses of this file format, and must not be used to refer to any other licenses. Parsers may thus rely on these short names referring to the same licenses wherever they occur, without needing to parse or compare the full license text.
From time to time, licenses may be added to or removed
from the list of standard short names. Such changes in the
list of short names will always be accompanied by changes
to the version of this standard and to the recommended
Format value. Implementers who
are parsing copyright files should take care not to assume
anything about the meaning of license short names for
Use of a standard short name does not override the
Debian Policy requirement to include the full license text
in debian/copyright, nor any
requirements in the license of the work regarding
reproduction of legal notices. This information must still
be included in the
field, either in a stand-alone License paragraph or in the
relevant files paragraph.
For licenses that have multiple versions in use, the short name is formed from the general short name of the license family, followed by a dash and the version number. If the version number is omitted, the lowest version number is implied. When the license grant permits using the terms of any later version of that license, add a plus sign to the end of the short name. For example, the short name GPL refers to the GPL version 1 and is equivalent to GPL-1, although the latter is clearer and therefore preferred. If the package may be distributed under the GPL version 1 or any later version, use a short name of GPL-1+.
For SPDX compatibility, versions with trailing dot-zeroes are considered to be equivalent to versions without (e.g., "2.0.0" is considered equal to "2.0" and "2").
Currently, the full text of the licenses is only available in the SPDX Open Source License Registry.
|public-domain||No license required for any purpose; the work is not subject to copyright in any jurisdiction.|
|Apache||Apache license 1.0, 2.0.|
|Artistic||Artistic license 1.0, 2.0.|
|BSD-2-clause||Berkeley software distribution license, 2-clause version.|
|BSD-3-clause||Berkeley software distribution license, 3-clause version.|
|BSD-4-clause||Berkeley software distribution license, 4-clause version.|
|ISC||Internet Software Consortium, sometimes also known as the OpenBSD License.|
|CC-BY||Creative Commons Attribution license 1.0, 2.0, 2.5, 3.0.|
|CC-BY-SA||Creative Commons Attribution Share Alike license 1.0, 2.0, 2.5, 3.0.|
|CC-BY-ND||Creative Commons Attribution No Derivatives license 1.0, 2.0, 2.5, 3.0.|
|CC-BY-NC||Creative Commons Attribution Non-Commercial license 1.0, 2.0, 2.5, 3.0.|
|CC-BY-NC-SA||Creative Commons Attribution Non-Commercial Share Alike license 1.0, 2.0, 2.5, 3.0.|
|CC-BY-NC-ND||Creative Commons Attribution Non-Commercial No Derivatives license 1.0, 2.0, 2.5, 3.0.|
|CC0||Creative Commons Zero 1.0 Universal. Omit "Universal" from the license version when forming the short name.|
|CDDL||Common Development and Distribution License 1.0.|
|CPL||IBM Common Public License.|
|EFL||The Eiffel Forum License 1.0, 2.0.|
|Expat||The Expat license.|
|GPL||GNU General Public License 1.0, 2.0, 3.0.|
|LGPL||GNU Lesser General Public License 2.1, 3.0, or GNU Library General Public License 2.0.|
|GFDL||GNU Free Documentation License 1.0, 1.1, 1.2, or 1.3. Use GFDL-NIV instead if there are no Front-Cover or Back-Cover Texts or Invariant Sections.|
|GFDL-NIV||GNU Free Documentation License, with no Front-Cover or Back-Cover Texts or Invariant Sections. Use the same version numbers as GFDL.|
|LPPL||LaTeX Project Public License 1.0, 1.1, 1.2, 1.3c.|
|MPL||Mozilla Public License 1.1.|
|Perl||Perl license (use "GPL-1+ or Artistic-1" instead).|
|Python||Python license 2.0.|
|QPL||Q Public License 1.0.|
|W3C||W3C Software License For more information, consult the W3C Intellectual Rights FAQ.|
|Zope||Zope Public License 1.0, 1.1, 2.0, 2.1.|
There are many versions of the MIT license. Please use Expat instead, when it matches.
An exception or clarification to a license is signalled
in plain text, by appending with
keywords exception to
the short name. This document provides a list of keywords
that must be used when referring to the most frequent
exceptions. When exceptions other than these are in effect
that modify a common license by granting additional
permissions, you may use an arbitrary keyword not taken
from the below list of keywords. When a license differs
from a common license because of added restrictions rather
than because of added permissions, a distinct short name
should be used instead of with
Only one exception may be specified for each license within a given license specification. If more than one exception applies to a single license, an arbitrary short name indicating that combination of multiple exceptions must be used instead.
The GPL Font exception refers to the text added to the license notice of each file as specified at How does the GPL apply to fonts. The precise text corresponding to this exception is:
As a special exception, if you create a document which uses this font, and embed this font or unaltered portions of this font into the document, this font does not by itself cause the resulting document to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the document might be covered by the GNU General Public License. If you modify this font, you may extend this exception to your version of the font, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.
The GPL OpenSSL exception gives permission to link GPL-licensed code with the OpenSSL library, which contains GPL-incompatible clauses. For more information, see The OpenSSL License and The GPL by Mark McLoughlin and the message middleman software license conflicts with OpenSSL by Mark McLoughlin on the debian-legal mailing list. The text corresponding to this exception is:
In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here.
License short name
public-domain does not refer to
a set of license terms. There are some works which are
not subject to copyright in any jurisdiction and
therefore no license is required for any purpose covered
by copyright law. This short name is an explicit
declaration that the associated files are "in the public domain".
Widespread misunderstanding about copyright in general, and the public domain in particular, results in the common assertion that a work is in the public domain when this is partly or wholly untrue for that work. The Wikipedia article on public domain is a useful reference for this subject.
License field in
a paragraph has the short name public-domain, the remaining lines of the
field must explain exactly what exemption
the corresponding files for that paragraph have from
default copyright restrictions.
License names are case-insensitive, and may not contain spaces.
In case of multi-licensing, the license short names are separated by or when the user can chose between different licenses, and by and when use of the work must simultaneously comply with the terms of multiple licenses.
For instance, this is a simple, "GPL version 2 or later" field:
License: GPL-2+This is a dual-licensed GPL/Artistic work such as Perl:
License: GPL-1+ or ArtisticThis is for a file that has both GPL and classic BSD code in it:
License: GPL-2+ and BSD-3-clauseFor the most complex cases, a comma is used to disambiguate the priority of ors and ands. The conjunction "and" has priority over "or" unless preceded by a comma. For instance:
A or B and C means A or (B and C).
A or B, and C means (A or B) and C.
This is for a file that has Perl code and classic BSD code in it:
License: GPL-2+ or Artistic-2.0, and BSD-3-clauseA GPL-2+ work with the OpenSSL exception is in effect a dual-licensed work that can be redistributed either under the GPL-2+, or under the GPL-2+ with the OpenSSL exception. It is thus expressed as GPL-2+ with OpenSSL exception. A possible
Licensefield for such a license is:
License: GPL-2+ with OpenSSL exception This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . In addition, as a special exception, the author of this program gives permission to link the code of its release with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.
SPDX is an attempt to standardize a format for communicating the components, licenses and copyrights associated with a software package. It and the machine-readable debian/copyright format attempt to be somewhat compatible. However, the two formats have different aims, and so the formats are different. The DEP5 wiki page will be used to track the differences.
Example 3. Simple
A possible debian/copyright file for the program "X Solitaire" distributed in the Debian source package xsol:
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: X Solitaire Source: ftp://ftp.example.com/pub/games Files: * Copyright: Copyright 1998 John Doe <firstname.lastname@example.org> License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: debian/* Copyright: Copyright 1998 Jane Smith <email@example.com> License: GPL-2+ [LICENSE TEXT]
Example 4. Complex
A possible debian/copyright file for the program "Planet Venus", distributed in the Debian source package planet-venus:
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Planet Venus Upstream-Contact: John Doe <firstname.lastname@example.org> Source: http://www.example.com/code/venus Files: * Copyright: 2008, John Doe <email@example.com> 2007, Jane Smith <firstname.lastname@example.org> 2007, Joe Average <email@example.com> 2007, J. Random User <firstname.lastname@example.org> License: PSF-2 [LICENSE TEXT] Files: debian/* Copyright: 2008, Dan Developer <email@example.com> License: permissive Copying and distribution of this package, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. Files: debian/patches/theme-diveintomark.patch Copyright: 2008, Joe Hacker <firstname.lastname@example.org> License: GPL-2+ [LICENSE TEXT] Files: planet/vendor/compat_logging/* Copyright: 2002, Mark Smith <email@example.com> License: MIT [LICENSE TEXT] Files: planet/vendor/httplib2/* Copyright: 2006, John Brown <firstname.lastname@example.org> License: MIT2 Unspecified MIT style license. Files: planet/vendor/feedparser.py Copyright: 2007, Mike Smith <email@example.com> License: PSF-2 [LICENSE TEXT] Files: planet/vendor/htmltmpl.py Copyright: 2004, Thomas Brown <firstname.lastname@example.org> License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'.