[docs] Instruct how to deploy several license files

[wrobelda]

Many projects will have more than a single license. Such projects typically have a LICENSES folder with SPDX copies of them. This explains how to copy them all instead just a single one.

Such projects with multiple licenses should be officially recognized, so that maintainers are aware of it. See e.g.: #19199 (review)
#19200 (comment)

EDIT: also promotes ${PORT} usage and wrapping paths in quotes.

[PhoebeHui]

@wrobelda, thanks for the PR!

[dg0yt]

Is it really desired that the copyright file becomes a folder in some cases?

[wrobelda]

Is it really desired that the copyright file becomes a folder in some cases?

I am really not sure what you mean here.

[dg0yt]

Is it really desired that the copyright file becomes a folder in some cases?

I am really not sure what you mean here.

Until now I relied on the assumption that share/${PORT}/copyright is a file. There is no clear documentation in vcpkg, but there are loose links to debian packaging.

I do not dispute the need to deal with alternative licenses. I'm worried because if share/${PORT}/copyright can be a directory, it needs different treatment in scripts that rely on such files.
(In my app, I do collect such files in order to deploy them with the app.)

Now I wonder if there are any examples in vcpkg where share/${PORT}/copyright already is a directory, not a file.

[wrobelda]

Until now I relied on the assumption that share/${PORT}/copyright is a file. There is no clear documentation in vcpkg, but there are loose links to debian packaging.
(...)
Now I wonder if there are any examples in vcpkg where share/${PORT}/copyright already is a directory, not a file.

There's no documentation indeed, which is why I came up with this solution that allowed me to copy multiple files to a copyright folder instead. The post-installation validation checks for copyright presence, bu not whether it's a file or a directory, so I took advantage of that.

That having said, I see that Debian still delivers a single copyright file for KDE Frameworks, despite KDE having moved to requiring all relevant SPDX copies of the licenses used present in LICENSES, so unless Debian concatenates them all in a single file, their packages have the licensing simply wrong: https://packages.debian.org/experimental/amd64/libkf5sonnet-dev/filelist

EDIT: just checked the copyright file of one of kf5 libs on Debian and indeed they comprehensively list all the copyrights and licenses, e.g. from libkf5sonnet:

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: sonnet
Source: https://invent.kde.org/frameworks/sonnet
Upstream-Contact: kde-frameworks-devel@kde.org

Files: *
Copyright: 2013, Aurélien Gâteau <agateau@kde.org>
           2006, David Faure <faure@kde.org>
           1991-1999, Free Software Foundation, Inc
           2003, Ingo Kloecker <kloecker@kde.org>
           2006, Jacob Rideout <kde@jacobrideout.net>
           2009, Jakub Stachowski <qbast@go2.pl>
           2006-2009, Montel Laurent <montel@kde.org>
           2012-2013, Martin Sandsmark <martin.sandsmark@kde.org>
           2013, Martin Sandsmark <martin.sandsmark@org>
           2005, Mashrab Kuvatov <kmashrab@uni-bremen.de>
           2009-2010, Michel Ludwig <michel.ludwig@kdemail.net>
           2008, Tom Albers <tomalbers@kde.nl>
           2003-2007, Zack Rusin <zack@kde.org>
           2009, Adriaan de Groot, Mustapha Abubakar, Ibrahim Dasuna
           2006, Canonical Ltd, and Rosetta Contributors 2006
           1998, Erez Nir <erez-n@actcom.co.il>
           2003-2008, Free Software Foundation, Inc
           2008-2009, K Desktop Environment
           2005, KDE Armenian translation team
           2005, KDE Russian translation team
           2000-2004, KDE e.v
           2007, KDE i18n Project for Vietnamese
           1999-2003, Meni Livne <livne@kde.org>
           2008, This_file_is_part_of_KDE
           2001, translate.org.za
License: LGPL-2.1+

Files: examples/dictionarycombobox.cpp
       src/core/guesslanguage.cpp
       src/core/guesslanguage.h
       src/core/languagefilter.cpp
       src/core/languagefilter_p.h
       src/core/textbreaks.cpp
       src/core/textbreaks_p.h
       src/core/tokenizer.cpp
       src/core/tokenizer_p.h
Copyright: 2006, Jacob R Rideout <kde@jacobrideout.net>
           2009, Jakub Stachowski <qbast@go2.pl>
           2006-2013, Martin Sandsmark <martin.sandsmark@kde.org>
           2008, Volker Krause <vkrause@kde.org>
           2004, Zack Rusin <zack@kde.org>
License: LGPL-2+

Files: po/ca/sonnet5_qt.po
       po/ca@valencia/sonnet5_qt.po
       po/uk/sonnet5_qt.po
Copyright: 2014, This_file_is_part_of_KDE
License: LGPL-2.1+3+KDEeV
 This file is distributed under the license LGPL version 2.1 or
 version 3 or later versions approved by the membership of KDE e.V.
 .
 On Debian systems, the complete text of the GNU Lesser General Public License
 version 2.1 can be found in `/usr/share/common-licenses/LGPL-2.1', likewise,
 the complete text of the GNU Lesser General Public License version 3 can be
 found in `/usr/share/common-licenses/LGPL-3'.

Files: cmake/FindENCHANT.cmake
Copyright: 2006, Zack Rusin <zack@kde.org>
License: BSD-3-clause

Files: po/bg/sonnet5_qt.po
Copyright: 2009-2013, Yasen Pramatarov <yasen@lindeas.com>
           2006-2009, Zlatko Popov <zlatkopopov@fsa-bg.org>
License: GPL

Files: debian/*
Copyright: 2014 Jonathan Riddell <jriddell@ubuntu.com>
License: LGPL-2.1+

License: BSD-3-clause
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 .
 1. Redistributions of source code must retain the copyright
    notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the copyright
    notice, this list of conditions and the following disclaimer in the
    documentation and/or other materials provided with the distribution.
 3. The name of the author may not be used to endorse or promote products
 derived from this software without specific prior written permission.
 .
 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

License: GPL
 This file is licensed under the GPL.
 .
 On Debian systems, the complete text of the GNU General Public License can be
 found in `/usr/share/common-licenses/GPL'.

License: LGPL-2+
 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Library General Public
 License as published by the Free Software Foundation; either
 version 2 of the License, or (at your option) any later version.
 .
 This library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Library General Public License for more details.
 .
 You should have received a copy of the GNU Library General Public License
 along with this library; see the file COPYING.LIB.  If not, write to
 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 Boston, MA 02110-1301, USA.
 .
 On Debian systems, the complete text of the GNU Library General Public
 License version 2 can be found in "/usr/share/common-licenses/LGPL-2".

License: LGPL-2.1+
 This library is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.
 .
 This library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.
 .
 You should have received a copy of the GNU Lesser General Public
 License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 02110-1301  USA
 .
 On Debian systems, the complete text of the GNU Lesser General Public License
 version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1".

[dg0yt]

Yeah, Debian maintainers do much more than just copying files. Another thing to note is that they document the legal state of the source code. For the resulting binaries which are combined from multiple components, you still have to check which licenses can be combined to form a legal result.

For vcpkg, I just would like to ensure a conscious decision whether to stay with a file (and additional sidecar files if needed) or whether to allow directories (and if yes, if there needs to be another primary file). It is not just a quick documentation fix.

[BillyONeal]

Dropping "reviewed" because this needs further consideration from the whole team since it's a policy change. We're going to discuss it tomorrow.

[BillyONeal]

After some discussion considering the above, @ras0219 @vicroms @dan-shaw and I met "in person" and agreed that all 3 of:

• concatenating everything into 1 file
• using a directory
• creating a file with "pointers" in text to the other files

are roughly equivalent for human readers, and the concatenation solution is best for tools as @dg0yt mentioned, so that is the solution we wish to prefer in the future.

Contributors who are interested in helping with this, in addition to changing the docs in this PR to be consistent with that result:

• it would be nice to add a vcpkg_copy_license(...) accepting any number of paths to licenses which automatically prepares the concatenated result as "${CURRENT_PACKAGES_DIR}/share/${PORT}/copyright"
• we can't go back and time and stop ports from putting directories here as there are some, but it would be nice to add a warning to the tool around https://github.com/microsoft/vcpkg-tool/blob/6d539419b0163e920c1f51a901212c6e310e2994/src/vcpkg/postbuildlint.cpp#L343 which warns if it is not a file

[dg0yt]

• it would be nice to add a vcpkg_copy_license(...) accepting any number of paths to licenses which automatically prepares the concatenated result as "${CURRENT_PACKAGES_DIR}/share/${PORT}/copyright"

May be it would be helpful to (optionally) insert an introductory remark before each file.

[wrobelda]

May be it would be helpful to (optionally) insert an introductory remark before each file.

And In particular, also listing all the names of the original files, which most of the time would be the names of licenses found in that file.

[PhoebeHui]

@wrobelda, could you address the review suggestion?

[wrobelda]

@wrobelda, could you address the review suggestion?

I have noting else to add than what I suggested above (#19227 (comment)). Everything else sounds good to me, however, I don't currently have time to deal with this myself.

In any case, this PR is for the documentation and my suggested edits woluld still stand with the functionality suggested by @BillyONeal

[JackBoosY]

Please reopen this PR if you have spare time.