NewPackageRequirements

Revision 6 as of 2007-07-09 15:46:36

Clear message

Requirements for new Ubuntu packages

When a source package is uploaded to Ubuntu which does not yet exist in the archive, or builds a new binary package, it will be held in the [http://people.ubuntu.com/~ubuntu-archive/queue/gutsy/new/ NEW queue] and has to be reviewed by an [https://launchpad.net/~ubuntu-archive Ubuntu archive team] member.

Requirements of new source packages

These points are critical, since they determine whether we are allowed at all to redistribute the package. Packages must not be accepted if any of these points is not fulfilled:

  • The upstream tarball must contain verbatim copies of all licenses that are used by the files in the tarball. References to URLs or paths to system files (such as /usr/share/common-licenses/) are not sufficient. The license(s) must accompany the source code.

  • For all files it must be clear under which license they fall. Source code files should usually have a short comment at the top which points out the license.

  • Files shipped under the GPL must be in the 'preferred form of modification' format. This applies to some other free licenses like the MPL, too (but e. g. not to BSD). Negative examples are Flash animations (*.swf), most PostScript/PDF files, and automatically generated source code. The suspicious-source script in the ubuntu-dev-tools package helps to spot such files.

  • debian/copyright must list all copyright holders and licenses (pointers to /usr/share/common-licenses/ are OK for licenses included there), and declare which licenses apply to which parts of the package.

  • Since there are now multiple versions of the GPL, the copyright headers and files must be clear about which version(s) of the GPL apply.

Common errors:

  • Not shipping a copy of the LGPL when e. g. the build system is under LGPL, but the actual source is GPL

  • Shipping PDFs and other files without source like a LaTeX or OpenOffice document

  • Documentation is actually under GFDL, but debian/copyright does not mention it. As of gutsy, the GFDL is in /usr/share/common-licenses/, so a pointer there is sufficient for debian/copyright.

  • debian/copyright only mentions a license, but no copyright

  • The source files and/or debian/copyright are not clear about which files fall under which license

  • Source is shipped under "GPL 2 only", while debian/copyright says "GPL 2 or later"

  • GPLed packages link against OpenSSL (directly or indirectly)

Packaging

  • The source and binary packages should have a sane name: neither they should clutter the namespace (such as "editor") nor should they have an entirely nonsensical name (such as "new-stuff-manager").

  • debian/control and debian/rules should build packages with the right Architecture:, Build-Depends[-Indep]:, and rules target (binary-arch vs. binary-indep).

  • Maintainer and init scripts should not excessively mess up the system.

Other

The [http://ftp-master.debian.org/REJECT-FAQ.html Debian NEW Reject FAQ] lists some important special cases which mostly apply to Ubuntu as well (except that we consider the GFDL as free enough).

Requirements of new binary packages

To be written