docker-ce-packaging icon indicating copy to clipboard operation
docker-ce-packaging copied to clipboard
verified publisher icon docker

consider adding machine-readable `copyright` file (DEP5) file to deb packages

Open thaJeztah opened this issue 1 year ago • 3 comments

A bit related to the discussion in https://github.com/docker/docker-ce-packaging/issues/1112

Debian introduced a machine-readable format for adding licensing information to packages and it looks like the proposal (https://dep-team.pages.debian.net/deps/dep5/) is accepted and now "1.0". Should we consider adding those? https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

Some challenges may be to mark individual files? (i.e. there may be files having a different license).

thaJeztah avatar Dec 26 '24 14:12 thaJeztah

FWIW; the containerd.io package already has this file, but it looks to be incorrect, as it also includes runc, which is not mentioned in the file; https://github.com/docker/containerd-packaging/blob/d6a7e6e2f349710e71a409a6cf2527f48b12e864/debian/copyright

thaJeztah avatar Dec 26 '24 14:12 thaJeztah

See https://salsa.debian.org/go-team/packages/docker/-/blob/487dded61b45c4df44d5b7ec152ef5a4ec4814b3/debian/copyright for a file you can probably borrow/learn a lot from.

tianon avatar Jan 08 '25 01:01 tianon

Bump! Debian standard copyright files are very useful for managing SBOMs and staying on top of open-source licensing requirements when distributing OS images with docker preinstalled. Currently, on a "default" installation (as per the docs), it seems like the following packages lack a copyright file:

  • docker-buildx-plugin
  • docker-ce
  • docker-ce-cli
  • docker-ce-rootless-extras
  • docker-compose-plugin

trupples avatar Sep 20 '25 14:09 trupples