Steve Robbins <st...@sumost.ca> writes: > On Sunday, December 10, 2017 11:11:20 PM CST gregor herrmann wrote: > > My understanding is that a license without any information who puts > > the software under this license (i.e. who is the copyright holder > > who can grant these rights) is incomplete. > > OK, but surely it is up to Debian to choose the form of such > information. For instance: each binary package is unambiguously linked > to a source package; said source package is easy to locate and > contains the complete copyright holder information.
That last point – whether it is easy or even feasible to locate the complete copyright holder information merely by inspecting the upstream source work alone – seems to be a particular issue in this discussion. While the upstream source work is easy to locate for a Debian package, the difficult task is locating *within* that upstream source work the complete set of license grants that apply for the recipient. If you're claiming that the *complete* copyright holder information is to be found there: that is rarely the case, in my experience. Perhaps for some simple, young, small, one-person works, written entirely without deriving from any other work, by someone diligent about recording their specific copyright information. With works more complex than that, or those that have some history, or some combination of existing works, or even those developed in the “throw it online and copyright be damned” world we increasingly seem to inhabit, expecting to find “complete copyright holder information” such that we can be confident it *is* complete, solely in the upstream source is a folly, in my experience. The frustrations expressed by many in this thread are keenly felt by those who interact with copyright, and not just by Debian package maintainers. It is a lot of effort for a software project, open to collaboration from the public at large, to record tracks carefully enough to show the specific copyright holders and license grants, and therefore to show provenance of the claimed grant of license in the work, to some later recipient who needs to be sure of their status under the law in most jurisdictions, and who may not have easy access to contact the copyright holders even if they could know who those are. This effort is rarely undertaken to completion in the general free-software community. The effort of figuring out who holds copyright in a typical published software work by the time it gets to the Intent To Package for Debian, is therefore difficult. It remains a significant effort after that, to keep the information updated as the upstream maintainers continue to make changes that potentially affect the copyright status of the work. I assume we're agreed that it is necessary, in order that the Debian Project can be confident we know the provenance of that work; which itself is necessary to justify our claim to have received from the specific copyright holders of the work some specific grant of license (which we then grant, in turn, to Debian users). To my mind, that effort – a precondition of confidently asserting the copyright information and license we intend to grant to Debian users of that software work – results in valuable and hard-won information typically found in no single organised place. As such, that information should not go unrecorded, it should be in a standard location for the purpose of viewing the asserted copyright status and enabling future verification of those claims. That IMO is a principal value of recording the license grants, and the collated information about the copyright holders, in the file ‘debian/copyright’ in a package. > In the medical device industry, regulators allow vendors to use the > "least burdensome" means of complying with a given regulation. At the > risk of sounding naive, why can't apply this principle to copyright? A naive answer might be: Because upstream copyright holders frequently do not provide, in the work itself, sufficient nor complete nor standardised documentation for us to use in complying with those requirements. So we present in a more standard (“least burdensome”, for the community members who want assurance of compliance) format, our best understanding of what evidence we have of our claim to the copyright information. -- \ “I knew things were changing when my Fraternity Brothers threw | `\ a guy out of the house for mocking me because I'm gay.” | _o__) —postsecret.com, 2010-01-19 | Ben Finney