Felipe Sateler <fsate...@debian.org> writes: > I suspect you are setting an impossibly high bar for determining the > license of a work. We can (and do) rely on upstream telling us the truth > when they say the work is of a certain license, and that contributions > from third parties have been accepted under that license.
It's worth noting that most upstreams (particularly non-corporate upstreams) do not do any legal paperwork with contributors and generally don't even ask the contributor whether they're okay with distributing the contribution under the project license. They just do it and rely on the general assumption that someone submitting patches is okay with this. I am inclined to agree with the general sentiment that current Debian best practices are much pickier and more time-consuming than typical licensing reality upstream. > If what you say were true, no non-trivial piece of software would be > distributable. Is your copyright credited on all the packages where you > have submitted patches? There's plenty of software in the archive where > there is uncredited copyright, and that is not a problem because the > contribution was made under a given license. At least under US copyright law, it's absolutely not required to maintain a manifest of all copyright holders. Copyright notices are strictly optional and are mostly relevant in defeating an accidental infringement defense (or at least that's the traditional legal take I've heard). However, note that a lot of *licenses* explicitly require *retaining* copyright notices that are present. (This is not the same thing as maintaining accurate ones; in fact, a strict reading of most of these licenses says that you must retain *inaccurate* ones.) The reality is that the chances of anyone suing over this sort of thing are incredibly low, so large portions of the industry get away with doing things that might be technically forbidden under a very strict interpretation of the licenses because no one cares enough to pursue it. And because of estoppel, as well as other less-formal ways courts would take notice of reasonable expectations and common practice, that practice *does* have some legal weight as well. This is all kind of a mess, and I think Debian would be well-served by looking for opportunities to minimize the very real and significant cost to Debian contributors for doing boring and demotivating paperwork. That's probably more important, in general terms, than problems that are strictly theoretical. The problem with all of these discussions, however, and the reason why I largely stopped participating in them (particularly with my Policy Editor hat on), is that the rules for what one actually has to do in Debian to get a package accepted are a bit confusing and only partly documented, and the people who set those requirements basically don't participate in these discussions. As long as the decision-makers aren't participating and we don't have clear documentation of the rules, even talking about it is pointless. I feel like what we really need is a working group that contains members with the authority to speak for ftpmaster, along with a good cross-section of interested parties, to get together on a public but separate mailing list and hash out a concrete proposal for how we think copyright and license notices should work in the project. Then bring that back to the project. Otherwise, we're just going to keep having this discussion every three months or so, and nothing is going to really change. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>