Re: Yearless copyrights: what do people think?

[Ángel]

On 2023-02-26 at 18:43 +0200, Adrian Bunk wrote:
> On Wed, Feb 22, 2023 at 07:39:09AM -0700, Sam Hartman wrote:
> > As Jonas mentions, including the years allows people to know when
> > works
> > enter the public domain and the license becomes more liberal.
> > I think our users are better served by knowing when the Debian
> > packaging
> > would enter the public domain.
> 
> If this is the intention, then including the years is pointless.
> 
> Article 7 of the Berne Convention says:
> (1) The term of protection granted by this Convention shall be the
> life 
> of the author and fifty years after his death.
> 
> (6) The countries of the Union may grant a term of protection in
> excess 
> of those provided by the preceding paragraphs.

This.

The Copyright year for determining when the work enters public domain
can be useful for US works published before 1978, but little more.

Now most countries have settled on 70 years post mortem auctoris (and
while there are countries with shorter terms, with the US not following
the rule of the shorter term, you would probably still need to wait
those 70 years if doing some business there)

It could be useful when the author is unknown or there is corporate
authorship, in which case the US copyright term is 95 years from first
*publication* (which _may_ be different from the copyright year) or 120
years after creation.


Another can of worms is that the copyright year is often not well-
maintained. There may be program changes with no bump of the copyright
year, and you find as well projects that updating the number yearly,
regardless if there are actually changes or not (so the stated year
doesn't actually give the real information).

Re: Yearless copyrights: what do people think?

[Adrian Bunk]

On Wed, Feb 22, 2023 at 07:39:09AM -0700, Sam Hartman wrote:
> 
> As Jonas mentions, including the years allows people to know when works
> enter the public domain and the license becomes more liberal.
> I think our users are better served by knowing when the Debian packaging
> would enter the public domain.

If this is the intention, then including the years is pointless.

Article 7 of the Berne Convention says:
(1) The term of protection granted by this Convention shall be the life 
of the author and fifty years after his death.
...
(6) The countries of the Union may grant a term of protection in excess 
of those provided by the preceding paragraphs.
...

> --Sam

cu
Adrian

Re: Yearless copyrights: what do people think?

[Russ Allbery]

Wouter Verhelst  writes:
> On Wed, Feb 22, 2023 at 08:20:27AM -0800, Russ Allbery wrote:

>> Unfortunately, it's often against the upstream license.

>> Redistribution and use in source and binary forms, with or without
>> modification, are permitted provided that the following conditions
>> are met:
>> 1. Redistributions of source code must retain the above copyright
>>notice, this list of conditions and the following disclaimer.

>> and:

>> The above copyright notice and this permission notice shall be
>> included in all copies or substantial portions of the Software.

> It says you need to do that, yes. It does not say *where* that copyrigh
> statement must be.

While this is true, we don't put the copyright statements anywhere else in
binary packages.

I think arguing that having them in the source package is a stretch for
those licenses, since they don't give any special significance to source
distributions and the normal way of using the archive is to download the
binary package without the source.  The Expat license specifically says
"all copies"; it doesn't say that if you distribute a few different forms
of the software, you can leave the copyright notice out of some of them.

I agree that we would satisfy the license if we had a separate file in the
binary package that collected all the copyright notices, but we don't;
that's the copyright file.

All that said, I think the chances that anyone would care enough about
this to sue is fairly low.  But not zero -- there do exist bad-faith
copyright holders who are looking for excuses to sue (although they're
thankfully quite rare in free software).

-- 
Russ Allbery (r...@debian.org)  

Re: Yearless copyrights: what do people think?

[Wouter Verhelst]

On Wed, Feb 22, 2023 at 08:20:27AM -0800, Russ Allbery wrote:
> Daniel Baumann  writes:
> > On 2/22/23 14:26, Peter Pentchev wrote:
> 
> >> Wait, I may have been unclear. I did not mean that I want to omit the
> >> upstream copyright years *when they are there*.
> 
> > I know you didn't mean that, nevertheless, it's imho good idea.
> 
> Unfortunately, it's often against the upstream license.
> 
> Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions
> are met:
> 1. Redistributions of source code must retain the above copyright
>notice, this list of conditions and the following disclaimer.
> 
> and:
> 
> The above copyright notice and this permission notice shall be
> included in all copies or substantial portions of the Software.

It says you need to do that, yes. It does not say *where* that copyrigh
statement must be.

debian/copyright is wholly a Debian-specific invention. We can often do
whatever we want there and still comply with the copyright license.

It's useful for our users that debian/copyright contains an accurate
copy of the license statement, but I don't see how it would be relevant
for an upstream license.

-- 
 w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

Re: Yearless copyrights: what do people think?

[Russ Allbery]

Paul Wise  writes:
> On Wed, 2023-02-22 at 09:47 -0800, Russ Allbery wrote:

>> People doing this should be aware that you're probably waiving certain
>> damage provisions in US copyright law should you ever sue someone in
>> the US for violating the license on the Debian packaging, at least so
>> far as I understand US copyright law.  (I am not a lawyer and this is
>> not legal advice for your specific situation.)

> Could you give some more details about this? I hadn't heard of it yet.

https://www.law.cornell.edu/uscode/text/17/401:

(d) Evidentiary Weight of Notice.—

If a notice of copyright in the form and position specified by this
section appears on the published copy or copies to which a defendant
in a copyright infringement suit had access, then no weight shall be
given to such a defendant’s interposition of a defense based on
innocent infringement in mitigation of actual or statutory damages,
except as provided in the last sentence of section 504(c)(2).

Also see https://www.copyright.gov/circs/circ03.pdf, specifically
"Advantages to Using a Copyright Notice" starting on page 3.

-- 
Russ Allbery (r...@debian.org)  

Re: Yearless copyrights: what do people think?

[Paul Wise]

On Wed, 2023-02-22 at 09:47 -0800, Russ Allbery wrote:

> People doing this should be aware that you're probably waiving certain
> damage provisions in US copyright law should you ever sue someone in the
> US for violating the license on the Debian packaging, at least so far as I
> understand US copyright law.  (I am not a lawyer and this is not legal
> advice for your specific situation.)

Could you give some more details about this? I hadn't heard of it yet.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Yearless copyrights: what do people think?

[Jonas Smedegaard]

Quoting Richard Laager (2023-02-22 21:47:49)
> I maintain a package where upstream has dropped the years. I was told 
> that multiple big tech companies with serious lawyers looked at this and 
> felt it was fine.

Big tech companies typically don't use free software licensing for the
same reasons as (some) of our users: As I mentioned earlier, for most
legal jurisdictions there is no (or little) legal benefit for the
copyright holders in expressing copyright statements, the benefit is for
others doing derived works which big tech companies typically care less
about.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Yearless copyrights: what do people think?

[Jonas Smedegaard]

Quoting Jérémy Lal (2023-02-22 17:04:01)
> Le mer. 22 févr. 2023 à 15:39, Sam Hartman  a écrit :
> 
> > > "Peter" == Peter Pentchev  writes:
> >
> > Peter> Hi, So I've seen this idea floating around in the past couple
> > Peter> of years (and in some places even earlier), but I started
> > Peter> doing it for the couple of pieces of software that I am
> > Peter> upstream for after reading Daniel Stenberg's blog entry:
> > Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
> >
> > Peter> And then, a couple of weeks ago, I quietly checked whether
> > Peter> the Debian FTP team would be okay with that by uploading two
> > Peter> NEW packages without any years mentioned in the
> > Peter> debian/copyright file: either upstream or for my Debian
> >
> > As Jonas mentions, including the years allows people to know when works
> > enter the public domain and the license becomes more liberal.
> > I think our users are better served by knowing when the Debian packaging
> > would enter the public domain.
> >
> 
> Maybe only the first year the copyright was applied is important ?

Possibly, yes.  My advice is to include upstream stated sane¹ years.

Reason for that is that several licenses require verbatim copy of
copyright statements.  Requirement² is not literal, only verbatim, which
I interpret as it's ok to e.g. translate "2001, 2002, 2003" into
"2001-2003" but not ok to translate it into "2001" since that is clearly
removing some "words".

 - Jonas

¹ When upstream says 2001-now then only include 2001, because "now" is
an insane expression in the context of copyright statements.

² Yeah, requirement is aguably only commonly relevant for source, not
for debian/copyright files, but that's a somewhat different topic.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Yearless copyrights: what do people think?

[Scott Kitterman]

On February 22, 2023 9:38:48 PM UTC, Sam Hartman  wrote:
>> "Peter" == Peter Pentchev  writes:
>
>Peter> 3. Now, what about the `Files: debian/*` section of the
>Peter> debian/copyright file? The common wisdom seems to be that, if
>Peter> only to make it easier to submit patches to the upstream
>Peter> project, the debian/* files ought to be licensed under the
>Peter> same terms as the upstream source. Now I know that licensing
>Peter> and copyright are different things :) So would the Debian
>Peter> Project consider it okay for a Debian package to have a
>Peter> `Files: debian/*` section in its copyright file that does not
>Peter> mention any years? This question is both from a DFSG point of
>Peter> view and from a "what would be best for our users" one. And
>Peter> does the answer depend on whether the upstream project's
>Peter> copyright notices include years or not? (as in, should we
>Peter> follow upstream's lead in that, too)
>
>Peter> Note that none of that comes from any "it's so difficult"
>Peter> positions; I am actually one of the people who would include
>Peter> file-by-file stanzas in the debian/copyright files for
>Peter> upstream files with different copyright years :)
>
>I think it is acceptable, but would urge you to include the years
>because it is better for our users.
>
>I think two things apply.
>
>1) it helps our users know when something goes out of copyright.
>
>2) As Russ points out, while your copyright is valid in the US even
>without notice, certain damage provisions only apply if you have valid
>notice including years.
>
>Neither of these are huge deals.
>
>I'd say years should be recommended but not required.
>
>I don't think parity with upstream matters.
>I don't think you would have any trouble submitting patches if the only
>difference is one notice included years and one did not.
>

I would add, that it's absolutely a requirement for license compliance in some 
cases.  For those cases, please continue to include it.  I don't think Debian 
should have a view that failing to comply with a license is okay if we think we 
can get away with it.

Scott K

Re: Yearless copyrights: what do people think?

[Sam Hartman]

> "Peter" == Peter Pentchev  writes:

Peter> 3. Now, what about the `Files: debian/*` section of the
Peter> debian/copyright file? The common wisdom seems to be that, if
Peter> only to make it easier to submit patches to the upstream
Peter> project, the debian/* files ought to be licensed under the
Peter> same terms as the upstream source. Now I know that licensing
Peter> and copyright are different things :) So would the Debian
Peter> Project consider it okay for a Debian package to have a
Peter> `Files: debian/*` section in its copyright file that does not
Peter> mention any years? This question is both from a DFSG point of
Peter> view and from a "what would be best for our users" one. And
Peter> does the answer depend on whether the upstream project's
Peter> copyright notices include years or not? (as in, should we
Peter> follow upstream's lead in that, too)

Peter> Note that none of that comes from any "it's so difficult"
Peter> positions; I am actually one of the people who would include
Peter> file-by-file stanzas in the debian/copyright files for
Peter> upstream files with different copyright years :)

I think it is acceptable, but would urge you to include the years
because it is better for our users.

I think two things apply.

1) it helps our users know when something goes out of copyright.

2) As Russ points out, while your copyright is valid in the US even
without notice, certain damage provisions only apply if you have valid
notice including years.

Neither of these are huge deals.

I'd say years should be recommended but not required.

I don't think parity with upstream matters.
I don't think you would have any trouble submitting patches if the only
difference is one notice included years and one did not.

Re: Yearless copyrights: what do people think?

[Richard Laager]

I maintain a package where upstream has dropped the years. I was told 
that multiple big tech companies with serious lawyers looked at this and 
felt it was fine.


I fully support:
  - upstreams dropping years from copyright notices
  - Debian not requiring maintainers to preserve years in
debian/copyright files.

On 2/22/23 08:39, Sam Hartman wrote:

I think our users are better served by knowing when the Debian packaging
would enter the public domain.


In theory, I agree with you. In practice, copyright lengths are so long 
in many countries that software effectively never enters the public 
domain (at least not while it is still of useful/non-historical value).


--
Richard



OpenPGP_signature
Description: OpenPGP digital signature

Re: Yearless copyrights: what do people think?

[Ansgar]

On Wed, 2023-02-22 at 07:39 -0700, Sam Hartman wrote:
> > > > > 
> As Jonas mentions, including the years allows people to know when works
> enter the public domain and the license becomes more liberal.
> I think our users are better served by knowing when the Debian packaging
> would enter the public domain.

As far as I know for works from a known author, copyright expires X
years after the death of the author. The year of creation or
publication isn't useful. Nor are individual years for every year where
a change was done (as I think the FSF suggests to document).

It is different for anonymous or pseudonymous works where the author is
not known, but the author can name himself later (which is fun to find
out about: you need to follow the national register for such
publications which only exists on paper in Germany[1]).

Ansgar

  [1]: 
https://www.dpma.de/dpma/wir_ueber_uns/weitere_aufgaben/verwertungsges_urheberrecht/anonyme_werke/index.html

Re: Yearless copyrights: what do people think?

[Russ Allbery]

Not an ftp team member or anything, so this is just my personal opinion.

Peter Pentchev  writes:

> 1. Does the Debian Project consider it okay for an upstream package to
>include one or more (or all) files with clear license grants (either
>included or referred to in the files), and with clear copyright
>notices (again, either in the files or in a central file) that
>contain the authors' names, but no years? Does such a package
>comply with the DFSG? I believe the answer ought to be "yes", but
>I thought it wouldn't hurt to ask.

Yes, I can't see any reason why this would be a problem.  Copyright
notices are optional.  I suppose it's conceivable someone could put
wording in a license that requires the years, but I've never seen
something like that unless one takes an extremely aggressive
interpretation of "copyright notice" that I wouldn't take.

> 2. If an upstream project does that, the debian/copyright file should
>reflect that and have a `Files: *` (or whatever pattern) notice that
>has a copyright notice without any years... right? And if an upstream
>project does that between releases, the debian/copyright file should
>change (drop the years) in the next "new upstream release" upload...
>right?

Yes, that seems to logically follow.  For licenses like BSD and Expat
where including the copyright notices is a license condition, we should
just copy the license notices that upstream uses (I believe it's fine to
consolidate years), so if there are no years, we shouldn't put in years.

> 3. Now, what about the `Files: debian/*` section of the debian/copyright
>file? The common wisdom seems to be that, if only to make it easier to
>submit patches to the upstream project, the debian/* files ought to be
>licensed under the same terms as the upstream source. Now I know that
>licensing and copyright are different things :) So would the Debian
>Project consider it okay for a Debian package to have
>a `Files: debian/*` section in its copyright file that does not
>mention any years? This question is both from a DFSG point of view and
>from a "what would be best for our users" one. And does the answer
>depend on whether the upstream project's copyright notices include
>years or not? (as in, should we follow upstream's lead in that, too)

I think it's fine to omit the year from copyright notices in debian/*.  It
certainly seems clear to me that it's fine from a DFSG perspective; a lot
of packages don't even have any separate stanza or copyright notices for
debian/* at all and copyright notices are optional.  (Not saying this is
ideal, just that it's not a DFSG violation.)

Sam made the point that including the year communicates when the Debian
packaging would enter the public domain.  This is true, but I can't bring
myself to care that much about it since (sadly in my opinion) that point
is so far into the future that I'm dubious of the effort to reward ratio
of curating years for all those decades.  Not to mention that the debian/*
packaging is continuously updated so additional copyright may attach and
that gets into a murky mess in terms of copyright expiration, which
decreases the value of that information.

People doing this should be aware that you're probably waiving certain
damage provisions in US copyright law should you ever sue someone in the
US for violating the license on the Debian packaging, at least so far as I
understand US copyright law.  (I am not a lawyer and this is not legal
advice for your specific situation.)

-- 
Russ Allbery (r...@debian.org)  

Re: Yearless copyrights: what do people think?

[Peter Pentchev]

On Wed, Feb 22, 2023 at 03:26:47PM +0200, Peter Pentchev wrote:
> On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:
> > Quoting Peter Pentchev (2023-02-22 10:49:30)
> > > So I've seen this idea floating around in the past couple of years
> > > (and in some places even earlier), but I started doing it for
> > > the couple of pieces of software that I am upstream for after reading
> > > Daniel Stenberg's blog entry:
> > >   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
[snip my original message]
> [snip useful information]
> > As a redistributor I find it a good practice to include most possible
> > copyright and licensing information provided by upstream authors,
> > exactly because we are doing a service for our users, and it is a slight
> > disservice to omit information that upstream put effort into tracking
> > and publishing.
> 
> Wait, I may have been unclear. I did not mean that I want to omit
> the upstream copyright years *when they are there*. And, of course,
> if upstream does not specify any copyright years, we cannot invent
> any out of thin air. So I guess my question was mainly what people
> think about dropping the years in the debian/* copyright notice
> (packaging files, patches, etc).

OK, so it seems I did it again: I sent out my original message before
really knowing myself what exactly the questions are that I mean
to ask :) So now that I have thought about it a little, here they are:

1. Does the Debian Project consider it okay for an upstream package to
   include one or more (or all) files with clear license grants (either
   included or referred to in the files), and with clear copyright
   notices (again, either in the files or in a central file) that
   contain the authors' names, but no years? Does such a package
   comply with the DFSG? I believe the answer ought to be "yes", but
   I thought it wouldn't hurt to ask.

2. If an upstream project does that, the debian/copyright file should
   reflect that and have a `Files: *` (or whatever pattern) notice that
   has a copyright notice without any years... right? And if an upstream
   project does that between releases, the debian/copyright file should
   change (drop the years) in the next "new upstream release" upload...
   right?

3. Now, what about the `Files: debian/*` section of the debian/copyright
   file? The common wisdom seems to be that, if only to make it easier to
   submit patches to the upstream project, the debian/* files ought to be
   licensed under the same terms as the upstream source. Now I know that
   licensing and copyright are different things :) So would the Debian
   Project consider it okay for a Debian package to have
   a `Files: debian/*` section in its copyright file that does not
   mention any years? This question is both from a DFSG point of view and
   from a "what would be best for our users" one. And does the answer
   depend on whether the upstream project's copyright notices include
   years or not? (as in, should we follow upstream's lead in that, too)

Note that none of that comes from any "it's so difficult" positions;
I am actually one of the people who would include file-by-file stanzas
in the debian/copyright files for upstream files with different
copyright years :)

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Re: Yearless copyrights: what do people think?

[Russ Allbery]

Daniel Baumann  writes:
> On 2/22/23 14:26, Peter Pentchev wrote:

>> Wait, I may have been unclear. I did not mean that I want to omit the
>> upstream copyright years *when they are there*.

> I know you didn't mean that, nevertheless, it's imho good idea.

Unfortunately, it's often against the upstream license.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.

and:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

The Apache 2.0 license only requires the copyright notices be preserved in
"Source form," so debian/copyright probably doesn't count.  (It instead
requires inclusion of the NOTICE file, but allows you to distribute it
"within the Source form or documentation, if provided along with the
Derivative Works," which we probably qualify for.)

The GPL doesn't seem to care about the notice in non-source forms.

In practice, I doubt anyone will care, and it's of course fine to omit the
year from your own copyright notices as long as you realize that means you
cannot take advantage of the damage provisions of US copyright law that
require you to publish a valid copyright notice (which I suspect no one
cares about).  But dropping the copyright dates from the upstream notices
I think would often technically violate the upstream license depending on
its wording.

-- 
Russ Allbery (r...@debian.org)  

Re: Yearless copyrights: what do people think?

[Jérémy Lal]

Le mer. 22 févr. 2023 à 15:39, Sam Hartman  a écrit :

> > "Peter" == Peter Pentchev  writes:
>
> Peter> Hi, So I've seen this idea floating around in the past couple
> Peter> of years (and in some places even earlier), but I started
> Peter> doing it for the couple of pieces of software that I am
> Peter> upstream for after reading Daniel Stenberg's blog entry:
> Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
>
> Peter> And then, a couple of weeks ago, I quietly checked whether
> Peter> the Debian FTP team would be okay with that by uploading two
> Peter> NEW packages without any years mentioned in the
> Peter> debian/copyright file: either upstream or for my Debian
>
> As Jonas mentions, including the years allows people to know when works
> enter the public domain and the license becomes more liberal.
> I think our users are better served by knowing when the Debian packaging
> would enter the public domain.
>

Maybe only the first year the copyright was applied is important ?

Jérémy

Re: Yearless copyrights: what do people think?

[Marc Haber]

On Wed, 22 Feb 2023 15:40:49 +0100, Jonas Smedegaard 
wrote:
>Quoting Daniel Baumann (2023-02-22 14:30:11)
>> while having copyright information centrally available per package in
>> d/copyright is definitly a usefull service, is providing the *years*
>> really a service worth providing?
>> 
>> personally I don't think so: for packages with non-trivial d/copyright,
>> it's a significant effort to keep the years in sync with the upstream
>> sources.
>
>Ensuring that debian/copyright stays correct take some effort, but that
>is required to re-examine anyway for each new upstream release.
>
>I dare question that examining copyright *years* in particular is
>noticably larger effort than the general required examination.

If copyright inspection is like three quarters of the effort necessary
to get, for example, a new sudo into Debian, then we are doing things
wrong and setting our priorities wrong. This is indrecibly frustrating
and time consuming busy work that doesn't require my qualification at
all, and I REALLY have other things to do than that.

It is especially frustrating when we're obviously being holier than
the pope, when for example translators submit translations for very
obviously non-FSF software with "Copyright Free Software Foundation"
or with boilerplate copypaste headers stating a license that is
totally different from the package that is being translated etc.

Strictly, as a maintainer I MUST reject such translations because a po
file also contains work by the original author which a translator
cannot arbitrarily relicense, not even accidentally by just not paying
proper attention.

>> (and I doubt that all our source packages have accurate d/copyright,
>> even less so when it comes to the year-information.)

Amen.

While I understand that having debian/copyright is vitally important,
we NEED to relax our rules to reduce the effort necessary since it's
demotivating busy work that I feel noone cares about.

Greetings
Marc
-- 
-- !! No courtesy copies, please !! -
Marc Haber |   " Questions are the | Mailadresse im Header
Mannheim, Germany  | Beginning of Wisdom " | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Re: Yearless copyrights: what do people think?

[Scott Kitterman]

On February 22, 2023 2:29:08 PM UTC, Jonas Smedegaard  wrote:
>Quoting Peter Pentchev (2023-02-22 14:26:47)
>> On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:
>> > Quoting Peter Pentchev (2023-02-22 10:49:30)
>> > > So I've seen this idea floating around in the past couple of years
>> > > (and in some places even earlier), but I started doing it for
>> > > the couple of pieces of software that I am upstream for after reading
>> > > Daniel Stenberg's blog entry:
>> > >   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
>> > > 
>> > > And then, a couple of weeks ago, I quietly checked whether
>> > > the Debian FTP team would be okay with that by uploading two NEW
>> > > packages without any years mentioned in the debian/copyright file:
>> > > either upstream or for my Debian packaging. And, lo and behold,
>> > > they were both accepted (python-parse-stages and python-test-stages).
>> > > 
>> > > So how do people feel about this in general, would it be okay for
>> > > me to start doing it:
>> > > a) for other packages that I maintain personally, outside any team
>> > > b) for team-maintained packages (I guess this one might be a per-team
>> > >decision, discussed separately on the appropriate lists)
>> > > 
>> > > (obviously, I'm not asking for permission or anything; apparently
>> > >  at least one member of the FTP team is okay with me doing it at
>> > >  least for some packages. This is more of a "float the idea, see
>> > >  what people think about doing this more widely, not just me")
>> [snip useful information]
>> > As a redistributor I find it a good practice to include most possible
>> > copyright and licensing information provided by upstream authors,
>> > exactly because we are doing a service for our users, and it is a slight
>> > disservice to omit information that upstream put effort into tracking
>> > and publishing.
>> 
>> Wait, I may have been unclear. I did not mean that I want to omit
>> the upstream copyright years *when they are there*. And, of course,
>> if upstream does not specify any copyright years, we cannot invent
>> any out of thin air. So I guess my question was mainly what people
>> think about dropping the years in the debian/* copyright notice
>> (packaging files, patches, etc).
>
>Your rephrased question seems the same to me - so perhaps I was
>unclear...
>
>It is my inderstanding that when copyright years are missing from
>upstream source then that is acceptable for Debian redistribution (i.e.
>not a surprise to me that ftpmaster approves it).
>
>It is my opinion that when copyright years do exist in upstream source,
>then we should list those known-to-us years in debian/copyright (a.k.a.
>not omit them a.k.a. not drop them), even though we are legally not
>required¹ to do so (for the same reason as upstream above is not legally
>required to state copyright at all).
>
> - Jonas
>
>¹ Unless some licensing requires listing copyright *years* which from
>the top of my head I do not recall having seen, but am too lazy to check
>- also because my interest is not to cut corners most possible but to be
>as helpful to our users as possible, and copyright years serve a real
>(albeit cornercase) purpose.

You won't encounter it in license texts this way.  Many licenses require 
complete/verbatim inclusion of the copyright claims.  If you remove the years, 
you aren't doing that.

Scott K

Re: Yearless copyrights: what do people think?

[Jonas Smedegaard]

Quoting Daniel Baumann (2023-02-22 14:30:11)
> On 2/22/23 13:55, Jonas Smedegaard wrote:
> > As a redistributor I find it a good practice to include most possible
> > copyright and licensing information provided by upstream authors,
> > exactly because we are doing a service for our users
> 
> while having copyright information centrally available per package in
> d/copyright is definitly a usefull service, is providing the *years*
> really a service worth providing?
> 
> personally I don't think so: for packages with non-trivial d/copyright,
> it's a significant effort to keep the years in sync with the upstream
> sources.

Ensuring that debian/copyright stays correct take some effort, but that
is required to re-examine anyway for each new upstream release.

I dare question that examining copyright *years* in particular is
noticably larger effort than the general required examination.

> (and I doubt that all our source packages have accurate d/copyright,
> even less so when it comes to the year-information.)

I agree, but is not really relevant for this discussion (which I guess
is also the reason you put that in paranthesis). :-)


> > and it is a slight disservice to omit information that upstream put
> > effort into tracking and publishing.
> 
> If years would be omited in d/copyright, it's not that the information
> is hidden/nowhere else.
> 
> Also if I would want to know the copyright information of a certain
> file, I'd check d/copyright for a first glance, but then always check
> the individual source file, even if it's just to be sure/double check.
> 
> I don't think that the "niche" use-case of wanting to know the
> year-information (everything else should be in d/copyright anyway) is
> worth the (continued) maintenance costs in d/copyright.

I am genuinely interested in understanding what trouble you experience
collecting that information.  Is it perhaps because you for some reason
cannot or will not use licensecheck?  While ertainly not perfect but,
licensecheck in my experience currently adequately identifies, collects,
and merges copyright years.

If you prefer moving such conversation to a smaller audience, then I
encourage filing bugreports against licensecheck (or pointing at
bugreports already covering your points that I might have missed).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Yearless copyrights: what do people think?

[Sam Hartman]

> "Peter" == Peter Pentchev  writes:

Peter> Hi, So I've seen this idea floating around in the past couple
Peter> of years (and in some places even earlier), but I started
Peter> doing it for the couple of pieces of software that I am
Peter> upstream for after reading Daniel Stenberg's blog entry:
Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

Peter> And then, a couple of weeks ago, I quietly checked whether
Peter> the Debian FTP team would be okay with that by uploading two
Peter> NEW packages without any years mentioned in the
Peter> debian/copyright file: either upstream or for my Debian

As Jonas mentions, including the years allows people to know when works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging
would enter the public domain.

--Sam

Re: Yearless copyrights: what do people think?

[Jonas Smedegaard]

Quoting Peter Pentchev (2023-02-22 14:26:47)
> On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:
> > Quoting Peter Pentchev (2023-02-22 10:49:30)
> > > So I've seen this idea floating around in the past couple of years
> > > (and in some places even earlier), but I started doing it for
> > > the couple of pieces of software that I am upstream for after reading
> > > Daniel Stenberg's blog entry:
> > >   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
> > > 
> > > And then, a couple of weeks ago, I quietly checked whether
> > > the Debian FTP team would be okay with that by uploading two NEW
> > > packages without any years mentioned in the debian/copyright file:
> > > either upstream or for my Debian packaging. And, lo and behold,
> > > they were both accepted (python-parse-stages and python-test-stages).
> > > 
> > > So how do people feel about this in general, would it be okay for
> > > me to start doing it:
> > > a) for other packages that I maintain personally, outside any team
> > > b) for team-maintained packages (I guess this one might be a per-team
> > >decision, discussed separately on the appropriate lists)
> > > 
> > > (obviously, I'm not asking for permission or anything; apparently
> > >  at least one member of the FTP team is okay with me doing it at
> > >  least for some packages. This is more of a "float the idea, see
> > >  what people think about doing this more widely, not just me")
> [snip useful information]
> > As a redistributor I find it a good practice to include most possible
> > copyright and licensing information provided by upstream authors,
> > exactly because we are doing a service for our users, and it is a slight
> > disservice to omit information that upstream put effort into tracking
> > and publishing.
> 
> Wait, I may have been unclear. I did not mean that I want to omit
> the upstream copyright years *when they are there*. And, of course,
> if upstream does not specify any copyright years, we cannot invent
> any out of thin air. So I guess my question was mainly what people
> think about dropping the years in the debian/* copyright notice
> (packaging files, patches, etc).

Your rephrased question seems the same to me - so perhaps I was
unclear...

It is my inderstanding that when copyright years are missing from
upstream source then that is acceptable for Debian redistribution (i.e.
not a surprise to me that ftpmaster approves it).

It is my opinion that when copyright years do exist in upstream source,
then we should list those known-to-us years in debian/copyright (a.k.a.
not omit them a.k.a. not drop them), even though we are legally not
required¹ to do so (for the same reason as upstream above is not legally
required to state copyright at all).

 - Jonas

¹ Unless some licensing requires listing copyright *years* which from
the top of my head I do not recall having seen, but am too lazy to check
- also because my interest is not to cut corners most possible but to be
as helpful to our users as possible, and copyright years serve a real
(albeit cornercase) purpose.

-- 
* Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Re: Yearless copyrights: what do people think?

[Scott Kitterman]

On February 22, 2023 9:49:30 AM UTC, Peter Pentchev  wrote:
>Hi,
>
>So I've seen this idea floating around in the past couple of years
>(and in some places even earlier), but I started doing it for
>the couple of pieces of software that I am upstream for after reading
>Daniel Stenberg's blog entry:
>  https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
>
>And then, a couple of weeks ago, I quietly checked whether
>the Debian FTP team would be okay with that by uploading two NEW
>packages without any years mentioned in the debian/copyright file:
>either upstream or for my Debian packaging. And, lo and behold,
>they were both accepted (python-parse-stages and python-test-stages).
>
>So how do people feel about this in general, would it be okay for
>me to start doing it:
>a) for other packages that I maintain personally, outside any team
>b) for team-maintained packages (I guess this one might be a per-team
>   decision, discussed separately on the appropriate lists)
>
>(obviously, I'm not asking for permission or anything; apparently
> at least one member of the FTP team is okay with me doing it at
> least for some packages. This is more of a "float the idea, see
> what people think about doing this more widely, not just me")
>
>Thanks for reading this far, and keep up the great work!

You may be conflating two separate things here.  The job of debian/copyright is 
to document the copyright and license claims.  Although there are exceptional 
cases, FTP Team doesn't normally review the correctness of the claims (an 
example of an exception is a copyright claim that includes the source that the 
code was copied from before the copyright claim was changed - yes, this 
happens).  I don't think you should assume acceptance of a package without 
years implies any particular judgement about if the practice is good or bad.

Scott K
P.S. Please don't turn this into yet another thread about how annoying having 
to spend time on debian/copyright is.  We know.

Re: Yearless copyrights: what do people think?

[Stephan Verbücheln]

It is also not required to put an author name or any other information,
either. Copyright will still apply.

But it makes it really a lot easier for anyone who wants to re-use the
work or parts of it if they know who to contact. This matters even more
for computer programs than for fiction novels or paintings.

Regards

Re: Yearless copyrights: what do people think?

[Daniel Baumann]

On 2/22/23 14:26, Peter Pentchev wrote:
> Wait, I may have been unclear. I did not mean that I want to omit
> the upstream copyright years *when they are there*.

I know you didn't mean that, nevertheless, it's imho good idea. I'd be
in favour of dropping them from d/copyright an let people have a look at
the "full sources" for the "year detail"-information.

I recently saw that this has been done in knot-resolver for the
"wildcard"-stanza of d/copyright and I like it:
https://tracker.debian.org/media/packages/k/knot-resolver/copyright-5.6.0-1

Regards,
Daniel

Re: Yearless copyrights: what do people think?

[Daniel Baumann]

On 2/22/23 13:55, Jonas Smedegaard wrote:
> As a redistributor I find it a good practice to include most possible
> copyright and licensing information provided by upstream authors,
> exactly because we are doing a service for our users

while having copyright information centrally available per package in
d/copyright is definitly a usefull service, is providing the *years*
really a service worth providing?

personally I don't think so: for packages with non-trivial d/copyright,
it's a significant effort to keep the years in sync with the upstream
sources.

(and I doubt that all our source packages have accurate d/copyright,
even less so when it comes to the year-information.)

> and it is a slight disservice to omit information that upstream put effort 
> into tracking
> and publishing.

If years would be omited in d/copyright, it's not that the information
is hidden/nowhere else.

Also if I would want to know the copyright information of a certain
file, I'd check d/copyright for a first glance, but then always check
the individual source file, even if it's just to be sure/double check.

I don't think that the "niche" use-case of wanting to know the
year-information (everything else should be in d/copyright anyway) is
worth the (continued) maintenance costs in d/copyright.

Regards,
Daniel

Re: Yearless copyrights: what do people think?

[Peter Pentchev]

On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:
> Quoting Peter Pentchev (2023-02-22 10:49:30)
> > So I've seen this idea floating around in the past couple of years
> > (and in some places even earlier), but I started doing it for
> > the couple of pieces of software that I am upstream for after reading
> > Daniel Stenberg's blog entry:
> >   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
> > 
> > And then, a couple of weeks ago, I quietly checked whether
> > the Debian FTP team would be okay with that by uploading two NEW
> > packages without any years mentioned in the debian/copyright file:
> > either upstream or for my Debian packaging. And, lo and behold,
> > they were both accepted (python-parse-stages and python-test-stages).
> > 
> > So how do people feel about this in general, would it be okay for
> > me to start doing it:
> > a) for other packages that I maintain personally, outside any team
> > b) for team-maintained packages (I guess this one might be a per-team
> >decision, discussed separately on the appropriate lists)
> > 
> > (obviously, I'm not asking for permission or anything; apparently
> >  at least one member of the FTP team is okay with me doing it at
> >  least for some packages. This is more of a "float the idea, see
> >  what people think about doing this more widely, not just me")
[snip useful information]
> As a redistributor I find it a good practice to include most possible
> copyright and licensing information provided by upstream authors,
> exactly because we are doing a service for our users, and it is a slight
> disservice to omit information that upstream put effort into tracking
> and publishing.

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*. And, of course,
if upstream does not specify any copyright years, we cannot invent
any out of thin air. So I guess my question was mainly what people
think about dropping the years in the debian/* copyright notice
(packaging files, patches, etc).

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature

Re: Yearless copyrights: what do people think?

[Marco d'Itri]

On Feb 22, Peter Pentchev  wrote:

> So I've seen this idea floating around in the past couple of years
> (and in some places even earlier), but I started doing it for
> the couple of pieces of software that I am upstream for after reading
> Daniel Stenberg's blog entry:
>   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
Good idea, I planned to do it myself too in the future.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Re: Yearless copyrights: what do people think?

[Jonas Smedegaard]

Quoting Peter Pentchev (2023-02-22 10:49:30)
> So I've seen this idea floating around in the past couple of years
> (and in some places even earlier), but I started doing it for
> the couple of pieces of software that I am upstream for after reading
> Daniel Stenberg's blog entry:
>   https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/
> 
> And then, a couple of weeks ago, I quietly checked whether
> the Debian FTP team would be okay with that by uploading two NEW
> packages without any years mentioned in the debian/copyright file:
> either upstream or for my Debian packaging. And, lo and behold,
> they were both accepted (python-parse-stages and python-test-stages).
> 
> So how do people feel about this in general, would it be okay for
> me to start doing it:
> a) for other packages that I maintain personally, outside any team
> b) for team-maintained packages (I guess this one might be a per-team
>decision, discussed separately on the appropriate lists)
> 
> (obviously, I'm not asking for permission or anything; apparently
>  at least one member of the FTP team is okay with me doing it at
>  least for some packages. This is more of a "float the idea, see
>  what people think about doing this more widely, not just me")

Copyright statements are legally optional (for all juristiction
acknowledging the Bern-convention - which USA does since 1989 and
western european countries did since many years prior).

Reason authors include copyright statements anyway is, as I see it, as a
courtesy for others - i.e. signal who claims ownership in the work.

As an author, you are free to not say anything (which means anyone
wanting e.g. change or redistribute the work will have a hard time
validating if some licensing statement granting such permission is
legally valid, because only rights holders can grant others rights.

Makes sense to me that ftpmaster approves redistribution of works where
the author reveal who claims copyright but omits *when* that copyright
apply: The copyright year is useful to know when a copyright expire and
the work enters the public domain, but since Debian redistribution
already require free licensing which is sufficient even beyond eventual
expiration of copyright.  It is not ideal, however, because our users
might want to e.g. avoid copyleft licensing, and for those it would be
helpful to know at which point in time a certain work would get released
into the public domain and thereby allow more liberal use.

As a redistributor I find it a good practice to include most possible
copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight
disservice to omit information that upstream put effort into tracking
and publishing.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Yearless copyrights: what do people think?

[Peter Pentchev]

Hi,

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
  https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
   decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
 at least one member of the FTP team is okay with me doing it at
 least for some packages. This is more of a "float the idea, see
 what people think about doing this more widely, not just me")

Thanks for reading this far, and keep up the great work!

G'luck,
Peter

-- 
Peter Pentchev  r...@ringlet.net r...@debian.org p...@storpool.com
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13


signature.asc
Description: PGP signature