Re: Can I have a package with no real name of upstream maintainer?
Thomas Schoepf <schoepf@informatik.tu-muenchen.de> writes:
> [1 <text/plain; us-ascii (quoted-printable)>]
> On Wed, Sep 29, 1999 at 12:18:01PM +0200, Christian Surchi wrote:
> > I'm packaging tkpgp, from munitions.vipul.net archive. The
> > upstream maintainer doesn't want reveal his real name and wants only
> > "tftp" as name and an email address. The package is release under
> > GPL. Is this possible?
>
> The upstream author seems to be a bit strange (or paranoid) but
> technically/legally that's no reason to not include the software.
This should probably be looked at be the debian-legal folks, but it
strikes me that putting the GPL on something, without having a real
copyright holder, either means that nobody has been granted permission
to distribute it, or that the GPL conditions could never be enforced
(since there is no author to sue people that infringe against the GPL)
Perhaps this could be handled by getting the author to hand over the
copyright to SPI, but I'd imagine that in order for a transfer of
copyright to be legal, the original copyright holder would have to be
named (even if only on a a piece of paper that the SPI board look
after, without publishing the name).
Maybe Christian could come to a personal arrangement regarding
copyright transfer, if the upstream author trusts him.
If of course Christian doesn't know who he is either, then I think
we'd have to be rather suspicious of this person, since this might
enable him to anonymously introduce Trojans into Debian, which would
be bad. If Christian is willing to put his reputation on the line,
then fair enough, but I'd hope that he reads the code very carefully
when new upstream versions are released.
Cheers, Phil.
Reply to: