Re: Sponsorship requirements and copyright files
Ben Finney <ben+debian@benfinney.id.au> writes:
> The point is that, since we can predict the need for this information,
> we have the choice of assuming the information is there when we
> distribute and never looking for it until the need arises in the face of
> such a threat, or looking for it in advance of distribution and hence in
> advance of exposure to that threat. I think it's clear that the latter
> option is preferable.
Er, I'm certainly not going to pay any attention who the copyright holders
are for various files in something I'm packaging. I care about the
license; why should I care in the slightest whether the listed copyright
holder is one name or some other name?
I certainly don't have the resources to verify personally that the person
who is listed as the copyright holder is actually the legal copyright
holder or has the legal right to distribute the work under that license.
In practice, we basically always do simple checks and react to reported
problems and otherwise take upstream at their word.
> On that basis, it would be foolish having *already* checked carefully
> that the copyright status is accurately known to then discard that
> information rather than recording it in a single documented location for
> others to verify.
Why? Seriously, who cares?
Given how rare a legal issue is, I can't imagine ever not going back to
the source and reviewing the source files, no matter how debian/copyright
is maintained. I don't see how accumulated copyright information in
debian/copyright would ever be useful or used in that case.
> The only alternatives that seems to be on offer are either not checking
> the copyright information is accurate before distributing,
I definitely do not check whether the copyright information in source
files for my packages is accurate before distributing. I don't know how I
could even do such a thing.
For example, GNU Backgammon's gtkgame.c file says that it is:
* by Gary Wong <gtw@gnu.org>, 2000, 2001, 2002.
I have absolutely no idea if that is true. I don't, so far as I know,
have any way of checking whether that is true or not. If I copy that
information into debian/copyright, I'm doing so mechanically. I'm not
adding any value to just searching through the source tree for such
strings.
In fact this particular file does not have a valid copyright notice under
US law. I don't see any reason to believe that's a problem (nor do I even
see any reason to bother upstream about it -- such notices are recommended
when applying the GPL, but they're not required under US law and are
largely irrelevant for copyright law). The package as a whole displays a
copyright notice on startup:
Copyright, 1999-2004 by Gary Wong, 2004-2008 GNU Backgammon is the
legal property of its authors.
which is, of course, preserved following the requirements of the GPL.
> Yes. That only leads to the ludicrous, but entirely real, situation that
> we are in: it is incumbent on any distributor of a work to establish
> that they have license to do what they're doing from the copyright
> holders, which necessarily means knowing who *are* the copyright holders
> in the work.
See above. I don't believe that we do that except in a few rare cases,
and I don't believe anyone else who distributes free software does
either. To a first approximation, everyone just takes upstream's word for
it.
> Collecting copyright notices isn't a requirement under copyright law:
> works that are copyright-restricted continue to be so with or without
> the notice. But unless we have the information typically contained in
> such notices, we are operating completely in the dark as to who is
> empowered to restrict distribution or grant it.
I fail to see how collecting strings from the source files leaves us any
less in the dark about whether the claimed authors are legally empowered
to license it.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: