Re: Can I have a package with no real name of upstream maintainer?
On Wed, Sep 29, 1999 at 04:32:08PM +0100, Philip Hands wrote:
> Thomas Schoepf <firstname.lastname@example.org> writes:
> > On Wed, Sep 29, 1999 at 12:18:01PM +0200, Christian Surchi wrote:
> > > I'm packaging tkpgp, from munitions.vipul.net archive. The
> > > upstream maintainer doesn't want reveal his real name and wants only
> > > "tftp" as name and an email address. The package is release under
> > > GPL. Is this possible?
> > The upstream author seems to be a bit strange (or paranoid) but
> > technically/legally that's no reason to not include the software.
> This should probably be looked at be the debian-legal folks, but it
> strikes me that putting the GPL on something, without having a real
> copyright holder, either means that nobody has been granted permission
> to distribute it, or that the GPL conditions could never be enforced
> (since there is no author to sue people that infringe against the GPL)
There is an author, who goes by the name of "tftp". At least in the US,
it's entirely legal for tftp to go by any name he wants for whatever
purpose, as long as he's not out to defraud anyone. Do you think you
could have made copies of "Primary Colors", just because the author
went by Anonymous? Or that the publisher couldn't make copies, because
they didn't know his real name (assuming they didn't)?
> If of course Christian doesn't know who he is either, then I think
> we'd have to be rather suspicious of this person, since this might
> enable him to anonymously introduce Trojans into Debian, which would
> be bad. If Christian is willing to put his reputation on the line,
> then fair enough, but I'd hope that he reads the code very carefully
> when new upstream versions are released.
I think you're being really paranoid here. Anyone who really wanted
to sneak trojans into Debian would go by a name, e.g. Phillip Hands,
which no one would know wasn't real until everything was over.
David Starner - email@example.com