[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Ubuntu and its "appropriation" of Debian maintainers


I just search Google for me and I found this,


Now, I never signed up to be a maintainer for Ubuntu. I don't understand
why I am part of "people of Ubuntu" or why I am listed as a maintainer
of any package on Ubuntu's website? I know Ubuntu is using my packages
as part of their distribution. I have no problem with that. What I do
have a problem is the use of my name and my resources (time) in
association with Ubuntu *without* my permission.

Well, at least on pages like,


They have "Adam Majer is responsible for this Debian package" with a
link to Debian's QA. This reference I find acceptable, but better
wording would be "Adam Majer is responsible for the Debian version of
this package".

Then I also found,

adamm@mira:/tmp$ gpg --verify mysql-query-browser_1.1.4-1ubuntu2.dsc
gpg: Signature made Tue 19 Apr 2005 10:06:56 AM CDT using DSA key ID
gpg: please do a --check-trustdb
gpg: Good signature from "sh@linux-server.org <sh@linux-server.org>"
gpg:                 aka "shermann <sh@sourcecode.de>"
gpg:                 aka "Stephan Hermann <sh@sourcecode.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
Primary key fingerprint: 3D8B 5138 0852 DA7A B83F  DCCB C189 E733 C098 EFA8

This package was modified from the Debian package (probably as simple as
just rebuilding the automake files because they were quite old). I don't
understand how I could remain as the maintainer of such a package. It is
my belief that if the source code is changed, then the Maintainer field
should be changed as well.

In Debian we do this all the time (NMUs), but Ubuntu is not Debian and
the upload was not to Debian. If there are problems with the Ubuntu
package I cannot fix it yet the problem will be attributed to me (as I'm
the "maintainer").

Anyway, the bottom line is,
    1. I'm a Debian Developer and chose to be associated with Debian
    2. I have not chosen or gave permission to be associated with
modified/unmodified packages of other distributions (that may or may not
derive from Debian).

What do other DDs think about this problem (or is it even a problem?)?
Personally, I believe Ubuntu must either change the Maintainer field of
all packages such that it points to Ubuntu Developers *or* get
permission to keep the Maintainer field as is from the Debian package

- Adam

PS. This is not a troll against Ubuntu.

PPS. This is not like writing software where the author has a copyright
on the source code and have it displayed. There is a fundamental
difference between "copyright holder" and "maintainer", so please don't
confuse the two.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: