[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sponsorship requirements and copyright files

Russ Allbery <rra@debian.org> writes:

> Ben Finney <ben+debian@benfinney.id.au> writes:
> 
> > The point is that, since we can predict the need for this
> > information, we have the choice of assuming the information is
> > there when we distribute and never looking for it until the need
> > arises in the face of such a threat, or looking for it in advance
> > of distribution and hence in advance of exposure to that threat. I
> > think it's clear that the latter option is preferable.
> 
> Er, I'm certainly not going to pay any attention who the copyright
> holders are for various files in something I'm packaging. I care
> about the license; why should I care in the slightest whether the
> listed copyright holder is one name or some other name?

The name isn't important, so long as it names a legal entity that you
have reason to believe is a copyright holder in the work.

You seem to be arguing against the distributor confirming whether what
upstream claims to be the set of copyright holders is actually true;
that's not what I'm saying needs to be done.

> > The only alternatives that seems to be on offer are either not
> > checking the copyright information is accurate before
> > distributing,
> 
> I definitely do not check whether the copyright information in
> source files for my packages is accurate before distributing. I
> don't know how I could even do such a thing.

The “check whether the copyright information is accurate” that I
refer to is only checking that what the redistributor *thinks* is the
set of copyright holders matches with what upstream *says* is the set
of copyright holders.

I'm certainly not advocating redistributors must investigate the truth
of every copyright statement. I'm arguing only that a redistributor
has the burden under the law of obtaining a redistribution license
from the copyright holders, and therefore has the burden of knowing
who *are* the copyright holders in order that the license has come
from them.

That information, of course, comes from whoever we call upstream,
which may be the copyright holders themselves, or could be another
redistributor, or could be come more complex set. Those sets *change
over time*. The information of who are the copyright holders *for a
particular release* will often be different from the previous release:
pieces of a work of differing copyright holders are removed or added,
and thus the set of copyright holders in that work changes its
members.

The point being that upstream informs us of who the copyright holders
are; if they don't what reason have we to believe they have right to
redistribute to us? Having received that information, we have a
documented place to record it so it can be verified as a question
answered.


Steve Langasek <vorlon@debian.org> writes:

> Using this format for debian/copyright is *not* the same thing as
> auditing the copyright, it's simply recording what we know about the
> copyright, which is essentially "what upstream tells us".

I hope it's clear that I agree with this entirely.

-- 
 \      “Software patents provide one more means of controlling access |
  `\      to information. They are the tool of choice for the internet |
_o__)                                     highwayman.” —Anthony Taylor |
Ben Finney
Reply to: