Quoting Thomas Goirand (2017-12-24 11:28:06) > This is a very interesting discussion, it's IMO important to have it. > On 12/23/2017 02:45 AM, Jonas Smedegaard wrote: >>> The only thing we really need is to make sure about the license of >>> the software. Having a copyright holder name is only *helping* to >>> make sure that we are indeed, in the case of the claimed license >>> (ie: we can hold $name as responsible for a false claim of such a >>> license). But, considering this, the copyright holder name isn't >>> mandatory to distribute said software (unless the license mandates >>> listing the authors or copyright holders). >>> >>> If the above isn't logic, please explain why. >> >> You seem to argue that names of copyright holders are optional >> because they are optional. > > All I'm saying, is that copyright holder information / author list is > mandatory if the license mandates it. The case of an anonymous author > shows we've accepted software in Debian without a copyright holder. No, it only shows we accept software without *name* of the *author*. We still require *knowledge* of the *copyright holder*. Preferably explicit knowledge - copyright statement copied verbatim from upstream source. But alternatively we tolerate some degree of indirect knowledge - e.g. an email conversation copied verbatim and accompagnied by a statement from the package maintainer of the origin of that email, or a statement from the package maintainer that copyright holder is assumed to be same as author is assumed to be same as git committer was extracted from some external Github URL. These statements are all different: a) "name of copyright holder as used by governments is unknown" b) "name of copyright holder is unknown" c) "copyright holder is unknown" d) "name of author as used by governments is unknown" e) "name of author is unknown" f) "author is unknown" a-c is about copyright holder, d-f is about author. a+d is about pseudonymity, b+e is about name-less identity (other identifiers than name are known). c+f is about anonymity. If a software project releases a tarball with the file LICENSE.txt in the root directory containing the GPL v3, but without any copyright statements anywhere, cannot reliably be asumed to be licensed as GPL-3. Such tarball only says "Here is some code, and those making the tarball found it relevant to include a particular license file too". We prefer someone saying "I am in control, and with that power I grant the rights described in that license document over there". We tolerate a package maintainer saying "I believe $FOO is in control, and with that power $FOO grants the rights described in that license document over there". We do not tolerate a package maintainer saying "I believe someone grants the rights described in that license document over there". >> What we need is not only license. From Debian Policy § 12.5: >> >>> Every package must be accompanied by a verbatim copy of its >>> copyright information and distribution license in the file >>> /usr/share/doc/package/copyright. >> >> We also need copyright information. > > I failed to see the part where the Debian Policy § 12.5 mandates a > copyright holder list. I interpret "copyright information" to mean either "noone claims to hold copyright" or "this or these entities claim to hold copyright". In other words, a (possibly empty) list of copyright holders. How do you interpret "copyright information" differently? > All it mention is "copyright information" which is more vague than a > copyright holder list + license text. Either way (yours or mine), this > needs clarifying in the policy. Such clarification would help a lot to > ask upstream to follow a (clearer) policy, which so far I of course > failed to request because it's a blurred area (see what Jeremy wrote > in this thread). > >> Reason we need copyright information, is because only a license granted >> by the copyright holders is of use to us. > > I still don't understand why. I understand why it's a re-assurance > that the shipped license is correct, but I don't see why otherwise. Software is Free by *use* of some license, not by existence of license. Copyright holder need to *grant* said license, so copyright information is crucial for license to be relevant to our (re)distribution of code. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature