Re: Why do we list individual copyright holders?
Felipe Sateler <fsateler@debian.org> writes:
> I suspect you are setting an impossibly high bar for determining the
> license of a work. We can (and do) rely on upstream telling us the truth
> when they say the work is of a certain license, and that contributions
> from third parties have been accepted under that license.
It's worth noting that most upstreams (particularly non-corporate
upstreams) do not do any legal paperwork with contributors and generally
don't even ask the contributor whether they're okay with distributing the
contribution under the project license. They just do it and rely on the
general assumption that someone submitting patches is okay with this.
I am inclined to agree with the general sentiment that current Debian best
practices are much pickier and more time-consuming than typical licensing
reality upstream.
> If what you say were true, no non-trivial piece of software would be
> distributable. Is your copyright credited on all the packages where you
> have submitted patches? There's plenty of software in the archive where
> there is uncredited copyright, and that is not a problem because the
> contribution was made under a given license.
At least under US copyright law, it's absolutely not required to maintain
a manifest of all copyright holders. Copyright notices are strictly
optional and are mostly relevant in defeating an accidental infringement
defense (or at least that's the traditional legal take I've heard).
However, note that a lot of *licenses* explicitly require *retaining*
copyright notices that are present. (This is not the same thing as
maintaining accurate ones; in fact, a strict reading of most of these
licenses says that you must retain *inaccurate* ones.)
The reality is that the chances of anyone suing over this sort of thing
are incredibly low, so large portions of the industry get away with doing
things that might be technically forbidden under a very strict
interpretation of the licenses because no one cares enough to pursue it.
And because of estoppel, as well as other less-formal ways courts would
take notice of reasonable expectations and common practice, that practice
*does* have some legal weight as well.
This is all kind of a mess, and I think Debian would be well-served by
looking for opportunities to minimize the very real and significant cost
to Debian contributors for doing boring and demotivating paperwork.
That's probably more important, in general terms, than problems that are
strictly theoretical.
The problem with all of these discussions, however, and the reason why I
largely stopped participating in them (particularly with my Policy Editor
hat on), is that the rules for what one actually has to do in Debian to
get a package accepted are a bit confusing and only partly documented, and
the people who set those requirements basically don't participate in these
discussions. As long as the decision-makers aren't participating and we
don't have clear documentation of the rules, even talking about it is
pointless.
I feel like what we really need is a working group that contains members
with the authority to speak for ftpmaster, along with a good cross-section
of interested parties, to get together on a public but separate mailing
list and hash out a concrete proposal for how we think copyright and
license notices should work in the project. Then bring that back to the
project. Otherwise, we're just going to keep having this discussion every
three months or so, and nothing is going to really change.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: