Simon Richter <sjr@debian.org> writes: > Hi, > > On 11/18/21 4:08 PM, Stephan Lachnit wrote: > >> I guess this raises the (maybe already answered) question if the >> additional license QA from NEW is for the end-product (i.e. Debian >> stable) or for the servers that run the Debian infrastructure, which >> of course includes experimental. > > The latter. > > The license must allow Debian to redistribute the package. This is > checked very thoroughly on the initial upload, and updates are > expected to keep the same licensing. Whether that expectation still > holds with upstreams who prefer vendor copies over using external > packages is another matter, but in general these packages require more > handholding anyway. I struggle to see how this assumption is reasonable at all, even keeping vendoring upstreams out of the picture. It is hardly uncommon for non-giant projects to re-license themselves one or more times after the initial Debian package has cleared the NEW queue. The larger our archive, and the more time passes, the more packages we can expect to be shipping whose d/copyright's relationship with reality was never checked by the FTP Masters. -- Gard
Attachment:
signature.asc
Description: PGP signature