Re: The purpose of debian-legal
Sam Hartman wrote:
>>>>>> "MJ" == MJ Ray <email@example.com> writes:
> MJ> I will not reply to your grandstanding about our needs, other
> MJ> than to note that the default for unlicensed software is
> MJ> roughly "all rights reserved", so we must get clear
> MJ> permissions.
> We are not a court. We do not pursue licensing rigorously enough that
> we are sure that everything we do will stand up in court.
> It's not clear to me exactly what our purpose is, but I suspect it
> 1) Minimizing the probability that Debian, that or contributers to Debian
> will be involved in legal action arising from Debian's distribution or
> modification of software.
We tend to be *very* conservative about this. Unless we have clarification
from the copyright holder, we tend to assume that a license grants exactly
what it says it does and no more. I think this is the correct way to go
for an organization without a large legal budget.
> 2) Making sure that our users' expectation that all software in Debian
> meets the terms of the DFSG is met. IN particular, our users
> expect than when they read a license in Debian, they will be able
> to find a way to able to find a way to do all the things that the
> DFSG says they will be able to do. They also expect that they will
> not be prohibited from doing things like using software in a particular
> 3) Trying to meet our obligation to the free software community not to
> label things as DFSG free that turn out not to be DFSG free.
Indeed. We also try to be very conservative about this.
In my opinion, if the copyright holder explicitly says "Oh yes, I meant to
grant that permission," then it's OK if it's not actually in the license
immediately -- we can archive the email message until it is. But if we
notice that we don't have the required permission and we don't get an OK
from the copyright holder quickly, then we ought to remove the work.
> For example, in cases where we have found incorrectly licensed code
> such as mplayer, we have been much more strict than we are in cases
> where we believe a project is under a well understood DFSG-free
Yes. In court, "I *thought* I had permission" really can be a defense, so
if we *think* we have permission, we're not too strict, but if we then find
something which makes us think we don't, then we have to be stricter.
> Similarly, when we find we have violated the GPL, we fix the
> violation. However, we do not stop distributing the software until we
> have renegotiated a license with the original author.
We like to assume in many cases that the original author has just made a
'mistake' and intended to license the work in a way Debian can use. This
is often the case. If the original author can't be contacted, or indicates
that he/she does *not* intend to license the work appropriately, we rip it
out as soon as humanly possible. I think that this is probably fast enough
for a court to consider Debian's behavior reasonable.
> This is true
> even though we are aware of a legal argument
> (http://www.gnu.org/press/mysql-affidavit.html ) that says our GPL
> rights are terminated whenever we violate the GPL and that we must
> renegotiate the license. Perhaps this is because we believe we
> understand the law better than the FSF's lawyer. I hope not; rather I
> think we believe that the chance that someone will actually take legal
> action against us is very low
If we contact the copyright holder and ask for permission, and get a
response -- then we think the risk that they will sue us before the
discussion is over, or without giving us a warning and a chance to remove
the affected work, is very low. And even if they did, we would at least be
able to say "We thought we had a license, then we found that we didn't, so
we asked if he really *meant* to give us a license, and as soon as he said
no (or, after we didn't hear from him for a while), we removed it." Which
is at least somewhat of a defense in a court. And it would leave the
person suing over something Debian had already fixed, which is not a bad
position for Debian to be in.
> and that since the risk is acceptable,
> our users' needs are better served by our current approach.
There are none so blind as those who will not see.