Re: Sorry, no more RC bugs for non-free data in main (was: Bug#385115: chromium-data: Unclear license for some files)
On 8/30/06, Steve Langasek <firstname.lastname@example.org> wrote:
... you've correctly pointed
out that at least one of the sound files in this package appears to be
copyrighted and distributed without a license, and that's a bug that should
be fixed. [...] However, even if
we find some improperly licensed files in the package, it's not reasonable
to require a full license audit of the package as a condition for releasing,
because the vast majority of packages in Debian have no more guarantee of
license correctness than this one does.
I don't know what the current policy is for Debian, but finding a
copyright violation in a debian package is something I think we all
take pretty seriously.
If we discover that a sound file in a package is mislicensed (and not
legal to distribute), it seems prudent to try to confirm that the rest
of the files in that package are being distributed under the
appropriate license according to the copyright holder(s). If one file
was mislicensed, it is possible that multiple files in that package
have been mislicensed.
Doing this digging or 'auditing' shouldn't be that hard if there are
proper copyright notices on all of the files in the package (if there
are not proper copyright notices on the files, then I assume we would
not upload it!). If at some point we realize that one or more files
are not properly licensed, then that means that somewhere *upstream*
someone did not put the correct license on some of the files, and we
cannot implicitly trust the stated license from that source. At that
point we have a responsibility to determine if we can legally
distribute the package (or that part of the package).
Our goal here is to distribute FOSS. Removing files and packages for
which we do not have an open license is not only the right thing to do
*legally*, it's the right thing to do *ethically*.