Re: License violations for dependencies of Rust and Go programs?

[Sam Hartman <hartmans@debian.org>]

>>>>> "Mihai" == Mihai Moldovan <ionic@ionic.de> writes:

    Mihai> In this case, we're "just" talking about missing notices for
    Mihai> dependencies that are pulled in, which might not be nice, but
    Mihai> also, realistically, nobody would really care about or try to
    Mihai> enforce it (unless somebody has malicious intent, which
    Mihai> indeed did happen in the past).

I agree with your overall conclusion that in practice we are unlikely to
have significant legal liability or cause significant damages here.

However, I disagree on one point.  You imply that you believe anyone
complaining about a violation here would be malicious.

One of my former house mates was part of a BSD-licensed free software
project  related to a new technology.
That project cared a lot about having their code acknowledged in
supporting documentation, because they were trying to demonstrate wide
adoption of their technology.
It significantly impacted their ability to raise money  and impacted
their satisfaction with their work to be able to demonstrate all the
wide variety of products that incorporated their technology.

I don't think they sued (or would consider doing that) when not
credited, but it did do emotional and possibly economic harm to them
when dependencies did not credit them.

If someone like that came to Debian and asked us to do a better job of
crediting them, I would not consider that malicious at all.