> > A software distributed without a license is always presumed to be
> > non-free. I do agree that the license doesn't have to be in the file
> > itself, but then there should at least be a license file in the tarball
> > stating what the license of all the included files is; and if there is a
> > license statement in the file (as it is the case now), it should state
> > all the rights granted to the user. Right now, the header says you're
> > free to distribute these files, and somewhere else one of the copyright
> > holder (in a private email, as far as I can tell) says you can do pretty
> > much whatever you want with those files. I don't think that's an
> > acceptable license grant; it's confusing at best.
>
> It's indeed confusing and not ideal. But if all the permissions were
> properly given then this would be no show-stopper. The problem in this
> example (apart from debian/copyright being incomplete and
> apperently getting some number wrong) is that the mail given is not so
> clear to give this additional permissions and that the author of that
> mail might not be able to give permissions for all the code (due to
> there being multiple authors, as you pointed out).
>
> > There are three contributors (according to debian/copyrigh, not all of
> > them are copyright holders, it's not clear why) listed in aescrypt.c for
> > example, so we'd need a statement from all the copyright holders,
> > preferably somewhere publically accessible. I still think it's way
> > easier to get upstream to fix the license headers.
>
> It's easier for everyone involved except the one who has to explain
> upstream what exactly we want in those files, convince them to add
> that and then repeat those two steps till it is done...