Re: Copyright and License Guidelines
Jonathan Yu <email@example.com> writes:
> Technically, a copyright statement is not actually a *must*, only
> licensing is. However, I worded that harshly because I want to be strict
> -- moving forward, we need to have somewhere we can point authors to
> tell them that we *certainly* must have copyright information. Here's
> Without an explicit copyright statement, the burden is on the packager
> to determine the appropriate copyright. Who holds the copyright, you
> ask? Whoever has worked on the package, submitted code, etc. It may be
> difficult or impossible to determine who has contributed, particularly
> for team-maintained packages or where authors accept patches (without a
> CLA as mentioned).
I don't see any reason why the packager should care about any of that.
We're already assuming that the upstream author hasn't incorporated any
code with an incompatible license, or against the wishes of the actual
copyright owner, and whether or not they have explicit copyright
statements in the code doesn't really change that. Regardless, we're
trusting the upstream author in their statement that they are authorized
to release the code under the license they put on it.
All that Debian legally cares about is the license. The copyright
statements are meaningless to Debian from a legal perspective except
insofar as they're required to comply with the license. Now, they *are*
required to comply with the terms of the GPL provided that the upstream
author has put them into their work, but if the upstream author has not
done that, I think it's a stretch to say that Debian could possibly be
infringing by redistributing without non-existent notices. That would be
one of the most minor ways in which the Perl community tends to play fast
and loose with the exact requirements of the GPL and Artistic licenses,
and I don't think it's really conceivably our problem.
> If you start a project, and I submit a patch to that project, in the
> absence of a copyright statement and a CLA, it can be assumed that I
> retain copyright on my work (that is, the patch I submitted to you).
> Now I hold partial copyright to the project (the parts that I
> contributed). You are no longer free to relicense things (as you would
> have been able to do before, since you had the agreement of all
> copyright owners -- that is, yourself :-)
Many of us consider this a feature. And regardless, I don't see any
reason why Debian should care. We're not going to relicense the work, nor
are we going to ask upstream to relicense the work in the normal case.
This stuff only matters in the case of a dispute, unless we're infringing
the terms of some license, and in the case of a dispute so much other
stuff matters that we aren't documenting, can't document, and can't even
know that insisting on having a copyright statement somewhere is not going
to change the situation in the slightest.
The only function of the explicit copyright statement under US law (and I
believe this is mostly the same among signatories of the Berne Convention)
is to change some of the parameters of a lawsuit for copyright
infringement (you can ask for additional damages for knowing infringement,
basically). It doesn't change the terms of a license, and it's strictly
optional on the part of the copyright holder. See:
among many other sites. I don't have the links readily available for
non-US law, but from what I've heard it's substantially similar, with the
note that many countries have a right that the US doesn't have for an
author to be identified as the creator of their work (which Debian meets
in many other ways).
I would not worry in the slightest about upstream code without an explicit
copyright statement. If is no explicit copyright statement but there is
an author and are publication dates in the work, such as in NEWS files,
I'd put a copyright notice for upstream into debian/copyright with those
dates purely as a documentation effort; otherwise, I really wouldn't worry
about it. The license is the important part. Clearly if upstream *has* a
copyright notice, we need to maintain it to satisfy licensing
requirements, but that's really the limit of where I think we have to
> There are probably other implications I am not aware of. I disagree with
> Damyan on a philosophical note and do not believe the Contributor
> License Agreements are a bad thing.
I'm with Damyan on this.
> And we cannot have confidence in copyright without upstream giving us
> the details. At the very least, if copyright information is incorrect,
> then upstream will be liable -- not us.
Copyright statements have precisely zero impact on any sort of legal
liability that Debian would need to be concerned with.
Putting my upstream hat on, I incorporate patches from people all the time
and thank them somewhere, normally in NEWS. I basically never add
copyright statements for the contributors. I only do that if they make
very substantial contributions (whole new source files, for instance), or
if their patch itself includes a copyright statement.
If a distribution told me I had to include complete copyright statements
for every contribution for them to include my software, I'd point them at
the law and tell them that there's no reason to go to that effort. If
they insisted, I'd ignore them. It's not worth my time. (As a Debian
Developer, were that distribution Debian, I'd instead propose a GR to
overturn such a policy, but I don't believe it actually *is* Debian's
policy, just the misunderstanding of some well-meaning packagers.)
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>