On 26.03.20 19:57, Andrej Shadura wrote: > An example: commercial users. They need to know *exactly* what they > are running and under which licenses.
The only way to know that is by performing your own due diligence. > They are often bound by regulations with heavy fines for violating > them, and not only fines, but a threat of your product being banned, > and that often means they want only specific licenses in their > products. There is no way whatsoever that a regulator, or a court, will accept checking a single third-party file (debian/copyright), created by an unpaid volunteer one has never even met, much less have a business relation with, as proper due diligence in a copyright infringement case. [Well, technically, you could use your own lawyer to perform the due diligence and have them submit any necessary changes to the BTS, but I think it's safe to assume that that is a theoretical example.] Don't get me wrong, debian/copyright is certainly useful in general, but the only value in a legal conflict I can see is for Debian, namely to demonstrate our own compliance when distributing binaries (see Scott's and Sean's replies).