Hi Otto,

At 2024-03-30T14:09:46-0700, Otto Kekäläinen wrote:
> While reviewing xz-utils commits I noticed that a bunch of old
> copyright holder names were removed in
> https://salsa.debian.org/debian/xz-utils/-/commit/d1b67558cbc06c449a0ae7b7c1694e277aef4a78.
> 
> Is this OK to do so?

My opinion is that, _apart from copyright concerns_, an author's
attribution should be removed only if that author's contribution has
been completely removed from the file/work in question.  This is largely
a matter of professional integrity and of avoiding plagiarism.

https://invisible-island.net/personal/copywrongs.html

If someone has rewritten an author's contribution such that none of the
author's "original expression" (a manifestation of human creativity)
remains in the file/work, then it is okay to remove their attribution
and/or copyright notice, and is arguably misleading if you _don't_
remove it.

The untruthful placement or removal of a copyright notices can be a
criminal act in the U.S.[1], but I've never heard of a situation where
someone got into trouble for lazily retaining a notice that was once
applicable to a work, but no longer.  This statute _does_ require
"fraudulent intent", as an element of the crime, a prosecutor is
required to prove it beyond a reasonable doubt to the trier of
fact.[2][3]

Still, candor is a virtue, and, in principle, a false (or no longer
true) claim of copyright could cause problems for an author incorrectly
credited, in the event of some sort of criminal or civil liability
attaching to the work.  The xz backdoor and the mysterious identity of
its perpetrator(s) should underscore this concern.

> Having source code in the public domain means that there is no
> copyright, so no attribution required either?

That's true, but world governments have had great trouble saying "no" to
copyright rentiers for the past century or more, so it can be wise to
retain a public domain dedication notice with the author's name and the
year.

> But if copyright attribution is done, each name should have a year
> next to it at least, right?

Yes, because in theory, software will one day _age_ into the public
domain.  Perhaps infants born today will live to see it happen.

> Is it so that the debian/copyright file is reviewed by ftp-masters
> only for packages in NEW queue, and there is probably no automation in
> place to flag subsequent copyright changes for re-review?

That was my understanding 20 years ago; I can't competently speak to the
status quo.

Regards,
Branden

[1] 
https://www.justice.gov/archives/jm/criminal-resource-manual-1855-protection-copyright-notices-17-usc-506c-and-506d

[2] In practice, over-assertion of copyright would seem to be little
    policed; it is common practice for book publishers in the U.S. to
    assert flatly impossible copyright notices, asserting a date that
    hasn't happened yet.  My anecdotal impression is that over the past
    20 years, the month in which one can observe copyright notices dated
    in the next calendar year has crept steadily backward.

[3] Of course, most criminal prosecutions in the United States never
    proceed to the trial stage,[4] so if you're ever sitting across a
    table from a U.S. Attorney, the gap between what is asserted and
    what can be proved can be huge.

[4] 
https://www.pewresearch.org/short-reads/2023/06/14/fewer-than-1-of-defendants-in-federal-criminal-cases-were-acquitted-in-2022/

Attachment: signature.asc
Description: PGP signature

Reply via email to