Hi Otto, At 2024-03-30T14:09:46-0700, Otto Kekäläinen wrote: > While reviewing xz-utils commits I noticed that a bunch of old > copyright holder names were removed in > https://salsa.debian.org/debian/xz-utils/-/commit/d1b67558cbc06c449a0ae7b7c1694e277aef4a78. > > Is this OK to do so?
My opinion is that, _apart from copyright concerns_, an author's attribution should be removed only if that author's contribution has been completely removed from the file/work in question. This is largely a matter of professional integrity and of avoiding plagiarism. https://invisible-island.net/personal/copywrongs.html If someone has rewritten an author's contribution such that none of the author's "original expression" (a manifestation of human creativity) remains in the file/work, then it is okay to remove their attribution and/or copyright notice, and is arguably misleading if you _don't_ remove it. The untruthful placement or removal of a copyright notices can be a criminal act in the U.S.[1], but I've never heard of a situation where someone got into trouble for lazily retaining a notice that was once applicable to a work, but no longer. This statute _does_ require "fraudulent intent", as an element of the crime, a prosecutor is required to prove it beyond a reasonable doubt to the trier of fact.[2][3] Still, candor is a virtue, and, in principle, a false (or no longer true) claim of copyright could cause problems for an author incorrectly credited, in the event of some sort of criminal or civil liability attaching to the work. The xz backdoor and the mysterious identity of its perpetrator(s) should underscore this concern. > Having source code in the public domain means that there is no > copyright, so no attribution required either? That's true, but world governments have had great trouble saying "no" to copyright rentiers for the past century or more, so it can be wise to retain a public domain dedication notice with the author's name and the year. > But if copyright attribution is done, each name should have a year > next to it at least, right? Yes, because in theory, software will one day _age_ into the public domain. Perhaps infants born today will live to see it happen. > Is it so that the debian/copyright file is reviewed by ftp-masters > only for packages in NEW queue, and there is probably no automation in > place to flag subsequent copyright changes for re-review? That was my understanding 20 years ago; I can't competently speak to the status quo. Regards, Branden [1] https://www.justice.gov/archives/jm/criminal-resource-manual-1855-protection-copyright-notices-17-usc-506c-and-506d [2] In practice, over-assertion of copyright would seem to be little policed; it is common practice for book publishers in the U.S. to assert flatly impossible copyright notices, asserting a date that hasn't happened yet. My anecdotal impression is that over the past 20 years, the month in which one can observe copyright notices dated in the next calendar year has crept steadily backward. [3] Of course, most criminal prosecutions in the United States never proceed to the trial stage,[4] so if you're ever sitting across a table from a U.S. Attorney, the gap between what is asserted and what can be proved can be huge. [4] https://www.pewresearch.org/short-reads/2023/06/14/fewer-than-1-of-defendants-in-federal-criminal-cases-were-acquitted-in-2022/
signature.asc
Description: PGP signature
