Frank Küster wrote: > Hi, > > in particular, tetex-base has a woeful copyright file (#218105), and > while I'm trying to resolve this, I came across the fact that some of > the Debian-specific code (maintainer scripts, templates,...) does > not have a license statement. The maintainer scripts don't even have a > proper copyright statement, i.e. one has to guess from debian/changelog > who has contributed what. That's no good. Tetex-base is one of the most infamously bad cases, of course.
> More generally, I found out that this is the case for many packages > (just a random pick: emacs21{-common}, kdebase-bin, scigraphica) have > the same deficiencies. An example for a "good" package is the xfree > Packages; furthermore, in xfree86-common/copyright, the copyright for > all Debian-specific contributions is assigned to SPI. > > Therefore, I would like to raise some questions. If they have been > discussed before, please give me a pointer. > > 1. Shouldn't we add a note to the Policy (or the Developer's Reference) > that there should be a license statement for the Debian-specific > parts in debian/copyright? I think we should, and it should be a > "must" directive post-sarge. Yes. However, normally, the Debian-specific parts should be licensed under the same license as the rest of the package, in which case little additional information is required in debian/copyright -- just the copyright statements of the creators of the Debian-specific parts, added to the list of copyright holders granting the license. > 2. Should we encourage maintainers and contributors to assign the > copyright to SPI, as the x people did? That has to be done in hard copy on signed documents in the US, unless I'm very much mistaken. It's probably not worth encouraging people to do that. :-P > 3. Is there any advice on whether to put the debian-specific part under > the same license as the upstream work, or whether this does not > matter? If the debian-specific parts might get integrated upstream (patches, for instance), it's certainly advisable to put them under the same license. If they won't, I guess it doesn't *really* matter; it's still important that the license be appropriately compatible, though. > 4. How should we proceed with old contributions? Especially if > maintainers have frequently changed, or complex patches from the BTS > have been applied, it might be hard to find out all the copyright > holders. > > I think one can assume that anybody contributing code [1] to a Debian > package is willing to put it under a DFSG-free license, but one > cannot guess at all which license this should be. Therefore a > transition strategy could be made that would allow old code with > unknown or unreachable authors in the package if it is marked a such, > but require a rewrite if substantial changes have to be made anyway. I would generally assume the following: * if the authors are listed in debian/copyright as holding a copyright in part of the work, and granting the appropriate license, everything is fine. * if they're listed somewhere else as doing so, that needs to be in debian/copyright. * if the work is in the public domain, a statement to that effect in debian/copyright is needed. * otherwise, the code is not licensed and should be taken out as soon as a reasonable replacement can be made -- There are none so blind as those who will not see.