Joost van =?utf-8?Q?Baal-Ili=C4=87?= <[email protected]> writes: >> I've taken a look at this package as found at >> https://salsa.debian.org/debian/publicfile/-/tree/debian/0.52-13?ref_type=tags >> and wanted to share my thoughts on it with you: >> >> >> nothing in the source code contains any copyright statement. I do see >> that https://cr.yp.to/distributors.html places publicfile 0.5.2 with the >> sha256 checksum >> 3f9fcf737bfe48910812cc357a31bf1f2e3da2490dbd175ce535830f251c08ef into >> the public domain, and I wish that was clearly visible in the tarball. > > That would've been better indeed. Otoh I guess we can live with the current > situation, and I'd feel embarrased to ask the author to release a new tarball > after all these years...
I wonder why "after all these years" nobody stepped up and decided to continue development? Surely, we all want well-maintained software that keeps up with the many changes in requirements and infrastructure modernizations these days, no? >> In debian/copyright, I see a statement to debian/patches/errno.patch >> that attributes the copyright to [email protected]. I see two issues with that: >> a) you cannot assign a copyright to an email address. It needs to be a >> person or similar b) the comment below then claims that this patch >> wasn't subject to copyright law. That's a bold statement and unlikely to >> be true given how many jurisdictions we have on this planet. >> >> Please ask the original author(s) of the patch about the licensing >> terms, and suggest public domain. Do copy their response in >> debian/copyright as appropriate. > > The patch contains of 3 lines of code, of which 2 are the same. I believe one > could make a good point argueing the patch is so small it isn't copyrightable? > That's what I was trying to do in d/copyright. With > > Copyright: 2002 [email protected] > > I was trying to express the contact info for the patch is [email protected], and it > was > published in 2002. I understand what you are trying to do, I'm concerned that the wording of the debian/copyright file as it is right now can be misconstrued and become a problem for Debian in the future. >> I would recommend to REJECT this package until the licencing terms of >> the patches are clarified. > > Actually, the situation with debian/patches/filetype.patch is tricky. > I am considering contacting the author of that one (with me luck...) > See d/copyright and d/changelog for details. > >> On a personal note? Do you expect further updates and releases of >> publicfile? How frequently do you expect them to happen, and what >> licensing terms do you expect them to be placed on? > > No, I don't expect any further upstream updates. I plan to keep > adjusting the software so that it keeps running fine on Debian. Have you considered just declaring yourself as the new upstream, and relicense the 0.5.2 version under a proper license, such as BSD or Expat? (If upstream were active, one could call that a "fork", not sure that'd be an accurate depiction here). I honestly think that would be so much clearer from a license review standpoint, and also for you as prospective maintainer. My main concern right now with those patches is that their license is very unclear. As (new) upstream author, I would not accept them as is, but ask contributors to be explicit about the redistribution terms. For the Debian project, I would find such a "forked" package much more valuable as it avoids unclear licensing terms, and conveys a strong message around commitment on the package. What do you think? -rt
