ti, 2007-09-25 kello 17:07 +1000, Ben Finney kirjoitti: > Lars Wirzenius <[EMAIL PROTECTED]> writes: > > > If they distribute their work without an e-mail address attached, > > should the Debian packager go dig one up? > > > > If they distribute their work with the attached e-mail address > > obfuscated in some way, should the Debian packager un-obfuscate it? > > I'm of the opinion that a copyright statement for the work in a Debian > package should include valid contact details, preferably an email > address, for the work's primary copyright holders at the time the work > was packaged.
There are other kinds of contact details than syntactically valid e-mail addresses. I was asking, specifically, whether an e-mail address should be required, in your opinion, and whether Debian should un-obfuscate it if upstream obfuscates it. > To knowingly accept packages without that is to knowingly accept a > copyright statement that is unverifiable to third parties, purely in > the interest of someone who wants to hold copyright but not give a > valid email address. I think that's an unacceptable risk for Debian to > take. Having a string in debian/copyright that looks like a valid e-mail address does not mean that Debian has verified that whoever claims the copyright actually has the copyright. If you want to talk risk management, I think it's silly to stop at a valid-looking e-mail address, and not do things like verify that the person exists, and looking around the net for things that look similar to the work being packaged. At least. You never know, they might have copied some or all of the stuff from someone else, and merely put their own name (and e-mail address) on top of it. In any case, un-obfuscating an e-mail address when putting it into debian/copyright is in no way required to verify copyright statements. -- Maailma olisi parempi paikka, jos kaikilla olisi häntä kertomassa mitä kuuluu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
