Hi! While reviewing xz-utils commits I noticed that a bunch of old copyright holder names were removed in https://salsa.debian.org/debian/xz-utils/-/commit/d1b67558cbc06c449a0ae7b7c1694e277aef4a78.
Is this OK to do so? Having source code in the public domain means that there is no copyright, so no attribution required either? But if copyright attribution is done, each name should have a year next to it at least, right? Is it so that the debian/copyright file is reviewed by ftp-masters only for packages in NEW queue, and there is probably no automation in place to flag subsequent copyright changes for re-review? Pondering off-topic: I don't expect ftp-masters to have bandwidth to do manually anything more, so I am specifically keen to understand what automation is in place. Some improvements can be done in Salsa-CI for things that the maintainer is likely to be interested in fixing themselves (e.g. [1], [2]) but the most critical checks for copyright changes and supply-chain changes related to who is the uploader or what is the upstream homepage/repository address could perhaps have some mechanism at ftp-level that requires review/sign-off by additional Debian Developers, perhaps via a new review tool. - Otto [1] https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/342 (missing git tags after upload) [2] https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/343 (misconfigured upstream git branches)
