Wookey, On Tuesday, March 5, 2024 2:51:10 AM MST Wookey wrote: > On 2024-03-04 11:19 -0700, Soren Stoutner wrote: > > Alan, > > > > These are good questions. > > > > 1. Yes, there must be a copyright statement. Only the person, people, > > group, or organization that holds the copyright can issue a license for > > other people to use the work. So, you must have someone claiming a > > copyright or they do not have the legal ability to release the work to > > others under the LGPL. > But what requires that to be in the source tarball? Copyright is > intrinsic in the authors, it doesn't require a statement to create > it. Said authors _do_ need to specify a licence (and the LGPL requires > that licence text to be shipped in the source (I think, although I > could only actually find this requirement for a 'Combined work' and in > the FAQ just now)). > > _Debian_ requires a copyright statement (in the copyright file) so we > do need to find out from the project what to put, and a statement in > the source would be a good way to communicate that, but a notice on > the project website or even an email from a representative would also > do the job.
That is correct. There must be a copyright statement or the license information is not legally valid (because only someone who claims copyright can issue a license). However, it doesn’t expressly need to be in the tarball (see below). That part is simply best practice, because it maintain the copyright information if the project is forked or upstream disappears, which otherwise can be difficult to determine if it was only on a website that is now defunct or in an email sent to a Debian developer who is no longer participating in the project. So, there is a distinction between what is the minimum legal requirement and what is best practice. > > My recommendation would be that you communicate to the upstream project that > > they need to include the copyright and licensing information in the root of > > their repository, preferably all in one file, as a minimum requirement for > > you to be willing to package their project in Debian. > > I don't think this is correct. And we should be happy to package > anything which is actually free software. We don't get to impose extra > requirements before we will package something. As pointed out above, there is a distinction between what is the minimum requirement for packaging in Debian and best practice. I carefully worded point 2 in my original email to state that, if **I** were packaging this software, I would communicate with upstream that if they wanted **me** to package their software in Debian, my minimum requirement would be that they explicitly state the copyright information in the source code. Originally I had a point 3, which I deleted before sending the email, explaining that my personal preference for when I would be willing to package software is higher than Debian’s requirement, and that a website notation or email communication of copyright has been used in some packages in the past, but with the downside described above. I took out point 3 because I felt it muddied the waters, but since the point has been brought up, it is worth discussing. > They should put a copy of the LGPL in (in a file called 'COPYING' or > 'LICENCE' by convention) (if this isn't done already). A copyright > notice for the project should _not_ go in the same file (The LGPL > already has one for the LGPL authorship itself, so this is probably > the only file in the distribution which should definitiely _not_ have > the project copyright notice). It should ideally be a header on at least > one source file, (preferably all of them), but could be any README, or > even just a notice on the project website, or an email saying ' I must disagree with you on this point. It is perfectly fine to ship the copyright and the license in two separate files, but it is also perfectly fine to ship them in the same file. I do so in my upstream project linked in a previous email, and Debian does so in debian/copyright. Using a file named LICENSE or COPYING or AUTHORS is fairly standard, but exactly how this is done doesn’t matter as long as both copyright (with years) and license are communicated. -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
