Open Stack

Excerpts from Robert Collins's message of 2013-10-20 02:25:43 -0700:
> On 20 October 2013 02:35, Monty Taylor <mordred at inaugust.com> wrote:
> 
> > However, even as a strong supporter of accurate license headers, I would
> > like to know more about the FTP masters issue. I dialog with them, as
> > folks who deal with this issue and its repercutions WAY more than any of
> > us might be really nice.
> 
> Debian takes it's responsibilities under copyright law very seriously.
> The integrity of the debian/copyright metadata is checked on the first
> upload for a package (and basically not thereafter, which is either
> convenient or pragmatic or a massive hole in rigour depending on your
> point of view. The goal is to ensure that a) the package is in the
> right repository in Debian (main vs nonfree) and b) that Debian can
> redistribute it and c) that downstreams of Debian who decide to use
> the package can confidently do so. Files with differing redistribution
> licenses that aren't captured in debian/copyright are an issue for c);
> files with different authors and the same redistribution licence
> aren't a problem for a/b/c *but* the rules the FTP masters enforce
> don't make that discrimination: the debian/copyright file needs to be
> a concordance of both copyright holders and copyright license.
> 
> Personally, I think it should really only be a concordance of
> copyright licenses, and the holders shouldn't be mentioned, but thats
> not the current project view.
> 

The benefit to this is that by at least hunting down project leadership
and getting an assertion and information about the copyright holder
situation, a maintainer tends to improve clarity upstream. Often things
that are going into NEW are, themselves, new to the world, and often
those projects have not done the due diligence to state their license
and take stock of their copyright owners. I think that is one reason
the process survives despite perhaps going further than is necessary to
maintain Debian's social contract integrity.

I think OpenStack has taken enough care to ensure works are attributable
to their submitters that Debian should have a means to accept that
this project is indeed licensed as such. Perhaps a statement detailing
the process OpenStack uses to ensure this can be drafted and included
in each repository. It is not all that dissimilar to what MySQL did by
stating the OpenSource linking exception for libmysqlclient's
GPL license explicitly in a file that is now included with the tarballs.