Richard Fontana wrote:
I took a look at some Debian 'copyright' files for ASF projects, which are somewhat similar to OpenStack legally. I can only conclude that either the FTP master in question here is misinterpreting the Debian project's guidelines, or that OpenStack is being held to a stricter standard than other multiple-copyright-holder projects packaged in Debian. (There seemed to be a hint in the thread on openstack-dev that this might be intentionally so, because OpenStack is 'new'?)
The FTP masters are the gatekeepers for new packages. They basically check that the new package is well-packaged and obeys the DFSG. Part of those checks include the presence in the packaging of a comprehensive debian/copyright file, which lists the licenses and copyright holders. This file facilitates the DFSG-compliance analysis the FTP Masters have to go through. The trick is, once a package has been accepted, it never goes through the FTP masters checks again. It belongs to its maintainer. And while the licenses are (sometimes) kept up-to-date, the copyright holders list goes stale about 5 minutes after package upload. This is why the whole thing isn't rooted in any legal or social contract requirement. If it was, it would be kept up to date. It's a process artifact, which survived only because a small of the process still goes through people that enforce it. So Monty is right, it doesn't have to be "accurate", it just has to reflect what the project asserts at the precise moment the package is proposed for Debian upload, so that a cargo-culted process checkbox can be ticked. -- Thierry Carrez (ttx)