[legal-discuss] [Fwd: [openstack-dev] Call for a clear COPYRIGHT-HOLDERS file in all OpenStack projects (and [trove] python-troveclient_0.1.4-1_amd64.changes REJECTED)]

Thierry Carrez thierry at openstack.org
Tue Oct 22 09:37:53 UTC 2013

Richard Fontana wrote:
> I took a look at some Debian 'copyright' files for ASF projects, which
> are somewhat similar to OpenStack legally. I can only conclude that
> either the FTP master in question here is misinterpreting the Debian
> project's guidelines, or that OpenStack is being held to a stricter
> standard than other multiple-copyright-holder projects packaged in
> Debian. (There seemed to be a hint in the thread on openstack-dev that
> this might be intentionally so, because OpenStack is 'new'?)

The FTP masters are the gatekeepers for new packages. They basically
check that the new package is well-packaged and obeys the DFSG. Part of
those checks include the presence in the packaging of a comprehensive
debian/copyright file, which lists the licenses and copyright holders.
This file facilitates the DFSG-compliance analysis the FTP Masters have
to go through.

The trick is, once a package has been accepted, it never goes through
the FTP masters checks again. It belongs to its maintainer. And while
the licenses are (sometimes) kept up-to-date, the copyright holders list
goes stale about 5 minutes after package upload.

This is why the whole thing isn't rooted in any legal or social contract
requirement. If it was, it would be kept up to date. It's a process
artifact, which survived only because a small of the process still goes
through people that enforce it.

So Monty is right, it doesn't have to be "accurate", it just has to
reflect what the project asserts at the precise moment the package is
proposed for Debian upload, so that a cargo-culted process checkbox can
be ticked.

Thierry Carrez (ttx)

More information about the legal-discuss mailing list