Hi,

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

Thanks for reading this far, and keep up the great work!

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmP15SUACgkQZR7vsCUn 3xN0dBAAkIZKiVNx9ozOUT+zXxnGsjbKx/kClWW8eaxXUCg1rDZ6LSG0uXwa1+qy zeyDEjwHTnC1+BFIlpOqVeUunX6PNT6zZgPtZRyVLdgSR3iJUJ+h0MrDP9u9X9Mj 7/7c7oXZtVnKb0nFr9Qk4IGkJuTOeqDs/6rqOGL7rId88uQ9VH+9JVdAHA1moYVc YJaJpSizNVlNBMe6ibVQ5xHGRDO/6GOLvsErjSYzT+/bVGoGquOuEfvn2sgZrFzd sWDyjEud+lLfzacBOdryJLoDYCigXxAyqO9r2/p9XzIgv7gZUZD3sZ+wudB/Al8P pmLkCv1urKQ5U/wliV6B3Io4vsjrSpgjUCC8b3tziLbnm/nhv++fYZ0u1H9RitnS TJ+SITtv6SD+nP+/ESeW+mkMSEbOezdmIMU94tI537suDcy5W36cEFO7+WN9aeTR 8HSHoiDbsmI9zj0mJi1OxMfGVg4lrGJgOVIFhZ3LrS2HZwSxyfqTipNepRDUPyqp NP/Uw1b0EOGJI8AmliazzLYim4nSryWGcllo7qfhhiZe+By20tSesdJcElKr2iUg WOMeTdEQkzUYu8ZoBQ7EuBwXsweRNe+M1dQ3cbZ/cTsuICoepDt2j9SHtMUH1edv OASF8GJ/u/5yZAbmtAKlbOq9gCvujqN/MUcm/NRdNvLcodmUyDE=
=KUAq
-

Quoting Peter Pentchev (2023-02-22 10:49:30)

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

Copyright statements are legally optional (for all juristiction
acknowledging the Bern-convention - which USA does since 1989 and
western european countries did since many years prior).

Reason authors include copyright statements anyway is, as I see it, as a courtesy for others - i.e. signal who claims ownership in the work.

As an author, you are free to not say anything (which means anyone
wanting e.g. change or redistribute the work will have a hard time
validating if some licensing statement granting such permission is
legally valid, because only rights holders can grant others rights.

Makes sense to me that ftpmaster approves redistribution of works where
the author reveal who claims copyright but omits *when* that copyright
apply: The copyright year is useful to know when a copyright expire and
the work enters the public domain, but since Debian redistribution
already require free licensing which is sufficient even beyond eventual expiration of copyright. It is not ideal, however, because our users
might want to e.g. avoid copyleft licensing, and for those it would be
helpful to know at which point in time a certain work would get released
into the public domain and thereby allow more liberal use.

As a redistributor I find it a good practice to include most possible
copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight disservice to omit information that upstream put effort into tracking
and publishing.


- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

It is also not required to put an author name or any other information,
either. Copyright will still apply.

But it makes it really a lot easier for anyone who wants to re-use the
work or parts of it if they know who to contact. This matters even more
for computer programs than for fiction novels or paintings.

Regards

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/22/23 13:55, Jonas Smedegaard wrote:

As a redistributor I find it a good practice to include most possible copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users

while having copyright information centrally available per package in d/copyright is definitly a usefull service, is providing the *years*
really a service worth providing?

personally I don't think so: for packages with non-trivial d/copyright,
it's a significant effort to keep the years in sync with the upstream
sources.

(and I doubt that all our source packages have accurate d/copyright,
even less so when it comes to the year-information.)

and it is a slight disservice to omit information that upstream put effort into tracking
and publishing.

If years would be omited in d/copyright, it's not that the information
is hidden/nowhere else.

Also if I would want to know the copyright information of a certain
file, I'd check d/copyright for a first glance, but then always check
the individual source file, even if it's just to be sure/double check.

I don't think that the "niche" use-case of wanting to know the
year-information (everything else should be in d/copyright anyway) is
worth the (continued) maintenance costs in d/copyright.

Regards,
Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Feb 22, Peter Pentchev <roam@ringlet.net> wrote:

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

Good idea, I planned to do it myself too in the future.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCY/YWkAAKCRDLPsM64d7X gYKJAQD004Dbpk7ojPtCj162gvnTvj1CBWbwXNIPW1NU+KgqswD+Jastjt3elVh/ vY0xUQW9QlsTcsvPrWfS9xWLV6cCjgk=
=dgxh
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:

Quoting Peter Pentchev (2023-02-22 10:49:30)

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

[snip useful information]

As a redistributor I find it a good practice to include most possible copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight disservice to omit information that upstream put effort into tracking
and publishing.

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*. And, of course,
if upstream does not specify any copyright years, we cannot invent
any out of thin air. So I guess my question was mainly what people
think about dropping the years in the debian/* copyright notice
(packaging files, patches, etc).

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmP2GBMACgkQZR7vsCUn 3xMtYxAAs/+uaQFSKcBBiUzuWgCMR25qu4KnxlMLUjUIgraL1BCQaPvdn0ZNU81V ZLrv0Z7GtJNTSSEzpEN9Vm0mKgR5kr7qZv6ErNMVsFiWxlnXzZ/R5fLkJPZ80kgc PDaK5T4vZzEUfCkZMxKOYqcVLw9LKkWWaqPvfNlEeP0KSi/vrJJuUkzjyO3iVYcz daw7OnArbN7rcKUoJfzvrrvn757GiBhD0ao0HNeigY+tXVAVMLqH5n9d3PoWWn4J n+kA1Yf4z9fFbIJwNnA6jYqH893Rb/9IuLg7C/Z4LWl1ui8is/ysqWT8TGgvjz6o 4Jk/fG8A+9Vmihuu0Tn/1OMbDhzDKsPgEiwQpc3sNNmKTGVKfbOA/Y95cQDyeZyt LOk//3lGNWlEvRUnkGx40Q1ieKH16wrwCQV9w13RLUfF7Hz1fHPdlSZDMbkYGhz4 C/b5FfqzzCEQ00onhTyWpNwoMFmYAi5YF948NNg/PC9qH+y0MYL21+/3F7mbwok9 mOg6nqyCsHSmVmYcUIqphLiM05rTm0n1LODwCRxkdvniegah333Wjb1syg/My7Fb 3bdUBDaV+EaZgfateIG1DAC1Zm3KPGzrx1wBEYBS3SEEe24hZ10U/S/n7XT/4ssZ EYucr4YcpWCOJaqG4/fzQ+MercfBzUOU5I9jIKafo2+JYwuFyWw=
=7Wxy
-

On 2/22/23 14:26, Peter Pentchev wrote:

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*.

I know you didn't mean that, nevertheless, it's imho good idea. I'd be
in favour of dropping them from d/copyright an let people have a look at
the "full sources" for the "year detail"-information.

I recently saw that this has been done in knot-resolver for the "wildcard"-stanza of d/copyright and I like it: https://tracker.debian.org/media/packages/k/knot-resolver/copyright-5.6.0-1

Regards,
Daniel

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On February 22, 2023 9:49:30 AM UTC, Peter Pentchev <roam@ringlet.net> wrote: >Hi,

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

Thanks for reading this far, and keep up the great work!

You may be conflating two separate things here. The job of debian/copyright is to document the copyright and license claims. Although there are exceptional cases, FTP Team doesn't normally review the correctness of the claims (an example of an
exception is a copyright claim that includes the source that the code was copied from before the copyright claim was changed - yes, this happens). I don't think you should assume acceptance of a package without years implies any particular judgement
about if the practice is good or bad.

Scott K
P.S. Please don't turn this into yet another thread about how annoying having to spend time on debian/copyright is. We know.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Peter Pentchev (2023-02-22 14:26:47)

On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:

Quoting Peter Pentchev (2023-02-22 10:49:30)

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

[snip useful information]

As a redistributor I find it a good practice to include most possible copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight disservice to omit information that upstream put effort into tracking
and publishing.

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*. And, of course,
if upstream does not specify any copyright years, we cannot invent
any out of thin air. So I guess my question was mainly what people
think about dropping the years in the debian/* copyright notice
(packaging files, patches, etc).

Your rephrased question seems the same to me - so perhaps I was
unclear...

It is my inderstanding that when copyright years are missing from
upstream source then that is acceptable for Debian redistribution (i.e.
not a surprise to me that ftpmaster approves it).

It is my opinion that when copyright years do exist in upstream source,
then we should list those known-to-us years in debian/copyright (a.k.a.
not omit them a.k.a. not drop them), even though we are legally not
required¹ to do so (for the same reason as upstream above is not legally required to state copyright at all).

- Jonas

¹ Unless some licensing requires listing copyright *years* which from
the top of my head I do not recall having seen, but am too lazy to check
- also because my interest is not to cut corners most possible but to be
as helpful to our users as possible, and copyright years serve a real
(albeit cornercase) purpose.

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private
--============== 60865392480104814=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmP2JrEACgkQLHwxRsGg ASEPIw/9Em6LvaW6bMoo7ywV802FNNs4GWbxjvIBIXOG1PiVvoRGZFUI3OkOlOnj 4UoUjC+pn8pHFx5drd1TY1Cm+E3UpTYcKgT+gPLeKgpjEWuRZtUDTj4k351BcvGl o4lYdOJvxb5ZxwBbFs1JpOD98nlP2ca+D7EAMgWDrVWWSlc2gwIcZSIM36VEMwum 2Cnm2a6BCccP4e/+R+EOiKe+xr8GEixJCXr5n5xucljQs8ruJP/UotUuKZeGY2Zl ZKqK7kwneIFJ74WM4OJJTqb4hDUkJic2Hdh0xjLRsaa5i9jgFQJSvaZVid3Ey3Mk dzYLXAr+h/Xzl2+Hv89NWk+EEsX7IFx0FroDZGPtMaR+h+c2/srxhNyZOzwspeNw HU5Qn4yHacDJkyBwIUB+IzUcUaZyQurDFWJEYEqsFlhp28hjH0cPME1A1ZAZ7V/f p1co7K7Grzepb27oSzKIDWDDCXzp7tevEAmot1w6X

"Peter" == Peter Pentchev <roam@ringlet.net> writes:

Peter> Hi, So I've seen this idea floating around in the past couple
Peter> of years (and in some places even earlier), but I started
Peter> doing it for the couple of pieces of software that I am
Peter> upstream for after reading Daniel Stenberg's blog entry:
Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

Peter> And then, a couple of weeks ago, I quietly checked whether
Peter> the Debian FTP team would be okay with that by uploading two
Peter> NEW packages without any years mentioned in the
Peter> debian/copyright file: either upstream or for my Debian

As Jonas mentions, including the years allows people to know when works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging
would enter the public domain.

--Sam

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Daniel Baumann (2023-02-22 14:30:11)

On 2/22/23 13:55, Jonas Smedegaard wrote:

As a redistributor I find it a good practice to include most possible copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users

while having copyright information centrally available per package in d/copyright is definitly a usefull service, is providing the *years*
really a service worth providing?

personally I don't think so: for packages with non-trivial d/copyright,
it's a significant effort to keep the years in sync with the upstream sources.

Ensuring that debian/copyright stays correct take some effort, but that
is required to re-examine anyway for each new upstream release.

I dare question that examining copyright *years* in particular is
noticably larger effort than the general required examination.

(and I doubt that all our source packages have accurate d/copyright,
even less so when it comes to the year-information.)

I agree, but is not really relevant for this discussion (which I guess
is also the reason you put that in paranthesis). :-)

and it is a slight disservice to omit information that upstream put
effort into tracking and publishing.

If years would be omited in d/copyright, it's not that the information
is hidden/nowhere else.

Also if I would want to know the copyright information of a certain
file, I'd check d/copyright for a first glance, but then always check
the individual source file, even if it's just to be sure/double check.

I don't think that the "niche" use-case of wanting to know the year-information (everything else should be in d/copyright anyway) is
worth the (continued) maintenance costs in d/copyright.

I am genuinely interested in understanding what trouble you experience collecting that information. Is it perhaps because you for some reason
cannot or will not use licensecheck? While ertainly not perfect but, licensecheck in my experience currently adequately identifies, collects,
and merges copyright years.

If you prefer moving such conversation to a smaller audience, then I
encourage filing bugreports against licensecheck (or pointing at
bugreports already covering your points that I might have missed).

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============X95298426372766457=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmP2KW4ACgkQLHwxRsGg ASF7IA//dBdGQG4MXdtJHJOyAvt/3FoMuc9Vtk4cYJ6O0wT/VMLlwvasCMNxu3W3 jfrN8jQqLE5AFgWbav6LQ/T2CbZttUsevXii7iNxEJyliAnF/pecBBEKcS1YbYGA 3DkJ0rBeVVauiUQ6gskueR9KcxXPxOb3y6sPqUu7F2r1iIWgPn/5a92wd1Owg/bQ gjLCHXevYKBlTHoBT9gqyeAVYVInUHOHsdX0fmB31JI7Apl/8jOZay5sA2/sgOi4 /+c6abi3qjN+kTQ87ufUlFEvAWIArVjIRxTtZQEtBYp7x8TmqR4F74eDzJfTEqw1 bJwq1bnGlobgVKkiHgxRioKm/O2D9bOeZ26amswXzHyGrPGE01RN0k26Kcz+BKEs GMkn2VSuSzo6/retffYwAoNISQHWBTwmY9id3Owj0n1trLAHn3AzsXfKg9mByjhk 5JDZ42mhh5TlVdT4ZmACh0v7h/zvftj6/VKh6t5d

On February 22, 2023 2:29:08 PM UTC, Jonas Smedegaard <jonas@jones.dk> wrote: >Quoting Peter Pentchev (2023-02-22 14:26:47)

On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:

Quoting Peter Pentchev (2023-02-22 10:49:30)

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading
Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

And then, a couple of weeks ago, I quietly checked whether
the Debian FTP team would be okay with that by uploading two NEW
packages without any years mentioned in the debian/copyright file:
either upstream or for my Debian packaging. And, lo and behold,
they were both accepted (python-parse-stages and python-test-stages).

So how do people feel about this in general, would it be okay for
me to start doing it:
a) for other packages that I maintain personally, outside any team
b) for team-maintained packages (I guess this one might be a per-team
decision, discussed separately on the appropriate lists)

(obviously, I'm not asking for permission or anything; apparently
at least one member of the FTP team is okay with me doing it at
least for some packages. This is more of a "float the idea, see
what people think about doing this more widely, not just me")

[snip useful information]

As a redistributor I find it a good practice to include most possible
copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight >> > disservice to omit information that upstream put effort into tracking
and publishing.

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*. And, of course,
if upstream does not specify any copyright years, we cannot invent
any out of thin air. So I guess my question was mainly what people
think about dropping the years in the debian/* copyright notice
(packaging files, patches, etc).

Your rephrased question seems the same to me - so perhaps I was
unclear...

It is my inderstanding that when copyright years are missing from
upstream source then that is acceptable for Debian redistribution (i.e.
not a surprise to me that ftpmaster approves it).

It is my opinion that when copyright years do exist in upstream source,
then we should list those known-to-us years in debian/copyright (a.k.a.
not omit them a.k.a. not drop them), even though we are legally not >required¹ to do so (for the same reason as upstream above is not legally >required to state copyright at all).

- Jonas

¹ Unless some licensing requires listing copyright *years* which from
the top of my head I do not recall having seen, but am too lazy to check
- also because my interest is not to cut corners most possible but to be
as helpful to our users as possible, and copyright years serve a real
(albeit cornercase) purpose.

You won't encounter it in license texts this way. Many licenses require complete/verbatim inclusion of the copyright claims. If you remove the years, you aren't doing that.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 22 Feb 2023 15:40:49 +0100, Jonas Smedegaard <jonas@jones.dk>
wrote:

Quoting Daniel Baumann (2023-02-22 14:30:11)

while having copyright information centrally available per package in
d/copyright is definitly a usefull service, is providing the *years*
really a service worth providing?

personally I don't think so: for packages with non-trivial d/copyright,
it's a significant effort to keep the years in sync with the upstream
sources.

Ensuring that debian/copyright stays correct take some effort, but that
is required to re-examine anyway for each new upstream release.

I dare question that examining copyright *years* in particular is
noticably larger effort than the general required examination.

If copyright inspection is like three quarters of the effort necessary
to get, for example, a new sudo into Debian, then we are doing things
wrong and setting our priorities wrong. This is indrecibly frustrating
and time consuming busy work that doesn't require my qualification at
all, and I REALLY have other things to do than that.

It is especially frustrating when we're obviously being holier than
the pope, when for example translators submit translations for very
obviously non-FSF software with "Copyright Free Software Foundation"
or with boilerplate copypaste headers stating a license that is
totally different from the package that is being translated etc.

Strictly, as a maintainer I MUST reject such translations because a po
file also contains work by the original author which a translator
cannot arbitrarily relicense, not even accidentally by just not paying
proper attention.

(and I doubt that all our source packages have accurate d/copyright,
even less so when it comes to the year-information.)

Amen.

While I understand that having debian/copyright is vitally important,
we NEED to relax our rules to reduce the effort necessary since it's demotivating busy work that I feel noone cares about.

Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le mer. 22 févr. 2023 à 15:39, Sam Hartman <hartmans@debian.org> a écrit :

"Peter" == Peter Pentchev <roam@ringlet.net> writes:

Peter> Hi, So I've seen this idea floating around in the past couple
Peter> of years (and in some places even earlier), but I started
Peter> doing it for the couple of pieces of software that I am
Peter> upstream for after reading Daniel Stenberg's blog entry:
Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

Peter> And then, a couple of weeks ago, I quietly checked whether
Peter> the Debian FTP team would be okay with that by uploading two
Peter> NEW packages without any years mentioned in the
Peter> debian/copyright file: either upstream or for my Debian

As Jonas mentions, including the years allows people to know when works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging would enter the public domain.

Maybe only the first year the copyright was applied is important ?

Jérémy

<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le mer. 22 févr. 2023 à 15:39, Sam Hartman &lt;<a href="mailto:hartmans@debian.org">hartmans@debian.org</a>&gt; a écrit :<br></div><blockquote
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">&gt;&gt;&gt;&gt;&gt; &quot;Peter&quot; == Peter Pentchev &lt;<a href="mailto:roam@ringlet.net" target="_blank">roam@ringlet.net</a>&gt; writes:<


    Peter&gt; Hi, So I&#39;ve seen this idea floating around in the past couple<br>
    Peter&gt; of years (and in some places even earlier), but I started<br>     Peter&gt; doing it for the couple of pieces of software that I am<br>
    Peter&gt; upstream for after reading Daniel Stenberg&#39;s blog entry:<br>
    Peter&gt; <a href="https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/" rel="noreferrer" target="_blank">https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/</a><br>

    Peter&gt; And then, a couple of weeks ago, I quietly checked whether<br>     Peter&gt; the Debian FTP team would be okay with that by uploading two<br>
    Peter&gt; NEW packages without any years mentioned in the<br>
    Peter&gt; debian/copyright file: either upstream or for my Debian<br>

As Jonas mentions, including the years allows people to know when works<br> enter the public domain and the license becomes more liberal.<br>
I think our users are better served by knowing when the Debian packaging<br> would enter the public domain.<br></blockquote><div><br></div><div>Maybe only the first year the copyright was applied is important ?</div><div><br></div><div>Jérémy</div></div></div>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Daniel Baumann <daniel.baumann@progress-linux.org> writes:

On 2/22/23 14:26, Peter Pentchev wrote:

Wait, I may have been unclear. I did not mean that I want to omit the
upstream copyright years *when they are there*.

I know you didn't mean that, nevertheless, it's imho good idea.

Unfortunately, it's often against the upstream license.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

and:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

The Apache 2.0 license only requires the copyright notices be preserved in "Source form," so debian/copyright probably doesn't count. (It instead requires inclusion of the NOTICE file, but allows you to distribute it
"within the Source form or documentation, if provided along with the
Derivative Works," which we probably qualify for.)

The GPL doesn't seem to care about the notice in non-source forms.

In practice, I doubt anyone will care, and it's of course fine to omit the
year from your own copyright notices as long as you realize that means you cannot take advantage of the damage provisions of US copyright law that
require you to publish a valid copyright notice (which I suspect no one
cares about). But dropping the copyright dates from the upstream notices
I think would often technically violate the upstream license depending on
its wording.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Not an ftp team member or anything, so this is just my personal opinion.

Peter Pentchev <roam@ringlet.net> writes:

1. Does the Debian Project consider it okay for an upstream package to
include one or more (or all) files with clear license grants (either
included or referred to in the files), and with clear copyright
notices (again, either in the files or in a central file) that
contain the authors' names, but no years? Does such a package
comply with the DFSG? I believe the answer ought to be "yes", but
I thought it wouldn't hurt to ask.

Yes, I can't see any reason why this would be a problem. Copyright
notices are optional. I suppose it's conceivable someone could put
wording in a license that requires the years, but I've never seen
something like that unless one takes an extremely aggressive
interpretation of "copyright notice" that I wouldn't take.

2. If an upstream project does that, the debian/copyright file should
reflect that and have a `Files: *` (or whatever pattern) notice that
has a copyright notice without any years... right? And if an upstream
project does that between releases, the debian/copyright file should
change (drop the years) in the next "new upstream release" upload...
right?

Yes, that seems to logically follow. For licenses like BSD and Expat
where including the copyright notices is a license condition, we should
just copy the license notices that upstream uses (I believe it's fine to consolidate years), so if there are no years, we shouldn't put in years.

3. Now, what about the `Files: debian/*` section of the debian/copyright
file? The common wisdom seems to be that, if only to make it easier to
submit patches to the upstream project, the debian/* files ought to be
licensed under the same terms as the upstream source. Now I know that
licensing and copyright are different things :) So would the Debian
Project consider it okay for a Debian package to have
a `Files: debian/*` section in its copyright file that does not
mention any years? This question is both from a DFSG point of view and
from a "what would be best for our users" one. And does the answer
depend on whether the upstream project's copyright notices include
years or not? (as in, should we follow upstream's lead in that, too)

I think it's fine to omit the year from copyright notices in debian/*. It certainly seems clear to me that it's fine from a DFSG perspective; a lot
of packages don't even have any separate stanza or copyright notices for debian/* at all and copyright notices are optional. (Not saying this is
ideal, just that it's not a DFSG violation.)

Sam made the point that including the year communicates when the Debian packaging would enter the public domain. This is true, but I can't bring myself to care that much about it since (sadly in my opinion) that point
is so far into the future that I'm dubious of the effort to reward ratio
of curating years for all those decades. Not to mention that the debian/* packaging is continuously updated so additional copyright may attach and
that gets into a murky mess in terms of copyright expiration, which
decreases the value of that information.

People doing this should be aware that you're probably waiving certain
damage provisions in US copyright law should you ever sue someone in the
US for violating the license on the Debian packaging, at least so far as I understand US copyright law. (I am not a lawyer and this is not legal
advice for your specific situation.)

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 22, 2023 at 03:26:47PM +0200, Peter Pentchev wrote:

On Wed, Feb 22, 2023 at 01:55:02PM +0100, Jonas Smedegaard wrote:

Quoting Peter Pentchev (2023-02-22 10:49:30)

So I've seen this idea floating around in the past couple of years
(and in some places even earlier), but I started doing it for
the couple of pieces of software that I am upstream for after reading Daniel Stenberg's blog entry:
https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

[snip my original message]

[snip useful information]

As a redistributor I find it a good practice to include most possible copyright and licensing information provided by upstream authors,
exactly because we are doing a service for our users, and it is a slight disservice to omit information that upstream put effort into tracking
and publishing.

Wait, I may have been unclear. I did not mean that I want to omit
the upstream copyright years *when they are there*. And, of course,
if upstream does not specify any copyright years, we cannot invent
any out of thin air. So I guess my question was mainly what people
think about dropping the years in the debian/* copyright notice
(packaging files, patches, etc).

OK, so it seems I did it again: I sent out my original message before
really knowing myself what exactly the questions are that I mean
to ask :) So now that I have thought about it a little, here they are:

1. Does the Debian Project consider it okay for an upstream package to
include one or more (or all) files with clear license grants (either
included or referred to in the files), and with clear copyright
notices (again, either in the files or in a central file) that
contain the authors' names, but no years? Does such a package
comply with the DFSG? I believe the answer ought to be "yes", but
I thought it wouldn't hurt to ask.

2. If an upstream project does that, the debian/copyright file should
reflect that and have a `Files: *` (or whatever pattern) notice that
has a copyright notice without any years... right? And if an upstream
project does that between releases, the debian/copyright file should
change (drop the years) in the next "new upstream release" upload...
right?

3. Now, what about the `Files: debian/*` section of the debian/copyright
file? The common wisdom seems to be that, if only to make it easier to
submit patches to the upstream project, the debian/* files ought to be
licensed under the same terms as the upstream source. Now I know that
licensing and copyright are different things :) So would the Debian
Project consider it okay for a Debian package to have
a `Files: debian/*` section in its copyright file that does not
mention any years? This question is both from a DFSG point of view and
from a "what would be best for our users" one. And does the answer
depend on whether the upstream project's copyright notices include
years or not? (as in, should we follow upstream's lead in that, too)

Note that none of that comes from any "it's so difficult" positions;
I am actually one of the people who would include file-by-file stanzas
in the debian/copyright files for upstream files with different
copyright years :)

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmP2TwkACgkQZR7vsCUn 3xNlZBAAtGO+xixgCNHkYJ6OD6NJzo+Kxc52QNrBS+ktQsVyXwC41GiQmRnPxQP+ ycoCA+kIBe9KoYjNOp2kNfnIWLLycyT6N0k7KxIvJh2DP6oX8DW7nQv3+oDnE3AJ Dg+RGDDK7XpBRs5BvZosHGTcKEi6NHl8Uzyl2HvksZBnpBSh+T2S6TaU2y8mMKnJ nSr2emSZf7apJatGjAfOhksR42nNNudfsc08k2mT994fZhHfEdFSuDYmYht1HKnr TrZF9Tihe5fSn1GRUOOfw033xJDlHnACZU4VDZso294A4E4sU37pi5qWTkdAlWhf yl4dniqH8OEgMdQrqVLlssLosnYVplDaqQaN8raSnRouxZjZ1pB0KjqSh4Pw3QIY /bjfpwqxBJzZm6y8vfAgQT8DNfz+fpJjRY/bhJ1sTXmBy2VWOZBzNgtycBkZjHyP z0iCUATsQrGwkMGuqgQyDGjD754uR/Cl0x/Aefj98hiohnz0OUyBuvJ96ocTttIb VwPQ5/gaqGEupX9sRbrHUdGYwreBBCRf+qIO7yLcQkhDlCtVLiDRX9PfEaco3luu 7IE3Myed3YtAk6Iwscvam+wPkEQwq+RA61l5CrGtNUS3tLRgvB1XqBca37XLSkO3 81bwn6nBvhcW+9vMJV5dBAOzP1t1xhqTiYmjWtvmaREy4ukaE0E=
=bBWk
-

On Wed, 2023-02-22 at 07:39 -0700, Sam Hartman wrote:

As Jonas mentions, including the years allows people to know when works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging would enter the public domain.

As far as I know for works from a known author, copyright expires X
years after the death of the author. The year of creation or
publication isn't useful. Nor are individual years for every year where
a change was done (as I think the FSF suggests to document).

It is different for anonymous or pseudonymous works where the author is
not known, but the author can name himself later (which is fun to find
out about: you need to follow the national register for such
publications which only exists on paper in Germany[1]).

Ansgar

[1]: https://www.dpma.de/dpma/wir_ueber_uns/weitere_aufgaben/verwertungsges_urheberrecht/anonyme_werke/index.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------gI1Y4FyDoekcGJi0003ynurG
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SSBtYWludGFpbiBhIHBhY2thZ2Ugd2hlcmUgdXBzdHJlYW0gaGFzIGRyb3BwZWQgdGhlIHll YXJzLiBJIHdhcyB0b2xkIA0KdGhhdCBtdWx0aXBsZSBiaWcgdGVjaCBjb21wYW5pZXMgd2l0 aCBzZXJpb3VzIGxhd3llcnMgbG9va2VkIGF0IHRoaXMgYW5kIA0KZmVsdCBpdCB3YXMgZmlu ZS4NCg0KSSBmdWxseSBzdXBwb3J0Og0KICAgLSB1cHN0cmVhbXMgZHJvcHBpbmcgeWVhcnMg ZnJvbSBjb3B5cmlnaHQgbm90aWNlcw0KICAgLSBEZWJpYW4gbm90IHJlcXVpcmluZyBtYWlu dGFpbmVycyB0byBwcmVzZXJ2ZSB5ZWFycyBpbg0KICAgICBkZWJpYW4vY29weXJpZ2h0IGZp bGVzLg0KDQpPbiAyLzIyLzIzIDA4OjM5LCBTYW0gSGFydG1hbiB3cm90ZToNCj4gSSB0aGlu ayBvdXIgdXNlcnMgYXJlIGJldHRlciBzZXJ2ZWQgYnkga25vd2luZyB3aGVuIHRoZSBEZWJp YW4gcGFja2FnaW5nDQo+IHdvdWxkIGVudGVyIHRoZSBwdWJsaWMgZG9tYWluLg0KDQpJbiB0 aGVvcnksIEkgYWdyZWUgd2l0aCB5b3UuIEluIHByYWN0aWNlLCBjb3B5cmlnaHQgbGVuZ3Ro cyBhcmUgc28gbG9uZyANCmluIG1hbnkgY291bnRyaWVzIHRoYXQgc29mdHdhcmUgZWZmZWN0 aXZlbHkgbmV2ZXIgZW50ZXJzIHRoZSBwdWJsaWMgDQpkb21haW4gKGF0IGxlYXN0IG5vdCB3 aGlsZSBpdCBpcyBzdGlsbCBvZiB1c2VmdWwvbm9uLWhpc3RvcmljYWwgdmFsdWUpLg0KDQot LSANClJpY2hhcmQNCg0K

--------------gI1Y4FyDoekcGJi0003ynurG--

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1Ot9lOeOTujs4H+U+HlhmcBFhs4FAmP2f3UACgkQ+HlhmcBF hs64+Q//QCQhvSw3vGw9QCbrRnfNV3vmoSdsK+EOSTHHJI3qVO8KHdC1C99Gpu3x MbRtY1JJQOlT+ib5X4epNDUbovjIBjvvZSaxgvh5MLNOF3aZqvwpq3Un9/Qd/oq7 VJpI7sBZCQAHy6Aocr+981E9wdHWqCv/l+vyNQIBXDR9CLJo7Wl0E1SOsrSJQsOg N9cDeK2FZT/Ls3lMrPxUguLpMORJcMVyggbp2vft4zliFQ2v6aJAfjhgQoVuD3L/ j1/hlOePPggrVkVK3ZsZQo/UZzQNB+qnhxD3AetrJVQZ55LdbmZM0+tgeIdMVJcx YGxFXNgaa7fM+n9Pv+1sO/vBGHqZyxLWRXLSxACCaIu0Jyd6QmLSo+fTv0PwOqmy Lz5Yt15AqnFmaDjJulmUNG9g3sDzNkkzzKfYkiG6H180hR1MQkYNjND7cZwsCcie +G1RS3d94ofIeVDbkzl3TothqVgxoUf0ZC96cxju+AjjeFXlBG89PySYaqA24mT0 d3bxfNkC4GkFQHdRGbdkAQhUxUJSF7njC7S4MTH/+i2ZdLPkEOzRxX0eyFT5lFMj M2s5F3mp3LBUUkSGY/FiRQp+kbicdzim0G2RVRh2sVuaCZDcnAqswJAOC2rmtq+v VZX87ANP5SeRtk9nbsasnehu2MTstBAoe3siX1VIjJ1E9JIUG+I=
=dddn
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Peter" == Peter Pentchev <roam@ringlet.net> writes:

Peter> 3. Now, what about the `Files: debian/*` section of the
Peter> debian/copyright file? The common wisdom seems to be that, if
Peter> only to make it easier to submit patches to the upstream
Peter> project, the debian/* files ought to be licensed under the
Peter> same terms as the upstream source. Now I know that licensing
Peter> and copyright are different things :) So would the Debian
Peter> Project consider it okay for a Debian package to have a
Peter> `Files: debian/*` section in its copyright file that does not
Peter> mention any years? This question is both from a DFSG point of
Peter> view and from a "what would be best for our users" one. And
Peter> does the answer depend on whether the upstream project's
Peter> copyright notices include years or not? (as in, should we
Peter> follow upstream's lead in that, too)

Peter> Note that none of that comes from any "it's so difficult"
Peter> positions; I am actually one of the people who would include
Peter> file-by-file stanzas in the debian/copyright files for
Peter> upstream files with different copyright years :)

I think it is acceptable, but would urge you to include the years
because it is better for our users.

I think two things apply.

1) it helps our users know when something goes out of copyright.

2) As Russ points out, while your copyright is valid in the US even
without notice, certain damage provisions only apply if you have valid
notice including years.

Neither of these are huge deals.

I'd say years should be recommended but not required.

I don't think parity with upstream matters.
I don't think you would have any trouble submitting patches if the only difference is one notice included years and one did not.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On February 22, 2023 9:38:48 PM UTC, Sam Hartman <hartmans@debian.org> wrote: >>>>>> "Peter" == Peter Pentchev <roam@ringlet.net> writes:

Peter> 3. Now, what about the `Files: debian/*` section of the
Peter> debian/copyright file? The common wisdom seems to be that, if
Peter> only to make it easier to submit patches to the upstream
Peter> project, the debian/* files ought to be licensed under the
Peter> same terms as the upstream source. Now I know that licensing
Peter> and copyright are different things :) So would the Debian
Peter> Project consider it okay for a Debian package to have a
Peter> `Files: debian/*` section in its copyright file that does not
Peter> mention any years? This question is both from a DFSG point of
Peter> view and from a "what would be best for our users" one. And
Peter> does the answer depend on whether the upstream project's
Peter> copyright notices include years or not? (as in, should we
Peter> follow upstream's lead in that, too)

Peter> Note that none of that comes from any "it's so difficult"
Peter> positions; I am actually one of the people who would include
Peter> file-by-file stanzas in the debian/copyright files for
Peter> upstream files with different copyright years :)

I think it is acceptable, but would urge you to include the years
because it is better for our users.

I think two things apply.

1) it helps our users know when something goes out of copyright.

2) As Russ points out, while your copyright is valid in the US even
without notice, certain damage provisions only apply if you have valid
notice including years.

Neither of these are huge deals.

I'd say years should be recommended but not required.

I don't think parity with upstream matters.
I don't think you would have any trouble submitting patches if the only >difference is one notice included years and one did not.

I would add, that it's absolutely a requirement for license compliance in some cases. For those cases, please continue to include it. I don't think Debian should have a view that failing to comply with a license is okay if we think we can get away with
it.

Scott K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Jérémy Lal (2023-02-22 17:04:01)

Le mer. 22 févr. 2023 à 15:39, Sam Hartman <hartmans@debian.org> a écrit :

"Peter" == Peter Pentchev <roam@ringlet.net> writes:

Peter> Hi, So I've seen this idea floating around in the past couple
Peter> of years (and in some places even earlier), but I started
Peter> doing it for the couple of pieces of software that I am
Peter> upstream for after reading Daniel Stenberg's blog entry:
Peter> https://daniel.haxx.se/blog/2023/01/08/copyright-without-years/

Peter> And then, a couple of weeks ago, I quietly checked whether
Peter> the Debian FTP team would be okay with that by uploading two
Peter> NEW packages without any years mentioned in the
Peter> debian/copyright file: either upstream or for my Debian

As Jonas mentions, including the years allows people to know when works enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging would enter the public domain.

Maybe only the first year the copyright was applied is important ?

Possibly, yes. My advice is to include upstream stated sane¹ years.

Reason for that is that several licenses require verbatim copy of
copyright statements. Requirement² is not literal, only verbatim, which
I interpret as it's ok to e.g. translate "2001, 2002, 2003" into
"2001-2003" but not ok to translate it into "2001" since that is clearly removing some "words".

- Jonas

¹ When upstream says 2001-now then only include 2001, because "now" is
an insane expression in the context of copyright statements.

² Yeah, requirement is aguably only commonly relevant for source, not
for debian/copyright files, but that's a somewhat different topic.

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============‰37892602294082678=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmP2nAkACgkQLHwxRsGg ASF0bQ//Z54Bx665QvRhehnfKloeOdIIwj3ubY2avEvnIK5RMo8fUHmmtvwIeRZa R7m0Szgv5+9dlNYjD8PFRWhTbBLZkEW+qzFm31cHE8hlD948ab3tctTwdUtoPNUn Xi8VMjG6P763Jkb9a93+VYvzb/QpiVmesS/ajTO5vDPq9bMkz8TUkUJkW6cdlOPG M5Y+k+XW/JyHQTzI11X4o0YnborUDqp0hG+XLn9dMRwivroLOY7g/xeKkPhPxUC7 Tsl5EBP9z29J/2m0R5WMsqH9FnpdoesSWFy+6s9ZipvtcUkm8nik1uZZbg208BNY 27jvwx3ZOxYmQYihAYPChwr0qnmfCMVyGqqhpbctb0Ezg5kF/JUPDXm9lBGCyX9m Ih+xIxG1Ut3HbLP1/iC0uIf1Wkg6xCOBLsXjRlYrd++y2A0P0Y/oBHa+uJZ0qRo1 tC61BcGxEAx+ScjsdROL7KxtJ+y68g2iKNehvXvf

On Wed, 2023-02-22 at 09:47 -0800, Russ Allbery wrote:

People doing this should be aware that you're probably waiving certain
damage provisions in US copyright law should you ever sue someone in the
US for violating the license on the Debian packaging, at least so far as I understand US copyright law.  (I am not a lawyer and this is not legal advice for your specific situation.)

Could you give some more details about this? I hadn't heard of it yet.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmP25AQACgkQMRa6Xp/6 aaPvXRAAmiesbX0SzJDowfY7i7mBrf4+nzIHmfDDSOQFKmV2t9QX1MzfxaKnmj2O F276M5PHXDv8On6TxwUu5yQSMUzQfwIhHeuKgHULbJbwU/5b5wjQOzfHkjbwdkat rMLxP8RZBeCews9bvuRBJ1mPo6LMN4jRnxYKC4IeS50kRWYcliAqspra62/w8Y/M ne7K7JZgiAX9wn7Lr2YJvSiUBXc4TnpPo0YQPRAONrcz0gX2RmYJJqs7owmClbbV hl5JH+jgl0/pneaFQwkmOe8I0mMfnmbJ/2A1Nx1Q1MX96Wf1MJDbFgVEVxyncV5w BAkHXYCsRAMywdRT3Nwniiyy74EZ3eEOburB15KM5i1OqrqXsb9zideUPhbrFDb6 sZMkplPhkM9md4jIN03mvQw+TwTVDL/m+3r8IFhKzIdG+45DKk65MT++3K8jvpoY btxG2sVLeRr/uLIkfsrnuMcWh62tTm12Z3vpwoZhobBlwxf36WOUasDLQHlUdUvc 5xKnEjofAtvAs9IPkaTihDdmpge/gaSBMPD1DHutzHIJy/1DQnM+mEJ+sLQBekHt P2JaerPG8kYcVRMHGTazpg3aZ0d0AbYpCU0/vzx2JOTixuiEzo6BNFuFPr3qqK3A LCb5RB3WROzR0dShPHFdND7pL1OxCYbnhLTwxvbp1tvnhTJ37qQ=
=LLQc
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

On Wed, 2023-02-22 at 09:47 -0800, Russ Allbery wrote:

People doing this should be aware that you're probably waiving certain
damage provisions in US copyright law should you ever sue someone in
the US for violating the license on the Debian packaging, at least so
far as I understand US copyright law.  (I am not a lawyer and this is
not legal advice for your specific situation.)

Could you give some more details about this? I hadn't heard of it yet.

https://www.law.cornell.edu/uscode/text/17/401:

(d) Evidentiary Weight of Notice.—

If a notice of copyright in the form and position specified by this
section appears on the published copy or copies to which a defendant
in a copyright infringement suit had access, then no weight shall be
given to such a defendant’s interposition of a defense based on
innocent infringement in mitigation of actual or statutory damages,
except as provided in the last sentence of section 504(c)(2).

Also see https://www.copyright.gov/circs/circ03.pdf, specifically
"Advantages to Using a Copyright Notice" starting on page 3.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 22, 2023 at 08:20:27AM -0800, Russ Allbery wrote:

Daniel Baumann <daniel.baumann@progress-linux.org> writes:

On 2/22/23 14:26, Peter Pentchev wrote:

Wait, I may have been unclear. I did not mean that I want to omit the
upstream copyright years *when they are there*.

I know you didn't mean that, nevertheless, it's imho good idea.

Unfortunately, it's often against the upstream license.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

and:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

It says you need to do that, yes. It does not say *where* that copyrigh statement must be.

debian/copyright is wholly a Debian-specific invention. We can often do whatever we want there and still comply with the copyright license.

It's useful for our users that debian/copyright contains an accurate
copy of the license statement, but I don't see how it would be relevant
for an upstream license.

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Wouter Verhelst <wouter@debian.org> writes:

On Wed, Feb 22, 2023 at 08:20:27AM -0800, Russ Allbery wrote:

Unfortunately, it's often against the upstream license.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

and:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

It says you need to do that, yes. It does not say *where* that copyrigh statement must be.

While this is true, we don't put the copyright statements anywhere else in binary packages.

I think arguing that having them in the source package is a stretch for
those licenses, since they don't give any special significance to source distributions and the normal way of using the archive is to download the
binary package without the source. The Expat license specifically says
"all copies"; it doesn't say that if you distribute a few different forms
of the software, you can leave the copyright notice out of some of them.

I agree that we would satisfy the license if we had a separate file in the binary package that collected all the copyright notices, but we don't;
that's the copyright file.

All that said, I think the chances that anyone would care enough about
this to sue is fairly low. But not zero -- there do exist bad-faith
copyright holders who are looking for excuses to sue (although they're thankfully quite rare in free software).

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 22, 2023 at 07:39:09AM -0700, Sam Hartman wrote:

As Jonas mentions, including the years allows people to know when works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian packaging would enter the public domain.

If this is the intention, then including the years is pointless.

Article 7 of the Berne Convention says:
(1) The term of protection granted by this Convention shall be the life
of the author and fifty years after his death.
...
(6) The countries of the Union may grant a term of protection in excess
of those provided by the preceding paragraphs.
...

--Sam

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-26 at 18:43 +0200, Adrian Bunk wrote:

On Wed, Feb 22, 2023 at 07:39:09AM -0700, Sam Hartman wrote:

As Jonas mentions, including the years allows people to know when
works
enter the public domain and the license becomes more liberal.
I think our users are better served by knowing when the Debian
packaging
would enter the public domain.

If this is the intention, then including the years is pointless.

Article 7 of the Berne Convention says:
(1) The term of protection granted by this Convention shall be the
life
of the author and fifty years after his death.
....
(6) The countries of the Union may grant a term of protection in
excess
of those provided by the preceding paragraphs.

This.

The Copyright year for determining when the work enters public domain
can be useful for US works published before 1978, but little more.

Now most countries have settled on 70 years post mortem auctoris (and
while there are countries with shorter terms, with the US not following
the rule of the shorter term, you would probably still need to wait
those 70 years if doing some business there)

It could be useful when the author is unknown or there is corporate
authorship, in which case the US copyright term is 95 years from first *publication* (which _may_ be different from the copyright year) or 120
years after creation.


Another can of worms is that the copyright year is often not well-
maintained. There may be program changes with no bump of the copyright
year, and you find as well projects that updating the number yearly,
regardless if there are actually changes or not (so the stated year
doesn't actually give the real information).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)