From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,d0f6c37e3c1b712a X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news3.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!newsfeed01.sul.t-online.de!t-online.de!news.belwue.de!LF.net!news.enyo.de!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: Ada in Debian: most libraries will switch to the pure GPL in Etch Date: Wed, 28 Jun 2006 22:46:15 +0200 Message-ID: <8764ilm2js.fsf@mid.deneb.enyo.de> References: <1151405920.523542.137920@p79g2000cwp.googlegroups.com> <873bdpjxwp.fsf@mid.deneb.enyo.de> <87veqlkqi1.fsf@ludovic-brenta.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: albireo.enyo.de 1151527575 3476 212.9.189.177 (28 Jun 2006 20:46:15 GMT) X-Complaints-To: Cancel-Lock: sha1:RK/gZW53nr+CTijxwAGcLZ2mcvY= Xref: g2news2.google.com comp.lang.ada:5257 Date: 2006-06-28T22:46:15+02:00 List-Id: * Ludovic Brenta: > Florian Weimer writes: > >> * Michael Bode: >> >>> How can any AdaCore software then remain in Debian at all? >> >> Debian does not check the precise copyright status of most packages. > > Oh yes, per Policy. It checks if the *license* meets certain criteria. But anybody can take someone else's code, pretend it's their own, slap a new license on it, and put it on the Net for download. The result is typically a copyright infringement. The purported license statement doesn't tell you this, of course. >> I doubt many authors are willing to provide assurances without proper >> compensation, especially if they have incorporated any contributions >> from third parties (which can pose legal risks even if you've got >> statements in writing to the contrary). > > So far, Debian has provided a some form of assurances by means of the > copyright file shipped with every package, The copyright file is just what upstream provided. If it's wrong, Debian will make the same false claims. In some cases, packages contain contradicting license claims, which are discovered after some time (see #328923 for an example). But if no such claims exist, it's unlikely that we'd spot a copyright violation. > and cryptographically signed by the package maintainer (i.e. myself > in the case of Ada packages). In a couple of weeks, indeed. 8-) But in reality, Debian provides few developer-to-user guarantees. The .changes files are awfully hard to get, and I'm not sure if those for binary-only NMUs are archived at all. But this is completely off-topic here.