[Pkg-rust-maintainers] rust-apple-nvram_0.2.0-1_arm64.changes REJECTED

Mon May 13 19:10:58 BST 2024

Hi Andreas,

thanks a lot for all of your explanations.

On 20.11.23 22:49, Andreas Henriksson wrote:
> So some of the questions I'd be very happy if you could help me
> understand are:
> * Can non-legal entities be assigned copyright?

normally not, but ...

> * Can anyone just claim copyright belongs to someone else?

I am not sure I understand. Do you mean that one holds copyright for 
something and somebody else claims to be the copyright holder? That is 
not allowed.

> * Does Debian accept vague copyright holder descriptions like
>    "$PROJECT Contributors" (because that would make it really easy
>    for my future endaevors to document things in debian/copyright)?

... you don't have to verify every details of the copyright. If upstream 
just says that a group of people has the copyright for the software, 
than that is the way it is. You must not be better than upstream and 
verify who are the members of that group.

> * Also the AsahiLinux project themselves do not use years in their
>    copyright statements of their projects (see eg.
>    https://github.com/AsahiLinux/speakersafetyd/blob/main/LICENSE#L1  ),
>    does this mean I should not list years in debian/copyright (rather
>    than extracting them from git revision history)?

Yes, see above. If upstream wants it this way, it is fine. As a 
maintainer you just have to collect the information that upstream 
provides. Of course nobody will stop you from doing more. Some upstream 
are even glad when you tell them about their wrong copyright. But for a 
package to be accepted in Debian, this is not needed.

> * When a project like apple-nvram's LICENSE file claim copyright year is
>    2022, despite a time machine would be needed since the currently
>    relevant "v3" apple proprietary data format was not made public to the
>    world until 2023, the reverse engineering happened in 2023 and the
>    parsing code was written in 2023.
>    Should I still repeat whats stated in the LICENSE file?

On the first attempt, yes. If you know that something is wrong, don't 
hesitate to open a bug upstream.
> For the three first questions above my previous understanding was that
> the Debian project did not accept documenting something as copyrighted
> by for example "public domain" when the author claimed so.

The term public domain is less-than-ideal, but a package will be 
accepted containing it. Better would be when upstream uses a license 
like CC0, so again, upstream might be glad when you open a bug :-).

>
> For documenting years, if we extract those from git metadata, why
> shouldn't we also do it with the rest of the information?

Some people do this for copyright holders, so when you want to go this 
way, nobody would hinder you. But as far as I know there are no tools to 
do this and doing it manually would be rather complex.

    Thorsten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20240513/8f3d374e/attachment.htm>