Hi all, resurecting a discussion from 2022 where Russ wrote about "Do we need to hide packages in NEW queue?":
> A lawyer cannot make that risk trade-off decision for us. We'll have to > make it as a project. It just came to my mind that now once tag2upload can upload to NEW, we can have very strong evidence that source package X in NEW is exactly the same as the one generated by tag Y on Salsa or elsewhere. So for an increasing number of source packages, it will be possible for anyone to audit a copy of the package in NEW. There is a path where we can migrate from "we may be legally obliged to hide packages in NEW" to "please justify why you are opting out releasing a copy of what you uploaded to NEW". Have a nice day, Charles -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy - You do not have my permission to use this email to train an AI -
