Hi Joerg, On Mon, Mar 24, 2014 at 09:11:16PM +0100, Joerg Jaspert wrote: > Those are just two examples - we sure could go and write down some > more. But they are examples: we can't foresee all the possible content > someone may propose. > So instead, we have a simple set of questions that should be applied, > helping to judge contents before upload:
> - Is it likely illegal in the majority of the countries of our > Developers? > - Will it harm Debian, our mirrors, derivatives or users and > potentially endanger them or require extra work on their side to > protect them from such? > If you can answer these questions with a yes or even a maybe - don't > upload the package to any project machine (including a VCS), let alone > the archive. If you are unsure your prospective package may be affected, > ask FTPMaster before uploading to the archive, or Debian resp. Alioth > admins before uploading to a VCS repository on Debian machines. I can understand the ftp team's desire to sidestep any moral questions here, but in the process I think your guidelines have wound up vague and overbroad, as they suggest that as a project we will never take a stand for anything but only do what's safe. In the past, Debian was unable to carry cryptographic software in the main archive because it was illegal for us to redistribute it from the US (where ftpmaster is and was hosted) to other countries. It wasn't illegal in "most" countries, just in a few key ones (US, France). If this situation arose again today, how would the ftp team approach the problem? For another example, software patents are not valid in the EU, but they are valid in many countries outside the EU. We have a policy that software known to infringe patents should not be included in the archive, but your latest mail expresses a much broader policy: that developers shouldn't even upload software that *maybe* is illegal in the majority of countries of our developers. If you asked me if a particular package infringed software patents in most countries, I would always have to answer "maybe". So does this mean we should all stop uploading all software? We have developers in 63 different countries today (according to LDAP). Do we actually know what kinds of things are illegal in any 32 of them? If something is currently illegal in 31 countries where we have developers, and we get a new developer from a 32nd country where it's also illegal, does this mean our rules should be changed? I would appreciate a clearer policy from the ftp team that isn't quite so dependent on the current state of our developer base and the mutability of national laws. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature