On Sun, Mar 15, 2020 at 08:13:37PM +0100, Alexis Murzeau wrote: > If it's just about legal risk, couldn't the responsibility of the > right to redistribute of the uploaded software be moved on the > uploader instead ? > So the uploader takes the responsibility of any redistribution of the > uploaded software by Debian itself, the same way if he would have > uploaded it to a social media are whatever. > > That way, the legal responsibility burden is distributed on many > peoples instead of a small number. If one is not sure that the > software is distributable, he can mail the upstream maintainers for a > clue. >
I am also not a lawyer, but have consulted with lawyers over similar questions. This doesn't mean that Debian should consider this legal advice, as Debian's situation is different than the one I have asked about. In theory, yes - this would move the liability to the uploader. However, there are two issues with this: 1) The liability now rests with the uploader. This isn't something that has really been done before, and we'd need to make sure that we're comfortable with this. 2) We would be very limited in what checks we could actually do on new packages. If we look too closely at packages, we stop being a distributor, and start being a publisher. I'm not sure that we want to move towards just being a distribution platform, rather than actually doing QA checks. Neil --
signature.asc
Description: PGP signature
