Henning Makholm <[EMAIL PROTECTED]> writes: > In my opinion we actually try our damnedest to make sure, to the best > of our knowledge, that people *can* rely of having the DFSG freedoms > when they use software from Debian.
But this is not true. Almost never, the source code itself is examined, although it's the source code that matters from a legal point of view. > To claim that we're doing all of this solely to make a political > statement would be dishonest in the extreme, Maybe, but it's important to refute the idea that a DFSG license audit alone implies that it's legal to distribute the software. > In short, while we try our best to include only free software in > Debian, we can and do make mistakes on occasion. "try our best" is a bit too euphoric. You simply cannot check the legal status of some piece of software without examining the source code. Maybe we could add the following sentences at this point: "Debian relies on the judgement and integrity of the developers whose software it distributes. In some rare cases, these developers knowingly or inadvertently misrepresent the legal status of their software." > When that happens and is found out, we shall be immensely > embarrassed, but we cannot be liable legally to users or > distributors who, trusting our judgement, suffered losses because > of the mistake. The project itself might not be liable (I don't know the legal setup at all, if it exists), but the distributors could be. This particular section looks pretty much like wishfully thinking. 8-( > Users and distributors must understand that they alone must bear the > legal risk inherent in relying on information that they got for free > from a self-appointed team of mostly unknown unpaid volunteers who > gathered it in their own time and using their own, mostly lay, > knowledge. If you cannot accept that risk yourself, we must advise > you either not to use or distribute Debian, or to hire a lawyer for > yourself and have him/her research the legal state of each piece of > software indicidually. Sadly, most upstreams do not properly keep track of contributions, so you are asking for something which is practically impossible (but that's not Debian's problem, of course). > [1] Perhaps then there should also be a follow-up question along the > lines of > > Q. How can I find out if there are known doubts about the freedom of > a particular package in Debian but for some reason they have not > yet led to it being removed from the archive? I think it's a good idea to include this question and answer.
