Don Armstrong <[email protected]> writes: > On Sat, 14 Feb 2026, Simon Josefsson wrote:n >> Is anyone following the policy? https://www.debian.org/legal/patent > > Because of the necessity to maintain attorney client privilege, there > may not be any public evidence of Debian following the policy. > >> Is a violation against the policy RC-worthy? > > If someone knew (or thought) that we were distributing software that > violated a specific patent, they should e-mail [email protected] to > discuss the issue. They shouldn't file a bug, nor should they discuss it > on this mailing list. They may be wrong or right, but discussing it here > could expose Debian to additional risk. > >> If we would start to look, I believe there are tons of violations in >> Debian here, to the point where one would quickly question if >> enforcing this policy is a realistic goal. Patent encumbered FOSS is >> widely deployed these days. > > Determining whether a specific application is likely to infringe on an > enforceable patent is incredibly tricky, and requires significant domain > knowledge in both the area of the patent and case law in the domain of > the patent (and always involves some amount of uncertainty). Multiply > that complication by the number of patent systems that Debian is > distributed in and the complexity is even higher. > > Without that knowledge (which in my experience usually involves a team > of experts), it's challenging to weigh the risks of infringing. > > If you have knowledge of violations or are concerned about a specific > patent, follow the policy and notify [email protected], not this > mailing list.
Who is on that list? Is it an official Debian project delegation? What
is the charter of the team? Do you make any public reports about what
the team is doing?
It smells like a self-appointed team that sets its own rules, and even
further, suggests that not deferring to the team would harm Debian.
I find that way of working against Debian's Social Contract ยง3 "We will
not hide problems" and inconsistent with Debian Policy:
Packages must be placed in non-free if they are not compliant with
the DFSG or are encumbered by patents or other legal issues that
make their distribution problematic.
Thus I would disagree and believe it would be fine to report violations
of debian-policy requirements as public bug reports, and that the spirit
of doing things in public would be helped instead of hiding things on a
private mailing list with (from what I can tell) no clear authority to
actually properly deal with the topic.
Discussing and making deliberations about patent concerns in private is
fine, and I think Debian would be helped by having an official team
working on that, reporting to the rest of the project once in a while.
/Simon
signature.asc
Description: PGP signature
