Re: proposed new pseudo-package 'debian-mentors' for handling sponsoring requests

[Russ Allbery <rra@debian.org>]

Michael van der Kolff <mvanderkolff@gmail.com> writes:

> IANAL, etc., but how about getting some legal advice on this?  It seems
> to me it wouldn't be nearly as cut and dried as all that; have you
> examined whether or not such a scheme could be set up in such a way that
> makes it a DMCA safe harbour?

DMCA safe harbor is a property of a US law and does nothing to prevent
lawsuits in Europe.  That's part of the complexity.

I didn't say that debian-mentors would pose legal problems necessarily,
only that it's not equivalent to NEW.  I know that the way Debian handles
NEW is fairly legally safe because it was set up that way on the advice of
lawyers.  I don't know if there are other ways to set this up with
different requirements and a different profile that would be equally safe.
I suspect that someone would need to ask.

The Debian project gets pro bono legal counsel, but one of the
disadvantages of that relationship is that it's very slow to get advice on
specific subjects because we ask a lot of strange questions and the amount
of legal advice we can get is fairly limited.  I believe the DPL is
already managing a fairly long backlog of legal questions, so I wouldn't
be too hopeful about getting legal advice in a particularly timely
fashion.

The problem with all legal issues like this is that they're very much like
security issues: doing things properly and doing things improperly are
almost indistinguishable in practice until a problem occurs, at which
point you discover you were doing things improperly.  It's very difficult
to distinguish between doing the right thing and being too cautious, since
they both look exactly the same on a day-to-day basis (nothing happens),
and very similar to doing the wrong things and just getting lucky
(likewise, nothing happens).  That's why people tend towards being
conservative and doing exactly the same thing as was done somewhere else,
since there *is* safety in numbers in legal precedent and even accepted
best practice, and you have a better chance of being warned in advance by
a lawsuit against someone else.

Right now, my guess is that the current debian-mentors setup is doing the
"wrong" thing (in that few effective precautions are being taken against
distributing unredistributable material) and getting lucky, in that it's
both not really a target and the people using the service are generally
trying to do the right thing and any uploads of non-redistributable
material is both by mistake and not of the sort of thing people would sue
over.  But in the current environment where nonsense like SOPA and PIPA in
the US are actually being seriously considered (if, thankfully, not yet
passed), it's probably worth being somewhat paranoid about things that get
the official imprimatur of the project.  And I'm certainly not a lawyer
and this is just my guess.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>