Re: Packages needing a new maintainer

To: debian-devel@lists.debian.org
Subject: Re: Packages needing a new maintainer
From: Branden Robinson <branden@ecn.purdue.edu>
Date: Fri, 19 May 2000 12:01:16 -0400
Message-id: <[🔎] 20000519120116.B1400@ecn.purdue.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20000518133139.H500@pear.presence.net.uk>; from jmlb2@hermes.cam.ac.uk on Thu, May 18, 2000 at 01:31:39PM +0100
References: <[🔎] 20000516181721.E4346@gaia.iki.fi> <[🔎] 20000518042202.K30455@ecn.purdue.edu> <[🔎] 20000518133139.H500@pear.presence.net.uk>

[no need to CC me on list mail]

On Thu, May 18, 2000 at 01:31:39PM +0100, Jules Bean wrote:
> On Thu, May 18, 2000 at 04:22:02AM -0400, Branden Robinson wrote:
> > User comes to you and says "fix my bug, but for you to reproduce it I'm
> > going to need to shackle you with these legal conditions"?  To hell with
> > that.
[...]
> Me:   Any chance I can look at your dataset?  I'll replicate the
>       problem here, and then it'll be easier to track down!
> User: Uh, the thing is, I work in a hospital; this is confidential
>       medical records.  I'd need you to sign a strict confidentiality
>       agreement with me.
> Me:   Hey, no problem!
>
> I don't think the hypothetical Me did anything against the spirit of
> free software there.  I don't approve of NDAs for hardware specs, etc,
> but I can see that there are plenty of other kinds of confidential
> information which might help replicate a bug, and I'd certainly be
> prepared to swear confidentiality on that.

I think in such cases it's worth it to ask the user to cook up a
non-confidential dataset that reproduces the problem.

NDA's are things that should only be signed after review by a qualified
attorney who represents your interests (and since that can be expensive, it
may seldom be done).  To encourage free software developers to sign them as
a matter of routine in the course of debugging problem is unreasonable,
IMO.

Remember, an NDA doesn't really mean you're prepared to swear
confidentiality.  You can do that without a contract.  What an NDA means is
"I'm willing to let you haul me into court and seek injunctions against me,
running up my legal bills even before the validity of your claims has been
established."  People should enter into them only with the greatest of
caution, and an understanding that they're tying a sword of Damocles over
their own heads.

Followups should probably go to debian-legal.

-- 
G. Branden Robinson            |
Debian GNU/Linux               |    If encryption is outlawed, only outlaws
branden@ecn.purdue.edu         |    will @goH7OjBd7*dnfk=<q4fDj]Kz?.
roger.ecn.purdue.edu/~branden/ |

Attachment: pgp3s6uSu15vP.pgp
Description: PGP signature

Reply to:

References:
- Packages needing a new maintainer
  - From: Antti-Juhani Kaijanaho <gaia@iki.fi>
- Re: Packages needing a new maintainer
  - From: Branden Robinson <branden@ecn.purdue.edu>
- Re: Packages needing a new maintainer
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

Prev by Date: Re: apt-get, upgrade, /var/cache/apt/archives
Next by Date: how to get old binary-all packages in new arches?
Previous by thread: Re: Packages needing a new maintainer
Next by thread: Tool for adding a piece of text to a configuration file?
Index(es):
- Date
- Thread