* Martin Quinson (martin.quinson@tuxfamily.org) wrote: > On Wed, Aug 20, 2003 at 09:40:02AM -0400, Stephen Frost wrote: > > keyring.debian.org has only DDs in it. I think people were suggesting > > using the public keyservers. keyring.debian.org isn't a part of the > > public key servers. > > That's the part of the system I was criticizing :) Not going to change. > Nevertheless, should he trust the meaning of my translation blindly? I mean, > it could contain offending material, and even unlegal material. I guess that > there will be someone to engage pursuits if dpkg subtly displayed racial > crime incitation, or so. To some extent "that's what unstable is for". I doubt a poor translation would make it into a released version. Certainly not if we actually start getting a sizable number of people using the translated versions of things. Unfortunately there really isn't a whole lot of choice in the matter either. > I dunno in the states, but such things can bring you in jail for a bunch of > few months (if not years) in France. And it should be easy to insert illegal > material for the US in displayed text, thanks to your wonderfull anti > terrorist and digital right management acts... I'm not sure it's as easy as you suggest but that's not really on the topic anyway. > Who will get sued in such situation? I guess Debian in first place, but if > I understand well, the whole identification process of the NM is exactly > about giving Debian the possibility to report the charges on the guilty > developper when sued, isn't it? Ehhh, I'm not sure I'd agree with that specifically, but whatever. > So, I ask again, shouldn't Debian check the real identity of contributors > when the maintainer is unable to check the material himself ? Checking the identity doesn't really help in the situation you've described. If someone not in france submitted a translation patch that had stuff which is illegal in france I doubt they'd be touched, even if you could identify them. Debian servers in France would be targeted and the operators, not even the DDs, would be the ones who could get in trouble. One could have similar concerns about the BTS due to the fact that it displays emails sent to it. This isn't really a new thing which makes me not really worried about it in the end. > If it's ok so, what is the big deal of asking the DD for having a trusted > key and signing the packages, anyway ? Honestly I see there being a very big difference between having rude things done in a translation and, for example, having packages which install rootkits. Sorry, that's just life. > I know about the public servers, but I was wondering why Debian make things > harder for the DD while it has the infrastructure to simplify their work. What is harder for the DD and how could the existing Debian infrastructure fix that? Nothing in what you've said would lead me to believe that there's something we can change which would make things easier for the DD with regard to 'poor' translations. Stephen
Attachment:
pgpgI5IrGGRIA.pgp
Description: PGP signature