[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Legal possibility of more open package reviews.



Le Tue, Apr 09, 2013 at 05:54:14PM +0200, Bernd Zeimetz a écrit :
> 
> >Suggestion #3: have a system where any other DD can review
> >a package in the NEW queue, not only the FTP masters or the
> >FTP assistants.
> 
> That would include publishing the contents of the NEW queue,
> at least to all Debian Developers - so we might violate
> licenses already.

I have not read any convincing argument in favor of our current practice, not
to mention that most arguments are guesses on the reasons of the persons in
charge rather than a clear statement from the persons in charge themselves.

We do not have much measures in place to ensure that our archive does not
contain packages that start to violate licenses after their first upload.  In
parallel, we have a lot of download points that are not subjected to copyright
and license review.  I do not see a reason why the NEW queue must be more
perfect than both our archive and the rest of the non-aptable files we
distribute.

Conversely, the existence of sites such as Ubuntu's PPA, SourceForge, GitHub
and many others show that a large number of software providers are confident
that a policy of a posteriori removals is sufficient.  I do not understand why
we do not reach the same conclusion for the NEW queue, which is not even a
software distribution in the sense of the Debian archive or the sites
mentionned above.

Fedora for instance publicly reviews the new packages in a bugtracker, with
download links that sometimes are pointing to Fedora-hosted machines.  I think
that reaching that level of transparency would have a positive impact on our
capacity to keep on attracting new contributors.

Cheers,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan


Reply to: