Re: Legal possibility of more open package reviews.
On 04/10/2013 06:56 AM, Charles Plessy wrote:
> Le Tue, Apr 09, 2013 at 05:54:14PM +0200, Bernd Zeimetz a écrit :
>>> Suggestion #3: have a system where any other DD can review
>>> a package in the NEW queue, not only the FTP masters or the
>>> FTP assistants.
>> That would include publishing the contents of the NEW queue,
>> at least to all Debian Developers - so we might violate
>> licenses already.
> I have not read any convincing argument in favor of our current practice, not
> to mention that most arguments are guesses on the reasons of the persons in
> charge rather than a clear statement from the persons in charge themselves.
> We do not have much measures in place to ensure that our archive does not
> contain packages that start to violate licenses after their first upload. In
> parallel, we have a lot of download points that are not subjected to copyright
> and license review. I do not see a reason why the NEW queue must be more
> perfect than both our archive and the rest of the non-aptable files we
> Conversely, the existence of sites such as Ubuntu's PPA, SourceForge, GitHub
> and many others show that a large number of software providers are confident
> that a policy of a posteriori removals is sufficient. I do not understand why
> we do not reach the same conclusion for the NEW queue, which is not even a
> software distribution in the sense of the Debian archive or the sites
> mentionned above.
> Fedora for instance publicly reviews the new packages in a bugtracker, with
> download links that sometimes are pointing to Fedora-hosted machines. I think
> that reaching that level of transparency would have a positive impact on our
> capacity to keep on attracting new contributors.
Exactly. Very well said!