[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Legal possibility of more open package reviews.

Le Wed, Apr 10, 2013 at 12:09:16PM -0500, Peter Samuelson a écrit :
> >   - If mentors.debian.org can distribute unreviewed packages by becomming a
> >     DMCA safe harbor, wouldn't it be possible for ftp-master.debian.org/NEW.html ?
> The difference is that one is open to the public and the other is not.
> If a service is open to the public without any control over who can
> post content, then basically you have grounds to claim you do not and
> cannot reasonably police the content.

Is there a legal ground that disqualifies Debian as service provider is the
sense of the DMCA ?  I can not upload to Youtube without authentifcating
myself, how different is it from the impossibility to upload to Debian
without signing my packages ?

Alternatively, if there is no safe harbor for the NEW queue because it is
private to Debian, why its contents can not be open privately to the Debian
developers ? 

> >   - Bonus question: since mentors.debian.net seems to be hosted in
> >     Germany, does it mean that developers living in the US should
> >     refrain from uploading crypto to it ?  How do other distributions
> >     solve that problem ?
> Correct, it means developers living in the US need to follow US laws.
> I suspect other distributions solve the problem by ignoring it, thus
> leaving individuals responsible for obeying their local laws.  Which is
> a fine principle, but in practice it probably means some individuals
> violate US law without really noticing.  (The US government harrassment
> of Phil Zimmermann was a long time ago, so I suspect that object lesson
> has been mostly lost.)

I am still puzzled: if we host a service in the US, this helps the US
developers, but this still leaves the other developers living in other
countries under the threat of export restrictions from their local law.  Does
that mean that we chose US because it minimises the total number of developers
who have to care about export restrictions, or does that mean that in the end,
if only considering cryptograhpy, the servers could be hosted in other
countries, because anyway there will always be a majority of developers
who need to cross a border ?

Alternatively, doesn't the fact that we seem to be the only ones to
self-inflict so many procedures suggest that we are the ones overinterpreting
or misinterpreting the laws ?


Charles Plessy
Tsurumi, Kanagawa, Japan

Reply to: