Re: GnuTLS in Debian

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: GnuTLS in Debian
From: Clint Byrum <spamaps@debian.org>
Date: Mon, 23 Dec 2013 09:22:08 -0800
Message-id: <1387818795-sup-6671@clint-HP>
In-reply-to: <20131223160457.GA18428@bongo.bofh.it>
References: <20131222191240.GA3241@downhill.g.la> <slrnlbejcf.4q0.jmm@inutil.org> <20131222232540.GA17565@bongo.bofh.it> <20131223001556.GA6655@virgil.dodds.net> <20131223160457.GA18428@bongo.bofh.it>

Excerpts from md's message of 2013-12-23 08:04:57 -0800:
> On Dec 23, Steve Langasek <vorlon@debian.org> wrote:
> 
> > Red Hat only needs to meet the standard that they don't think there's risk
> > to the company of being sued for a license violation.  Debian holds itself
> > to a higher, ethical standard of complying with the license even when the
> > risks are small.
> I am clearly missing the ethical standard we should comply with, since 
> the upstream developers obviously do not care about the issue in the 
> first place.

An author is not the only party to text. There are also those who have
received this license, and adhered to it for the sake of the author and
the copyright holders who have also adhered to it.

So, it is rather disrespectful and could cause harm to those who have
worked within the confines of the text to at some point ignore the text.
I'm not suggesting it _will_ cause harm, but it may. In fact, RedHat
has harmed Debian and enriched themselves by ignoring it.

So Debian is now in an odd position. If it were to reverse position,
those users who have been diligently adhering to the license and expending
resources would be at a disadvantage to new users who won't have to deal
with that. That may be a position a business can take, but as volunteer
organization with no profit motive, I think Debian has to take more care
to stay as close to the ethical center as possible.

If the original authors would like to clarify their position (oh god
please OpenSSL change your license!), then this conflict of interest
would go away. But I suspect this has been argued to them before.

> As usual, Russ explained this better than I could do.
> 
> This is self-inflicted damage, and I think it's slightly arrogant to 
> pretend that Debian is the only organization which cares about ethics.
>

Only is not a word that Steve used. He was differentiating Debian from
RedHat specifically in fact. There are quite a few more organizations
in the world than "Debian" and "RedHat'. Also this isn't so much an
external issue as "caring about ethics". I think this is internal,
and it is part of what defines Debian.

Is it inconvenient? Absolutely. Should we change it? Well, last I checked
we do take votes on major issues.

Reply to:

Follow-Ups:
- Re: GnuTLS in Debian
  - From: Russ Allbery <rra@debian.org>

References:
- GnuTLS in Debian
  - From: Andreas Metzler <ametzler@debian.org>
- Re: GnuTLS in Debian
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: GnuTLS in Debian
  - From: md@Linux.IT (Marco d'Itri)
- Re: GnuTLS in Debian
  - From: Steve Langasek <vorlon@debian.org>
- Re: GnuTLS in Debian
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: Release sprint results - team changes, auto-rm and arch status
Next by Date: Re: GnuTLS in Debian
Previous by thread: Re: GnuTLS in Debian
Next by thread: Re: GnuTLS in Debian
Index(es):
- Date
- Thread