[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FTP Team -- call for volunteers


On 15.03.20 12:55, Michael Lustfield wrote:

> Personally, I was shocked when I found out we do review on the same server that
> hosts the archive. I would have expected a separate server for review. However,
> my expectation comes from younger environments, where CD/CI and extensive code
> review processes are expected. When I try to picture how the current system
> evolved (more evident as you dig into dak source...), it makes sense.

There are two aspects to distribution: a license from the copyright
holders, and export permissions from the country where the archive is

Both of these are *currently* rather relaxed in the US, with DMCA safe
harbor provisions and a blanket permission to export cryptography (the
existence of which Debian had a large hand in), which allows places like
Github to operate.

It is unclear how much the DMCA protects us if we have a review process
before publication (i.e. are we still good if we have any manual step,
or must publication be fully automated?), and there is also a bill
underway that would tighten requirements on cryptography software again
if not defeated.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: