Hi, On 18.03.20 17:25, Theodore Y. Ts'o wrote: > The uploader has *already* distributed the package by uploading it to > ftp.debian.org. So the uploader already has any (99.99% of the time, > completely non-existent) liability. Yes and no. The uploader has distributed it to Debian, and Debian then can decide if they distribute it further. >> 2) We would be very limited in what checks we could actually do on new >> packages. If we look too closely at packages, we stop being a >> distributor, and start being a publisher. I'm not sure that we want to >> move towards just being a distribution platform, rather than actually >> doing QA checks. > I'm confused. As near as I can tell, we already are looking super > closely at new packages. Yes, which is why we are expected to make diligent decisions on whether we want to distribute it further. We could move towards a fully automated process like GitHub's and assert that we should be awarded the same protections against liability for copyright infringement (i.e. DMCA rules with a requirement to remove after notification). Simon
Attachment:
signature.asc
Description: OpenPGP digital signature