[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ***UNCHECKED*** Re: FTP Team -- call for volunteers


On 18.03.20 17:25, Theodore Y. Ts'o wrote:

> The uploader has *already* distributed the package by uploading it to
> ftp.debian.org.  So the uploader already has any (99.99% of the time,
> completely non-existent) liability.

Yes and no. The uploader has distributed it to Debian, and Debian then
can decide if they distribute it further.

>> 2) We would be very limited in what checks we could actually do on new
>> packages. If we look too closely at packages, we stop being a
>> distributor, and start being a publisher. I'm not sure that we want to
>> move towards just being a distribution platform, rather than actually
>> doing QA checks.

> I'm confused.  As near as I can tell, we already are looking super
> closely at new packages.

Yes, which is why we are expected to make diligent decisions on whether
we want to distribute it further. We could move towards a fully
automated process like GitHub's and assert that we should be awarded the
same protections against liability for copyright infringement (i.e. DMCA
rules with a requirement to remove after notification).


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: