Alexis Murzeau <amubtdx@gmail.com> writes: ... > If it's just about legal risk, couldn't the responsibility of the > right to redistribute of the uploaded software be moved on the > uploader instead ? How well does that work if someone outside the USA uploads software to this USA based server which is legal in their own jurisdiction, but falls foul of US law either by being on the server, or perhaps by being distributed or (re)exported, say. ISTR that uploading the ssh binaries from the UK seemed likely to involve me crossing one or other of those lines back in the days of the non-US archive (what with the RSA patent, and the export restrictions on crypto at the time). I know times have changed, but are we not still notionally informing someone of every package that goes through NEW? Telling them (perhaps in a queued email that doesn't get sent any more) that each and every package in Debian may well include crypto at some future date, if it doesn't already, and declaring an initial point of distribution. I would suspect that we might want to check that technical changes to this process remain compatible with the paperwork, because the paperwork may well be harder to change than the technology, and keeping the paperwork in good working order may be a useful shield if some capricious maniac ever managed to be in charge of things. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature