On 2022-01-31 at 12:32, Russ Allbery wrote: > Marc Haber <mh+debian-devel@zugschlus.de> writes: > >> Even if a lawyer says A, it doesn't buy us anything if J Robert DD >> gets sued and the judge says B, or "not A". > > Yes, a legal opinion cannot fully resolve the question, > unfortunately, since it's a risk judgment. Copyright law is murky > enough that it's unlikely that any lawyer will be willing to > guarantee that we won't lose a lawsuit, and of course no one can > guarantee that we won't be sued. > > What a lawyer can do is give us a better risk analysis. How *likely* > is it that we would be sued over such a thing, and if we were, what > would happen then? How much would it cost us to dispose of the > resulting lawsuit? > > I think it's useful to view this as a price. We're paying a quite > substantial price right now to implement pre-screening. If we > increase the risk that we may temporarily distribute something that > we shouldn't until we discover that and fix it, that comes with some > corresponding increased risk of a legal cost. But in the meantime > we'd be saving a substantial pre-screening cost. My understanding has been that the issue is partly that once something makes it through NEW and into the repository, it is (in principle) there forever; it'll continue to be available through various archive locations, ultimately TTBOMK cascading back to snapshot.debian.org, indefinitely. I am not on the inside of these things, certainly, but I have kept my eyes open from the outside, and I am not aware of there being any mechanism for removing something root-and-branch - across all affected versions, however far back those may stretch - from these repositories and archive locations once it's made it in. In order to avoid continuing to distribute something which we once accepted but which has since been deemed legally undistributable (and thus exposing ourselves to copyright-infringement lawsuits), we would need to have such a mechanism. (If we already do, I'd be interested to learn what it is, in terms of how it's invoked and - to the extent that this isn't unimportant implementation details - how it functions.) Even leaving aside the practicalities of that, I am on a certain conceptual and/or philosophical level uncomfortable with such a removal; having something which was once on a level of distribution to make it into snapshot.debian.org (and might be installed on my machine, or on one of my machines) be removed from that location, and thus no longer available, feels somehow wrong to me. (IOW, I appear to approve of the principle that these things remain there forever.) That could easily not be (and, in fact, probably is not) enough to outweigh the price we're facing now with the pre-screening of NEW, but it's at the very least enough that if not, that would be yet one more weight on the pile of the the reasons why copyright law is Why We Can't Have Nice Things. (I concur with your assessment and arguments overall, I just didn't see this one angle being addressed anywhere, and I feel that it's important enough - assuming it applies at all - to make sure it doesn't get overlooked.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature