[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Legal advice regarding the NEW queue

The Wanderer <wanderer@fastmail.fm> writes:

> What I read Scott as having been suggesting, by contrast, is that people
> instead do copyright review for packages already in Debian, which may
> well have had changes that did not have to pass through NEW and that
> might not have been able to pass the NEW copyright review.

> If a practice of doing that latter were established and sufficiently
> widespread, then it would not be as important to do the review for every
> package in NEW, and the FTP team might feel less of a need to insist
> that the review take place at that stage of things.

Various people have different reactions to and opinions about the
necessity of this review, which I understand and which is great for
broadening the discussion.  But I feel like we're starting to lose track
of my original point, namely that I don't see why we are prioritizing this
particular category of bugs over every other type of bug in Debian.  The
justification has always been dire consequences if we don't stamp out all
of these bugs, but to be honest I think this is wildly unlikely.

In other words, this thread is once again drifting into a discussion of
how to do copyright review *better*, when my original point is that we
should seriously consider not doing the current type of incredibly tedious
and nit-picky copyright review *at all*, and instead rely more on
upstream's assertions, automated tools, and being reactive in solving the
bugs that people actually care about (i.e., notice).

In other words, what if, when upstream said "this whole package is covered
by the MIT license," we just defaulted to believing them?  And if there's
some file buried in there that's actually covered by the GPL, we fixed
that when someone brought it to our attention, or when we were able to
detect it with automated tools, but we didn't ask people to spend hours
reviewing the license headers on every source file?  What, concretely,
would go wrong?

Scott correctly points out that there are a ton of copyright bugs in
Debian *anyway*, despite NEW review.  He sees this as a reason for not
relaxing our review standards.  I see it as the exact opposite: evidence
that our current review standards are not achieving the 100% correctness
we have claimed to be striving for, and the nearly complete lack of
practical consequences for that failure.  It really seems to me like
evidence that this task is not as important as we think it is.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: