Hello, On Fri 04 Feb 2022 at 11:50PM +01, Christian Kastner wrote: > On 2022-02-04 18:39, Russ Allbery wrote: >> In other words, this thread is once again drifting into a discussion of >> how to do copyright review *better*, when my original point is that we >> should seriously consider not doing the current type of incredibly tedious >> and nit-picky copyright review *at all*, and instead rely more on >> upstream's assertions, automated tools, and being reactive in solving the >> bugs that people actually care about (i.e., notice). > > If we're honest, that's basically how the rest of the open source world > already operates in general. Our level of scrutiny is a burden that I > don't see many others sharing. > > Of course "everybody's doing it" doesn't make something right. However, > when things go wrong, they don't seem to go wrong in the dramatic ways > we might anticipate them to. > > If GitHub (a Microsoft-owned entity and thus an attractive target for a > lawsuit) is OK with distributing files uploaded by third parties without > subjecting them to a manual review process, perhaps we have been > overthinking the risks here. Just to note that GitHub let *others* upload things without reviewing, such that they're a communications platform (or whatever the legal term is) not a publisher, but we're a publisher. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature