On Wed, 26 Jan 2022 07:38:10 +0100 Andreas Tille wrote: > Am Tue, Jan 25, 2022 at 01:45:11PM -0800 schrieb Russ Allbery: [...] > > The question, which keeps being raised in part > > because I don't think it's gotten a good answer, is what the basis is for > > treating copyright and licensing bugs differently than any other bug in > > Debian? I thought the basis was the fact that copyright and licensing bugs may have bad legal consequences (lawsuits against the Project for distributing legally undistributable packages, things like that), while technical bugs do not cause issues with lawyers and are, in this sense, "easier" to fix. The consequences of introducing a "legally botched" package into the archive are thus harder to undo, with respect to introducing a technically flawed package... > > > > The need for pre-screening was obvious when we had export control issues, > > but my understanding is that those have gone away. Are we working from > > legal advice telling us that this pre-screening is required for some legal > > purpose? If so, is it effective for the legal purpose at which it is > > aimed? Is this system left over from old advice? Have we checked our > > assumptions recently? I am under the impression that the pre-screening in the NEW queue is an attempt to catch legal issues *before* the package is introduced into the archive. As far as I remember, the FTP masters are the people responsible for what the Debian Project distributes through its archive... Is this wrong (or no longer valid)? [...] > > NEW processing is a lot of friction for the project as a whole and a lot > > of work for the ftp team. If we were able to do less work at the cost of > > a minimal increase in bugs, or at the cost of handling bugs a bit > > differently, maybe that would be a good thing? > > > > In other words, it's unclear what requirements we're attempting to meet > > and what the basis of those requirements is, which makes it hard to have a > > conversation about whether the current design is the best design for the > > problem we're trying to solve. > > I'm CCing debian-legal for this branch of the discussion (but I do not > read this list and think keeping debian-devel in the row is a good idea). Personally, I think the legal pre-screening by the FTP masters in the NEW queue is useful and should be kept. In fact, I wish the pre-screening were stricter. I've seen cases, where a bug is reported against a legally undistributable package and the issue is left unaddressed for ages with nobody apparently caring enough. Maybe it's better, if such issues are addressed *before* the package is accepted into the archive... -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgpsurbZheYoV.pgp
Description: PGP signature