On 2025-10-05 12:29 +0200, Santiago Vila wrote:
Andreas wrote:If a copyright holder claims a package infringes their rightsI'd like to believe that a mere "claim" should not be enough for us to remove something in 48h or whatever short period of time. There must be something of substance. Otherwise we would be at the mercy of copyright trolls like SCO.
Exactly - any removals process which is triggered by a mere claim is favouring the claimant over Debian and our reasonably rigorous processes. And malicious claimants is certainly a possibility (but not something we have suffered from so far, SFAIK) I am not convinced that there is any good reason for implementing 'automatic removal on external claim', although it is possible that there is legislation that makes this prudent. The DMCA takedown mechanism works this way (US legislation), but that's been around since 1998 so it's not obvious why that would make us change our processes now. Andreas, you referred to some meeting in some of your replies where this was discussed and you got advice, but I am lacking context here. Who met with whom, and who was advising? What was the meeting about? Was the advice about some specicifc cases/legislation or just the normal conservatism of lawyers. We already have a process for removing/updating packages which contain copyright infringements. I think someone has to show why that process is no longer adequate before we make changes. How often do we get such bugs/issues in practice? It seems very likely that this has happened sometime in the last 30 years, but I suspect not very often. Wookey -- Principal hats: Wookware, Debian http://wookware.org/ Matrix: @wookey:matrix.org
Attachment:
signature.asc
Description: PGP signature