On 2025-10-05 08:51:02 +0200 (+0200), Andreas Tille wrote: [...]
The advice concerns how Debian should handle potential copyright violations — cases where code has been published without the right to do so. As you perfecctly know we do our best to avoid this. Its just for cases if something might have slipped through. In the very improbable case that someone claims the distribution of some code may be unlawful, Debian needs to react quickly to minimize legal risks. The 48-hour timeframe mentioned is not a hard rule but an example I came accross of what might be considered “speedy” action in a potential court case; the key point is that we must not knowingly continue to distribute code that infringes copyright.
[...]As SPI is the "legal person" representing the Debian project, such cases would typically be notified by physical mail to SPI's retained counsel who would then review the claims and provide recommendations for further action. The turn-around time for this sort of thing could easily be weeks, so expecting the project to then react comparatively instantaneously on counsel's suggested course is unrealistic. I'm not a lawyer, but from what I've seen courts tend to understand that these things take time to address and if you can demonstrate good faith/best effort compliance that's usually enough.
If there is truly concern, I recommend reaching out to get feedback from counsel; it's what they're for.
[Not replying in my capacity as a director/officer but merely as an interested community member who doesn't want to see the project waste time and energy unnecessarily.]
-- Jeremy Stanley
Attachment:
signature.asc
Description: PGP signature