Re: DFSG FAQ (draft)
Henning Makholm <email@example.com> writes:
> In my opinion we actually try our damnedest to make sure, to the best
> of our knowledge, that people *can* rely of having the DFSG freedoms
> when they use software from Debian.
But this is not true. Almost never, the source code itself is
examined, although it's the source code that matters from a legal
point of view.
> To claim that we're doing all of this solely to make a political
> statement would be dishonest in the extreme,
Maybe, but it's important to refute the idea that a DFSG license audit
alone implies that it's legal to distribute the software.
> In short, while we try our best to include only free software in
> Debian, we can and do make mistakes on occasion.
"try our best" is a bit too euphoric. You simply cannot check the
legal status of some piece of software without examining the source
Maybe we could add the following sentences at this point: "Debian
relies on the judgement and integrity of the developers whose software
it distributes. In some rare cases, these developers knowingly or
inadvertently misrepresent the legal status of their software."
> When that happens and is found out, we shall be immensely
> embarrassed, but we cannot be liable legally to users or
> distributors who, trusting our judgement, suffered losses because
> of the mistake.
The project itself might not be liable (I don't know the legal setup
at all, if it exists), but the distributors could be. This particular
section looks pretty much like wishfully thinking. 8-(
> Users and distributors must understand that they alone must bear the
> legal risk inherent in relying on information that they got for free
> from a self-appointed team of mostly unknown unpaid volunteers who
> gathered it in their own time and using their own, mostly lay,
> knowledge. If you cannot accept that risk yourself, we must advise
> you either not to use or distribute Debian, or to hire a lawyer for
> yourself and have him/her research the legal state of each piece of
> software indicidually.
Sadly, most upstreams do not properly keep track of contributions, so
you are asking for something which is practically impossible (but
that's not Debian's problem, of course).
>  Perhaps then there should also be a follow-up question along the
> lines of
> Q. How can I find out if there are known doubts about the freedom of
> a particular package in Debian but for some reason they have not
> yet led to it being removed from the archive?
I think it's a good idea to include this question and answer.