Re: DRAFT: debian-legal summary of the QPL
On Sat, Jul 24, 2004 at 09:11:05PM -0700, Josh Triplett wrote:
> Matthew Palmer wrote:
> > On Sat, Jul 24, 2004 at 10:48:23PM +0200, Sven Luther wrote:
> >
> >>On Sat, Jul 24, 2004 at 03:27:26PM -0400, Michael Poole wrote:
> >>
> >>>Sven Luther writes:
> >>>
> >>>>Each time i make a new upload, a notice of the upload is sent to the US
> >>>>security agencies, at least this is how i understood it. This include my
> >>>>changelog entry, my name and email, my GPG key, and the time at which i make
> >>>>this upload.
> >>>
> >>>In other words, they are effectively subscribed to the
> >>>debian-*-changes mailing lists? I still don't see how
> >>>that is any kind of privacy concern like you claimed.
> >>
> >>I am against it in principle. Having them subscribe to the debian-*-changes
> >>mailing list is an active effort of their part, while we willingly push data
> >>to them.
> >
> > So you're now not OK with the QPL's requirement that we push data to the
> > initial developer of a QPL'd work, I take it, since you're against Debian
> > pushing data to the US government?
>
> Technically, the QPL just requires you to provide changes on request,
> not push them to the original developer. That doesn't make it any less
> non-free, but the two situations you mentioned are distinct.
Well, the US government has requested that data. If the licence said "you
must push a copy of changes at the time of first distribution of those
changes", it'd be exactly the same. As it is, it's equivalent to the
upstream author saying "I'll have those changes" as soon as you distributed
them to another party.
In a way, it's better that we push at modification time, because we know we
have no further obligations and can completely forget about needing to keep
them after that. The QPL requires long-term storage.
- Matt
Reply to: