[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squeak in Debian?

"Lex Spoon" <lex@cc.gatech.edu> wrote:
> Walter Landry <wlandry@ucsd.edu> wrote:
> > "Lex Spoon" <lex@cc.gatech.edu> wrote:
> > > 
> > > I've posted a summary of the discussion on including Squeak in non-free:
> > > 
> > > 	http://minnow.cc.gatech.edu/squeak/3733
> > > 	
> > > I'll edit it as issues come up.  There are two open issues:
> > 
> > The indemnification clause is _not_ acceptable.  Using phrases like
> > "it is extremely unlikely" won't cut it.
> 
> Why not?  We are talking about whether we find it acceptible to
> distribute Squeak, not whether Squeak is completely DFSG free.  What
> standard do you propose?  If you worry about every imaginable legal
> action, then we end up doing nothing, so surely we need to assess
> *realistic* risk.
> 
> Keep in mind that "it is extremely unlikely" was only part of the
> argument.  There is also that we are only liable "to the extent that"
> our distribution is involved in the case.  Further, we can choose to
> defend the case ourselves if we prefer, just as if we'd been sued
> directly.

The problem is that Debian distributors would have to defend Apple at
all.

> In total, this seems like we end up with the same level of liability
> we already have.

The clause in question opens up a new kind of liability to the
mirrors.  Before, they only had to worry about the screwy laws in
their own country.  Now they have to worry about everyone's screwy
laws.

It is helpful to consider what it would be like if non-free were full
of these kinds of licenses.  Americans could be liable to defend
people for violating Britain's Official Secrets Act.  French would
have to defend people against the DMCA.

> > > 1. Export regs.  Are our servers up to snuff for avoiding export to US
> > > embargoed countries?  (It looks to me that we need to handle this
> > > anyway, even aside from Squeak's license.)
> > 
> > As I understand it, the US servers do not export software to those
> > countries.  However, probably not all of the non-us mirrors check
> > whether a request originates from Cuba [1].  In that case, the mirrors
> > would be violating the license (but no law that applies to them).
> > This is different from what I said before, because I didn't think
> > about mirrors outside the US redistributing software to Cuba.
> 
> We probably need to have all the mirrors following US export law.  How
> hard would that be to implement?

I don't think the problem is technical.  There are a fair number of
people who do not agree with the Cuban embargo, inside the US and out.

> The thing is, if a Swiss Debian mirror allows downloads from Cuba,
> and a US-based server lets that mirror download stuff from the US,
> then the US-based server is breaking US export law.  You can't
> export from US to Cuba either directly or indirectly.
> 
> Now, there are exceptions to export law involving stuff that is
> publically available and/or free.  Also, posting on an ftp site might or
> might not be considered "exporting".  So there are at least two
> loopholes we might be able to exploint.  IANAL so I can't tell.

The legal advice that Debian got is at 

  http://www.debian.org/legal/cryptoinmain

As I read it, it was suggested that the main mirrors should do reverse
DNS lookups.  I don't think that happened, but I am far from in the
know.

Regards,
Walter Landry
wlandry@ucsd.edu
Reply to: