[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we need to hide packages in NEW queue

On Sun, Jan 30, 2022 at 8:35 PM Russ Allbery <rra@debian.org> wrote:
> I do think that the amount of effort that the project puts into this
> pre-screening is of sufficiently high magnitude that it would be worth
> paying a lawyer for a legal opinion about whether or not we need to do
> it.  The savings to the project if we found out that we didn't, or that we
> could do something simpler and more easily automated, would be more than
> the cost of the legal opinion.


Looking at the last financial numbers I found [1], we have at least
~750k USD we could use for this purpose. I don't really know how
expensive lawyers are, but I doubt that this would cost more than 10k.
Heck, we could even hire two lawyers without any significant financial
impact (maybe in the US and EU as I think these are probably the most
prominent areas for potential copyright lawsuits), even if it costs

IMHO that would be totally worth it. And instead of investing scarce
man-hours into pre-screening, we could create a money pool for
financial support in case there is a copyright lawsuit. The
pre-screening in NEW doesn't prevent someone from claiming copyright
infringement anyway, there is just a smaller chance that the lawsuit
is justified. But sadly even winning a lawsuit can still cost a
significant amount of money.

If I compare how other mediums handle copyright violations, most
services have a "file a claim infringed copyright here" button on
their site (e.g. YouTube). For example, we could write a DMCA policy
like e.g. Github [2], hyperlink in the footer of all our official
websites, make a small "debian-dmca" tool that is always available in
our builds to file claims and provide infrastructure to process such
claims. I highly doubt that anyone will ever directly start a lawsuit
instead of sending a cease-and-desist letter first, I'm not even sure
if it is legal to start a lawsuit without doing this first.

IANAL of course, but that's why we should actually pay one. If we just
keep discussing and amending "IANAL" to our messages we won't fix any
of our problems. And of course in addition to paying a lawyer, we
should ask what other distros do (especially Ubuntu, SUSE and RedHat
as they are from large companies with a legal department).


[1] https://lists.debian.org/debian-devel-announce/2021/08/msg00005.html
[2] https://docs.github.com/en/github/site-policy/dmca-takedown-policy

Reply to: