Re: Do we need to hide packages in NEW queue
On 2022/01/30 21:34, Russ Allbery wrote:
Francesco Poli <email@example.com> writes:
I thought the basis was the fact that copyright and licensing bugs may
have bad legal consequences (lawsuits against the Project for
distributing legally undistributable packages, things like that), while
technical bugs do not cause issues with lawyers and are, in this sense,
"easier" to fix.
Sure, everyone says this, but is this *true*?
The free software community has a tendency to assume a lot of things about
laws that aren't actually true. Sometimes this is useful conservatism,
since there are a lot of legal areas for which the answer is not
clear-cut, and if it doesn't matter much either way, better to avoid any
sharp corners. But in this case, this assumption has a very high cost for
the project, so maybe it's worth finding out whether it actually matters.
Very true indeed.
As people have pointed out in the numerous previous iterations of this
discussion, it's not like the ftp-master screen eliminates all copyright
and licensing bugs on project services. I'm sure that we've accidentally
pushed non-distributable material to Salsa, we did to Alioth before that,
ftp-master will occasionally make mistakes, etc.
We should act with alacrity to remedy serious copyright and licensing
bugs; no one is arguing against that. But is it legally necessary to take
the very specific measure that we are currently taking against them?
I don't believe it is, if a piece of work is uploaded in NEW, chances
are that we already host that in a public git repository already. Also,
in the legal framework the process is usually to first send a cease and
desist before further escalating, so in the case of that happening, I'm
quite confident that the FTP masters will oblige and that it wouldn't
become a major issue. (but also #IANAL)
As for getting legal advice, we do have an existing contract with Aaron
K. Williamson of Williamson Legal, PLLC (https://www.akwlc.com/). His
specialty is Open Source softwware, technology, licensing and contracts,
so he would be a good person to ask specific questions about this, and
since we have an existing contract with him, it's really easy to set up
a video call / email thread with him if anyone wants to get some advice
from him. So if anyone has some time / energy to put together some
concrete questions / examples (and ideally also recruit one or more
people from FTP team to be involved), then I'd be happy to do the
introductions and set that up.