[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do we need to hide packages in NEW queue

On 1/31/22 10:35, Pirate Praveen wrote:
> On തി, ജനു 31 2022 at 10:07:32 രാവിലെ +0100 +0100, Stephan Lachnit <stephanlachnit@debian.org> wrote:
>> On Sun, Jan 30, 2022 at 8:35 PM Russ Allbery <rra@debian.org> wrote:
>>> I do think that the amount of effort that the project puts into this
>>> pre-screening is of sufficiently high magnitude that it would be worth
>>> paying a lawyer for a legal opinion about whether or not we need to do
>>> it. The savings to the project if we found out that we didn't, or that we
>>> could do something simpler and more easily automated, would be more than
>>> the cost of the legal opinion.
>> +1
>> Looking at the last financial numbers I found [1], we have at least
>> ~750k USD we could use for this purpose. I don't really know how
>> expensive lawyers are, but I doubt that this would cost more than 10k.
>> Heck, we could even hire two lawyers without any significant financial
>> impact (maybe in the US and EU as I think these are probably the most
>> prominent areas for potential copyright lawsuits), even if it costs
>> 50k.
>> IMHO that would be totally worth it. And instead of investing scarce
>> man-hours into pre-screening, we could create a money pool for
>> financial support in case there is a copyright lawsuit. The
>> pre-screening in NEW doesn't prevent someone from claiming copyright
>> infringement anyway, there is just a smaller chance that the lawsuit
>> is justified. But sadly even winning a lawsuit can still cost a
>> significant amount of money.
> I agree. We should get real lawyers involved, pay and settle this issue > once and for all. As a maintainer who maintains a large number of > packages, NEW queue is big friction point for me personally and I'd be > very happy to see a solution for it, other than the status quo. Even > if the status quo is correct, I'd like this to be backed by a legal > opinion that we can rely on.
Is there any precedent of a lawsuit against Debian due to copyrighted
content in its archives? The gross intellectual property theft, Oracle
sources found somewhere, Oodle compression applying for sid... will
likely not even pass NEW in any case, extensive pre-screening or not.
While I am sure that helping one of the big four consulting firms, or
Mazars, make a living, will not encounter particular difficulties from
them; there surely can be found resources in the association and
political landscapes, which will at least widen the discussion as to
where to take advise from? On different scales, I see at least:
## French scope
- CNIL - state entity [1]
- APRIL - notable association [2] - april@april.org
- Quadrature du net - notable association [3]
## EU scope
- There was a man whom helped pass GDPR with Margrethe Vestager,
was it Mathias Vermeulen? [4]
- CCBE - The voice of European Lawyers
- Reach to the Commission or Parliament directly?
## Global scope
- GNU foundation
- Linux foundation
Ultimately, Debian is not bound to a particular territory?
United Nations and its satellites [5] could be a relevant scope for
Thank you to everyone involved for trying to strike the right balance,
between archives being a haven of quality and free software, and
following the crazy pace of software complexity.
Best regards, Maxime
[1] https://www.cnil.fr/
[2] https://listes.april.org/wws?pk_vid=ead171ca7a6f2a4a16436549595cd1f6
[3] https://www.laquadrature.net/about/
[4] https://www.awo.agency/about/mathias-vermeulen/
[5] https://unctad.org/system/files/official-document/ecosoc_res_2021d30_Note_OpenSource_en.pdf

Reply to: