Re: [bmc@it.larc.nasa.gov: Proposal]

To: debian-policy@lists.debian.org
Subject: Re: [bmc@it.larc.nasa.gov: Proposal]
From: Drake Diedrich <Drake.Diedrich@anu.edu.au>
Date: Tue, 17 Nov 1998 11:46:18 +1100
Message-id: <19981117114618.B16270@empire.@>
Mail-followup-to: debian-policy@lists.debian.org
In-reply-to: <[🔎] 19981116162051.G19583@it.larc.nasa.gov>; from Ben Collins on Mon, Nov 16, 1998 at 04:20:51PM -0500
References: <[🔎] 19981116162051.G19583@it.larc.nasa.gov>

   I like the idea of having a small-distributable-everywhere base.
It simplifies things.  I don't think we should make this a formal policy
though, just in case some boneheaded country decides to outlaw disk
recovery tools for copy protection reasons, or something equally
impossible for us.
   The details of assembling the national mirror network and the permissions
database have a few problems.  I don't think we'll be able to build a
completely reliable permissions database: 200 nations, millions of laws and
patents, thousands of packages, hundreds of maintainers - even if we
construct a fairly complete database there will still be errors. I think we
need to separate issues and concentrate only on the prosecutable ones.  We
don't want maintainers to go to jail (well, *I* don't). After that we don't
want SPI and our sponsors to go to be sued out of existence.  Finally, we
don't want users to unknowingly transgress some law or patent.  Those are my
priorities anyway.
   I think we can meet the first two by creating several national master
archive sites (US, DE, and JP already exist, chiark/UK?, perhaps a small AU
site, hopefully we can get a site in a country without a patent system.
Only 76 of the ~200 UN nations are part of the WIPO patent system, and most
of those are independent of each other.
   Export restrictions can be determined on an archive-basis (no crypto
export from US, no patented software in archives in countries with that
patent, ...)  Maintainers need to also be in a legal country, for their
benefit, not Debian's.  Constructing a nation-only archive seems a futile
effort to me.  It benefits few people, it puts the archive maintainer and
package maintainer in significant jeopardy.  It's harder than just letting
someone outside the police state handle to package.
   Users need to then avoid packages that have import restrictions.  I don't
think we should make large changes to our mirror network to accomodate
import restrictions.  We could just as easily put a warning (if known) in
the package description.  "doom - this package violates XXX laws in DE. "
This could be somewhat automated with a Distribution: header in the Packages
file to help users avoid violating an import law (usually patents or
FR--like use restrictions), but many of them won't appreciate this
"assistance" anyway, so we should make it a lower priority than keeping SPI
out of court and us out of jail.
   Probably only CD manufacturers would appreciate a complete database of
which packages may be imported/exported from all 200 nations.  I suggest we
leave it up to them to hire local lawyers to figure it out, supplying them
with whatever information has fallen our way (patent numbers if know, etc).
They should be able to safely copy the unrestricted and a local national
archive, since we'll be doing the same thing.  In one sense this would
encourage large scale vendors to support Debian directly with national
archives- they could safely copy the whole archive to CD.

Reply to:

Follow-Ups:
- Re: [bmc@it.larc.nasa.gov: Proposal]
  - From: Clint Guillot <clint@xenir.com>

References:
- [bmc@it.larc.nasa.gov: Proposal]
  - From: Ben Collins <bmc@it.larc.nasa.gov>

Prev by Date: Re: [bmc@it.larc.nasa.gov: Proposal]
Next by Date: Re: Proposal
Previous by thread: Re: [bmc@it.larc.nasa.gov: Proposal]
Next by thread: Re: [bmc@it.larc.nasa.gov: Proposal]
Index(es):
- Date
- Thread