[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PROPOSAL] Allowing crypto in the main archive

Manoj Srivastava wrote:
> 
> >>"Jakob" == Jakob Bøhm <jbj@image.dk> writes:
> 
>  Jakob> The main archive is mirrored and copied around the globe both
>  Jakob> inside and outside SPI.   Including anything which it would
>  Jakob> be illegal to post or copy anywhere in the world could get
>  Jakob> those mirrors and users in trouble.
> 
>         Aside from being silly, and holding ourselves hostage to any
>  bunch of lawmakers anywhere in the world, this is impractical. Care
>  to tell me if make is free under all the laws of Estonia? What about
>  Kazhakstan? Did you know that the comments in the source code of the
>  kernel itself make it illegal to put on a web site in at least 3
>  legal jurisdictions I am aware of?
> 
>         Debian is inclusive; and things that can't be put on master
>  are put on the non-{the country master lives in} servers. People in
>  jurisdiction where some software is illegal, can always craft rsync
>  rules to do partial mirrors.
> 
>         I still object to this on the grounds of freedom of
>  expression. if not just mere impracticality: We can't afford to bring
>  Debian down to the most common denominator (even given that we could
>  even begin to discover what that is -- I know that it can't include
>  the Linux kernel) at the mercy of all parochial laws out there.
> 
>         Oh, in case you are wondering, I shall formally object to any
>  such scheme to pull any more software off master that we are not
>  constrained to do because of silly parochial laws of the locale master
>  is hosted in.
> 
>         manoj

Ok, I was not trying to provoke the flames this has set
off, so let me state my case in a different way.

I was trying to state in less ambiguous terms the purpose
currently served by the non-us section, not to propose
additional restrictions on what goes into master.

My statement was based on some current facts regarding
how the Debian distribution is structured.

1. There are currently only 2 subsets of Debian in
common use:  The full set carried by the secondary
master and the mirrors in various enlightened
countries, and the omit-non-us subset carried by
most other mirrors.

2. The issues currently used for the division is
cryptography and patents.  Both of which used to be
issues in the US.  Now the crypto problem may be
(at least temporarily) gone for the US, but probably
not for all omit-non-us mirror sites.

3. The current structure of the Debian archives,
specifically the Packages.gz and other index files
makes it very difficult to maintain a subset mirror
without breaking apt.  Requiring each mirror site
(e.g. ftp.fr.debian.org) to do extra work may force
those sites to simply give up and stop carrying
Debian at all.  This was the issue I was trying to
address by the header proposal I was convinced to
drop.

4. There is currently no easy way for an inexperienced
user to figure out how to create a sources.list file
dealing with a nearby incomplete mirror, a less nearby
less incomplete mirror and a fallback to worldmaster
for the remaining files.  This is likely to create
a situation where more users ignore the mirrors and
download everything from master thus defeating the
purpose of having mirrors in the first place.  One
solution could be for each national mirror to carry
an adapted default sources.list file which is downloaded
automatically by the boot disks.

5. For countries in which almost anything is illegal,
dropping Debian mirroring in those countries is already
being done as a solution.

6. It remains the responsibility of each mirror site
to determine if the conditions used by SPI to accept
uploads provide sufficient conditions to make the
mirror legal in their location.  My proposal simply
keeps one of the existing conditions needed by some
of these sites.  Admitting crypto into the omit-non-us
subset would require each international mirror to review
whether or not they can still legally carry Debian.

7. It remains the responsibility of each user to
download only material legal in his or her location,
however if crypto functions start making their way
into regular packages like fetchmail, some users may
suddenly be unable to use Debian because they can
no longer download the omit-crypto version.

However some of this is speculative, maybe someone
closer to the core should survey the existing mirrors
to check how many can actually carry crypto legally,
then it would be easier to decide whether or not
losing the remaining mirrors is acceptable.


-- 
This message is hastily written, please ignore any unpleasant
wordings,
do not consider it a binding commitment, even if its phrasing may
indicate so. Its contents may be deliberately or accidentally untrue.
Trademarks and other things belong to their owners, if any.
Reply to: