clarify FTP master delegation?

To: debian-project@lists.debian.org
Subject: clarify FTP master delegation?
From: Daniel Pocock <daniel@pocock.com.au>
Date: Tue, 11 Mar 2014 19:20:45 +0100
Message-id: <531F53FD.6060604@pocock.com.au>


There is some ongoing discussion (on debian-legal) about whether the FTP
masters will accept a particular package

The FTP team wiki[1] links to a delegation email[2]

The delegation email is very light, it just says they are "Accepting and
rejecting packages that enter the NEW and byhand queues" without any
reference to the policies they should apply

The wiki talks about their policies (which are well known to most
developers), with some comments about the familiar NEW queue:

"This allows (FTP masters) to check the copyright of the package and
ensure that the package meets certain basic levels of correctness. ...
In the case of the package potentially leaving Debian liable to
lawsuits, it is unlikely to be accepted."

"Manual NEW checking is required in order to ensure that uploaded
packages meet certain basic standards. In the absence of the NEW check,
it would be much easier for packages with legal issues or those with
gross packaging defects to enter the main Debian archive."

The comment about lawsuits is very generic - does the earlier sentence
mean that it is just copyright lawsuits or all types of lawsuits?  It
doesn't specify jurisdiction (e.g. are they checking that the packages
don't violate US export laws or Russian gay propaganda laws or what?)

My impression is that the type of issue currently under discussion is
not adequately specified in the FTP master delegation, it leaves the FTP
masters to do more work on something that is actually quite complicated
and has far-reaching ramifications for the project.  It also means the
FTP masters are in a situation where whatever they do, some people will
feel they either did the wrong thing or some people will feel the FTP
masters were wrong to make any decision without the project having a
policy on the matter.

The absence of policy on this also has other ramifications: for example,
a DD could upload a non-controversial v1.0 of a package, receive FTP
master approval and then later v2.0 comes along with controversial
content and according to the wiki, it will be automatically accepted.
So the DD is then making the decision about whether to upload the
content and if their decision is not consistent with what the FTP
masters would have done, is the DD at fault?  If we do expect DDs to
behave in a certain way in these situations, should that be documented?

My own feeling is that Debian could consider a veto policy: that a
petition of say 10% or 20% of DDs can veto any package or other content
and that such decisions will be publicly recorded (unlike other
censorship regimes that are based on secrecy).


1. https://wiki.debian.org/Teams/FTPMaster

2. https://lists.debian.org/debian-devel-announce/2012/10/msg00004.html

Reply to:

Follow-Ups:
- Re: clarify FTP master delegation?
  - From: "Paul R. Tagliamonte" <paultag@gmail.com>
- Re: clarify FTP master delegation?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: clarify FTP master delegation?
  - From: Neil McGovern <neil@halon.org.uk>
- Re: clarify FTP master delegation?
  - From: Stephen Gran <sgran@debian.org>

Prev by Date: Re: Following GR amendments evolution ? - Was: Re: General Resolution: Code of conduct
Next by Date: Re: clarify FTP master delegation?
Previous by thread: Re: Prospective Trusted Organizations - FFIS
Next by thread: Re: clarify FTP master delegation?
Index(es):
- Date
- Thread