On Thu, Apr 01, 2010 at 01:45:45PM +0900, Charles Plessy wrote: > If it is not an export or a license violation that a member of the FTP team > inspects a package, then I do not think it is for any other member of the > project. I am not proposing to give a read access to the NEW queue for any > other purpose. I think that what we are doing now puts us in very safe legal ground. I fear what could happen when some litigious copyright holder accuses us of illegally redistributing their software and our reponse is, "We just copied it to one other machine so that we could make it available to our entire membership." > If because you do not trust the other DDs to respect the rules, that packages > in the NEW queue must not be resdistributed before they are accepted, then yes, > you have to do the work alone. It doesn't take long processing NEW to realize that many DDs cannot be trusted to make sure that all of the code they are uploading is legally redistributable. > If we do not think that the DDs respect the > rules (http://www.debian.org/devel/dmup, in which we could add a note about NEW > packages before opening up the mirror), how can we tell our users that our > system is secure? The problem is also one of accountability. If the DD screws up and eventually an ftp-master or a mirror owner or DPL or SPI or someone else is the one getting sued, can the person getting sued hold the DD accountable? stew
Attachment:
signature.asc
Description: Digital signature