[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Questions for all candidates: decentralization of power

On Thu, Apr 01, 2010 at 01:45:45PM +0900, Charles Plessy wrote:
> If it is not an export or a license violation that a member of the FTP team
> inspects a package, then I do not think it is for any other member of the
> project. I am not proposing to give a read access to the NEW queue for any
> other purpose.

I think that what we are doing now puts us in very safe legal ground.  I
fear what could happen when some litigious copyright holder accuses us
of illegally redistributing their software and our reponse is, "We just
copied it to one other machine so that we could make it available to our
entire membership."

> If because you do not trust the other DDs to respect the rules, that packages
> in the NEW queue must not be resdistributed before they are accepted, then yes,
> you have to do the work alone. 

It doesn't take long processing NEW to realize that many DDs cannot be
trusted to make sure that all of the code they are uploading is legally

> If we do not think that the DDs respect the
> rules (http://www.debian.org/devel/dmup, in which we could add a note about NEW
> packages before opening up the mirror), how can we tell our users that our
> system is secure?

The problem is also one of accountability.  If the DD screws up and
eventually an ftp-master or a mirror owner or DPL or SPI or someone else
is the one getting sued, can the person getting sued hold the DD


Attachment: signature.asc
Description: Digital signature

Reply to: