With the whole git history as a bundle, and our current policies around Freeness, the maintainer and the ftp team would be responsible for ensuring and verifying that every past commit reachable from the bundle is *also* Free, which is a much, much larger task -
Would they really? Maybe we need to discuss that.
Do we delete all our old snapshots from snapshot.d.o if/when
infringing or non-Free content is detected in a package?
AFAIK: no we don't.
So why should content that is in the bundle (= upstream branch of
the source archive) but has been removed from the branch that's
used to build our packages be handled any differently? Both
continue to be accessible from our archives, albeit in a form
that's not immediately accessible – even more so if we don't use a
named branch for the Upstream git archive (we don't need such a
named branch in any case).
and every time some past commit contained non-Free content, the maintainer would have to amend that commit to remove it, and then rebase the rest of the history from that point onward (including merges!) onto the amended commit.
Assuming that we need to do this in the first place (see above): That's not a problem. The git tools that do the clean-up are deterministic. Thus when a new past commit is discovered you apply the cleanup step to both your clone of Upstream and your current Debian source repository, force-push the latter, and you're back in sync. No rebasing is required.
Yes that requires running the cleanup code on every copy, if/when
such past content is discovered. Fortunately that should not
happen too often. I wouldn't consider this to be a show-stopper,
either legally or technically.
-- -- regards -- -- Matthias Urlichs
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature