On Wednesday, July 23, 2025 12:21:38 PM Mountain Standard Time Russ Allbery wrote: > thomas@goirand.fr writes: > > There may be some edge cases. What if a country decided to forbid > > shipping youtube downloaders ? Or gambling software ? > > Or cryptographic algorithms that do not have government back doors. That is a good point. In the past, Debian dealt with the issue of cryptographic export legislation by effectively having two archives of Debian, on that could be distributed in the US and one that couldn’t. We could certainly try to go down that road again. However, as world laws get more fractured on these issues, I think the more likely route is that we are going to decide there are certain jurisdictions where we are going to refuse to distribute and support Debian rather than complying with their laws. Partially because having 50 different versions of Debian is unsustainable from a volunteer effort perspective. In a more general sense, I think that the divergence of an international legal standard on a whole host of issues is probably going to be the single greatest threat to Debian in the decades to come. We saw this on a very small scale with the sanctions placed on Russia. By its nature, open-source software is developed collaboratively on an international scale. What happens when war breaks out between significant international players? What happens when countries pass laws that prohibit the use of software with contributions from citizens of countries with which they are at war? What happens when countries pass laws that prohibit the distribution of software to citizens of countries with which they are at war? Debian could likely find itself in a situation where they can no longer continue to operate in countries on both sides of an armed conflict. At that point, it can either fracture into two organizations, one on each side of the conflict. Or, it can case to operate in countries on one side of the conflict. To make this more complex, I don’t think we will end up with just two sides of a conflict like we have had for the last 80 years or so. Rather, things are moving towards a more splintered future. Most of what I have written above doesn’t directly address the topic at hand, except for the sense that I think any Code of Acceptable Content policy should be explicit that we follow all legal requirements for the content we ship, but only for those jurisdiction where we operate. Currently that is the whole world (as far as I know), but it won’t be able to stay that way indefinitely. -- Soren Stoutner soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.