Re: CoC policy for package contents

[Ilu <ilulu@gmx.net>]

Am 23.07.25 um 21:55 schrieb Soren Stoutner:
> On Wednesday, July 23, 2025 12:21:38 PM Mountain Standard Time Russ Allbery
> wrote:
> > thomas@goirand.fr writes:
> > > There may be some edge cases. What if a country decided to forbid
> > > shipping youtube downloaders ? Or gambling software ?
> >
> > Or cryptographic algorithms that do not have government back doors.
>
> That is a good point.  In the past, Debian dealt with the issue of
> cryptographic export legislation by effectively having two archives of Debian,
> on that could be distributed in the US and one that couldn’t.
>
> We could certainly try to go down that road again.  However, as world laws get
> more fractured on these issues, I think the more likely route is that we are
> going to decide there are certain jurisdictions where we are going to refuse
> to distribute and support Debian rather than complying with their laws.
> Partially because having 50 different versions of Debian is unsustainable from
> a volunteer effort perspective.
>
> In a more general sense, I think that the divergence of an international legal
> standard on a whole host of issues is probably going to be the single greatest
> threat to Debian in the decades to come.  We saw this on a very small scale
> with the sanctions placed on Russia.  By its nature, open-source software is
> developed collaboratively on an international scale.
>
> What happens when war breaks out between significant international players?
>
> What happens when countries pass laws that prohibit the use of software with
> contributions from citizens of countries with which they are at war?
>
> What happens when countries pass laws that prohibit the distribution of
> software to citizens of countries with which they are at war?
>
> Debian could likely find itself in a situation where they can no longer
> continue to operate in countries on both sides of an armed conflict.  At that
> point, it can either fracture into two organizations, one on each side of the
> conflict.  Or, it can case to operate in countries on one side of the
> conflict.
>
> To make this more complex, I don’t think we will end up with just two sides of
> a conflict like we have had for the last 80 years or so.  Rather, things are
> moving towards a more splintered future.

The topics Soren brought up (crypto, discrimination, conflicting laws, 
cold or hot war) are the things that really worry me and that Debian 
needs to prepare for. I'm not sure whether developing a Code of 
Acceptable Content policy at this point in time is a good idea though. 
World politics and legislations are a moving target and taking a stand 
now will make Debian unflexible to react to whatever comes.

> Most of what I have written above doesn’t directly address the topic at hand,
> except for the sense that I think any Code of Acceptable Content policy should
> be explicit that we follow all legal requirements for the content we ship, but
> only for those jurisdiction where we operate.  Currently that is the whole
> world (as far as I know), but it won’t be able to stay that way indefinitely.

We might get into a situation where we need to protest though even in 
jurisdictions we generally support. I'm thinking about the legal efforts 
that might break E2EE and might require compulsory age verification for 
accessing everything (EU "chat control").
[Take this as a reminder to contact your representatives with your 
protest, if you are in the EU. Next vote about it will be in October.]

Exactly those legal efforts should motivate us to release Trixie to the 
best of our abilities in a state that is appropriate for children, in 
order to not provide arguments to those legal initiatives.

I see absolutely no reason for an uproar about a minor package that the 
release team (I fully trust their evaluation) considered to be not 
adequate for being legally distributed by Debian. If not already done, 
source should be removed too, for the same legal reasons.