On 1/31/22 10:35, Pirate Praveen wrote:
On തി, ജനു 31 2022 at 10:07:32 രാവിലെ +0100 +0100, Stephan Lachnit
<stephanlach...@debian.org> wrote:
On Sun, Jan 30, 2022 at 8:35 PM Russ Allbery <r...@debian.org> wrote:
I do think that the amount of effort that the project puts into this
pre-screening is of sufficiently high magnitude that it would be worth
paying a lawyer for a legal opinion about whether or not we need to do
it. The savings to the project if we found out that we didn't, or that we
could do something simpler and more easily automated, would be more than
the cost of the legal opinion.
+1
Looking at the last financial numbers I found [1], we have at least
~750k USD we could use for this purpose. I don't really know how
expensive lawyers are, but I doubt that this would cost more than 10k.
Heck, we could even hire two lawyers without any significant financial
impact (maybe in the US and EU as I think these are probably the most
prominent areas for potential copyright lawsuits), even if it costs
50k.
IMHO that would be totally worth it. And instead of investing scarce
man-hours into pre-screening, we could create a money pool for
financial support in case there is a copyright lawsuit. The
pre-screening in NEW doesn't prevent someone from claiming copyright
infringement anyway, there is just a smaller chance that the lawsuit
is justified. But sadly even winning a lawsuit can still cost a
significant amount of money.
I agree. We should get real lawyers involved, pay and settle this issue
>once and for all. As a maintainer who maintains a large number of
>packages, NEW queue is big friction point for me personally and I'd be
>very happy to see a solution for it, other than the status quo. Even
>if the status quo is correct, I'd like this to be backed by a legal
>opinion that we can rely on.
Is there any precedent of a lawsuit against Debian due to copyrighted
content in its archives? The gross intellectual property theft, Oracle
sources found somewhere, Oodle compression applying for sid... will
likely not even pass NEW in any case, extensive pre-screening or not.
While I am sure that helping one of the big four consulting firms, or
Mazars, make a living, will not encounter particular difficulties from
them; there surely can be found resources in the association and
political landscapes, which will at least widen the discussion as to
where to take advise from? On different scales, I see at least:
## French scope
-CNIL - state entity [1]
-APRIL - notable association [2] - ap...@april.org
-Quadrature du net - notable association [3]
## EU scope
-There was a man whom helped pass GDPR with Margrethe Vestager,
was it Mathias Vermeulen? [4]
-CCBE - The voice of European Lawyers
-Reach to the Commission or Parliament directly?
## Global scope
-GNU foundation
-Linux foundation
Ultimately, Debian is not bound to a particular territory?
United Nations and its satellites [5]could be a relevant scope for
inquiries.
Thank you to everyone involved for trying to strike the right balance,
between archives being a haven of quality and free software, and
following the crazy pace of software complexity.
Best regards, Maxime
[1]https://www.cnil.fr/
[2]https://listes.april.org/wws?pk_vid=ead171ca7a6f2a4a16436549595cd1f6
[3]https://www.laquadrature.net/about/
[4]https://www.awo.agency/about/mathias-vermeulen/
[5]https://unctad.org/system/files/official-document/ecosoc_res_2021d30_Note_OpenSource_en.pdf
