On Wed, 8 Jan 2025 at 14:35, Peter Pentchev <r...@ringlet.net> wrote: > > On Wed, Jan 08, 2025 at 10:19:34AM +0100, Julien Plissonneau Duquène wrote: > > Le 2025-01-07 21:52, Peter Pentchev a écrit : > > > > > > Hm. That sounds interesting, but I think the Debian project cannot > > > protect such a mirror from automatically bringing in non-DFSG content > > > that appears in the remote repository. One might even take this one step > > > further and go to content forbidden by law in various jurisdictions. > > > > Then we are going to have the same issue implementing automated upstream > > release imports in packaging repositories, e.g. with the Janitor, and this > > is a service I would very much like to have. > > Unfortunately you are correct that the same problem would arise.
Note that there aren't, and never were, rules concerning DFSG content and git repositories. In Salsa (and also in its predecessor forge, Alioth) you can find repositories for packages uploaded to non-free - firmwares, drivers, etc. And that makes sense, as the rules apply to the 'main' section of the archive, which is what we ship to users, not to development infrastructure, otherwise you couldn't upload non-free packages to buildds to get them built, or deb.debian.org to be published in the non-free section, and so on. So it's entirely ok if mirroring brings in non-DFSG content, as long as packages are uploaded to the appropriate non-free or firmware sections of the archive.
