On 3/11/25 6:18 PM, Wookey wrote:
Do we still even _need_ to pre-review the archive the same way we have been for 30 years? Could not post-review when actual problems are noted be sufficient (given that much of the rest of the ecosystem seems to manage this, although a lot of that is source rather than binaries).I know this has been discussed before, but it seems to me that this is something worth reviewing, because NEW reviewing is a big pile of workand additional friction, and if we _could_ just do less of it, that would be good.
I think in previous discussions, it was suggested to pay for a proper legal opinion, may be from SFC or SFLC. I think this would be a good use of Debian's money.
With a proper legal opinion, we will be in a much better position to evaluate changes to these processes.
Wookey
OpenPGP_0x8F53E0193B294B75.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
