On Thu, Jan 19, 2012 at 10:07:01AM -0800, Russ Allbery wrote: > Jakub Wilk <jw...@debian.org> writes: > > * Gergely Nagy <alger...@balabit.hu>, 2012-01-19, 17:24: > > >> I might be mistaken, but the amount of NEW > > > Why only NEW? Checking only NEW packages doesn't buy us more than, say, > > checking only package with with have "r" in their name. > > > I know, this is what ftp-folks do. I call this securi^Wdistributability > > theater. > > For the main archive, the NEW check I think is best thought of as a spot > check to ensure maintainers are doing their jobs. The real responsibility > of not uploading non-redistributable material lies with the Debian project > members with upload rights. ftpmaster is just checking for mistakes (at > the point at which most mistakes are made). > > The difference for mentors is that the uploaders are not (yet) Debian > project members and are not guaranteed to be trained in our licensing > policies, and have not agreed to follow our rules.
...which means that a signed SC & DMUP would suffice. To be honest, I don't even see the how mentors being on debian.net instead of debian.org actually does a difference legally. Both domains belong to SPI and are maintained but Debian people -- granted, maintenance is technically different but, standing in front of a judge, I don't think anyone would actually care whether you set a CNAME or asked DSA to do it. Yes, the machine actually holding the data is outside DSA's reach, but then again, it's a DD with his DD hat on who decided to set the CNAME to offer a service for people interested in Debian. IANAL though. And we don't need to discuss the merit of debian.net here. My actual point is in the way shorter half sentence above. Hauke -- .''`. Jan Hauke Rahm <j...@debian.org> www.jhr-online.de : :' : Debian Developer www.debian.org `. `'` Member of the Linux Foundation www.linux.com `- Fellow of the Free Software Foundation Europe www.fsfe.org
signature.asc
Description: Digital signature
