On 14.06.24 11:38, Simon McVittie wrote:
With the whole git history as a bundle, and our current policies around Freeness, the maintainer and the ftp team would be responsible for ensuring and verifying that every past commit reachable from the bundle is*also* Free, which is a much, much larger task -
Would they really? Maybe we need to discuss that.Do we delete all our old snapshots from snapshot.d.o if/when infringing or non-Free content is detected in a package?
AFAIK: no we don't.So why should content that is in the bundle (= upstream branch of the source archive) but has been removed from the branch that's used to build our packages be handled any differently? Both continue to be accessible from our archives, albeit in a form that's not immediately accessible – even more so if we don't use a named branch for the Upstream git archive (we don't need such a named branch in any case).
and every time some past commit contained non-Free content, the maintainer would have to amend that commit to remove it, and then rebase the rest of the history from that point onward (including merges!) onto the amended commit.
Assuming that we need to do this in the first place (see above): That's not a problem. The git tools that do the clean-up are deterministic. Thus when a new past commit is discovered you apply the cleanup step to both your clone of Upstream and your current Debian source repository, force-push the latter, and you're back in sync. No rebasing is required.
Yes that requires running the cleanup code on every copy, if/when such past content is discovered. Fortunately that should not happen too often. I wouldn't consider this to be a show-stopper, either legally or technically.
-- -- regards -- -- Matthias Urlichs
OpenPGP_signature.asc
Description: OpenPGP digital signature
