On Tue, 07 Apr 2020 14:44:04 +0100 Roy Bamford <neddyseag...@gentoo.org> wrote:
> Gentoo must not single out any package for special treatment. Indeed. Cases like this just demonstrate that something about the way we do things is somehow inadequate. The idea that "what we have works" is something we get away with, because people just exclude the things that would break things. Sometimes you just need some case like this to make an example of us. Like happened with Rust: - It took a while and a bunch of legal threats for them to publish a GDPR compliance privacy notice. - They (crates.io) still haven't made a clear definition of what legal conditions apply and what may or may not be uploaded (Some people are presently testing those waters by publishing code with copyright notices and "no distribution" clauses, in the hope they can get their ass into gear and make it clear ) And I've seen people "test the system" for CPAN too. Its clear we need *something* in place, but I doubt that "something" is something that can be achieved in an appropriate way with the way our tooling currently works. ( In that, its basically an all-or-nothing scenario for the most part, where finer grained and policy-based exlusions, like ACCEPT_LICENSE, make sense to employ )
pgpsQPxoI_VM5.pgp
Description: OpenPGP digital signature
