Re: Bug#137946 acknowledged by developer (Re: Bug#137946: security.debian.org: Debian web site is slow to show new DSAs)

[Martin Schulze]

Daniel Quinlan wrote:
> Martin Schulze <[EMAIL PROTECTED]> writes:
> 
> >> Both http://www.debian.org/ and http://www.debian.org/security/ did not
> >> contain a link to the DSA-119-1 that went out on March 7th until over
> 
> > They do now.
> 
> Yes, but the bug is that the DSAs are not posted when the DSAs are sent
> out.  If the DSAs aren't going to be kept up-to-date on the web pages
> mentioned in the bug report, then they are not reliable as a security
> tool and should be removed so nobody has any false impression that they
> can receive notification in a timely manner by checking the web page.
> 
> System administrators might be better off using a site such as
> http://www.linuxsecurity.com/advisories/debian.html instead.

Somebody may want to add something like that to some page.

Regards,

Joey

-- 
In the beginning was the word, and the word was content-type: text/plain

Please always Cc to me when replying to me on the lists.

Re: Bug#137946 acknowledged by developer (Re: Bug#137946: security.debian.org: Debian web site is slow to show new DSAs)

[Josip Rodin]

On Tue, Mar 12, 2002 at 10:23:08AM +0100, Martin Schulze wrote:
> > >> Both http://www.debian.org/ and http://www.debian.org/security/ did not
> > >> contain a link to the DSA-119-1 that went out on March 7th until over
> > 
> > > They do now.
> > 
> > Yes, but the bug is that the DSAs are not posted when the DSAs are sent
> > out.  If the DSAs aren't going to be kept up-to-date on the web pages
> > mentioned in the bug report, then they are not reliable as a security
> > tool and should be removed so nobody has any false impression that they
> > can receive notification in a timely manner by checking the web page.
> > 
> > System administrators might be better off using a site such as
> > http://www.linuxsecurity.com/advisories/debian.html instead.
> 
> Somebody may want to add something like that to some page.

How about you instead get off your ass and do what I suggested in the same
bug number?

It would really be a disgrace to have to point to an external site for stuff
that we basically already have, just not in that form.

-- 
 2. That which causes joy or happiness.

Translating the Alpha Port's news page

[Kaare Olsen]

Hi,

I'm translating the Alpha Port's news page to Danish, but am not keen
on translating the rather outdated news items from 1999 and 2000 (I've
translated some of those).

Is it alright to stop somewhere, remove the untranslated items, and
provide a link to the English version?

-- 
Regards, Kaare - 

Re: debian-legal list entry - confidential information disclosure

[Branden Robinson]

Please review the Disclaimer for Debian's Public Mailing Lists:

http://www.debian.org/MailingLists/disclaimer

For your convenience, the text of this disclaimer follows:

  Disclaimer for the Debian mailing lists

  Our mailing lists are public forums, and our mailing list archives are public.

  By sending an email to such a public forum, you agree to public distribution 
of
  your article. All mails sent to any of our mailing lists (and to the bug
  tracking system) will be publically distributed and archived in our mailing
  list archives.

  Any emails sent by any one person directly to the list, or replies by others 
to
  those emails sent to the list, are considered published, in accordance with 
the
  United States law.

  Obviously the author still owns the copyright to the content of these emails
  that they have written. However, that does not mean that the Debian Project is
  under obligation to remove them from a list archive once published. Several
  legal counsels have reviewed this stance and confirmed it is correct.

  The mailing list archives have been public well before you sent a message to
  that mailing list address. You are responsible for determining who it is you
  are sending your email to. You cannot send email to arbitrary recipients and
  expect that they are automatically forced into accepting your terms for
  receiving your email.

There is no notice of any confidentiality in the message(s) you cite.
Furthermore, even if there were, the Debian Project was and is not party to any
such agreements.  Messages to Debian's public, published mailing lists are not
subject to human editorial or content review.  Once messages to Debian's lists
are sent, they are automatically published.  Note that the above disclaimer
applies just as much to your message as it does the message(s) you cite.

It is not Debian's policy to comply with requests for suppression or censorship
of materials posted to our published, public forums.  In the future, it may be
wise to encourage your employees to exercise greater discretion when
communicating with its customers or the general public.

Debian is a large, venerable organization with a very high profile in the Free
Software, Open Source, and Linux communities.  Its activities and mailing list
traffic are frequently reported on in major news sites such as:

Slashdotslashdot.org
Linux Weekly News   www.lwn.net
Linux Journal   www.linuxjournal.com
Linux Today linuxtoday.com

You can learn more about Debian by visiting its Web Site at:
www.debian.org

Thanks for your understanding and cooperation.

-- 
G. Branden Robinson|Build a fire for a man, and he'll
Debian GNU/Linux user  |be warm for a day.  Set a man on
[EMAIL PROTECTED]  |fire, and he'll be warm for the
http://www.deadbeast.net/~branden/ |rest of his life. - Terry Pratchett


pgphWZjCPfISh.pgp
Description: PGP signature

some legal terms in the new disclaimers

[Josip Rodin]

Hi,

Please explain these so I (and others) can translate in
www.d.o/MailingLists/disclaimer:

"all implied warranties of merchantability and fitness"

I can understand an implied warranty of fitness, but merchantability? How
exactly do we implicitely guarantee that the stuff on the mailing lists is
sellable? :)

"of any kind whatsoever"

Isn't merely "of any kind" or "whatsoever" enough?

"loss of use"

I simply have no idea what this means in this context :)

"use or performance of [...] information"

Can we say "quality" instead? This sounds very odd to me.

-- 
 2. That which causes joy or happiness.

Re: some legal terms in the new disclaimers

[Branden Robinson]

On Tue, Mar 12, 2002 at 09:06:06PM +0100, Josip Rodin wrote:
> Hi,
> 
> Please explain these so I (and others) can translate in
> www.d.o/MailingLists/disclaimer:
> 
> "all implied warranties of merchantability and fitness"
> 
> I can understand an implied warranty of fitness, but merchantability? How
> exactly do we implicitely guarantee that the stuff on the mailing lists is
> sellable? :)

You'll have to ask a lawyer.  In some jurisdictions it is necessary to
explicitly disavow warranties of merchantibility and fitness for a
particular purpose.

> "of any kind whatsoever"
> 
> Isn't merely "of any kind" or "whatsoever" enough?

This is a phrase I have borrowed from some existing legal boilerplates I
have read.  I see no harm in retaining "whatsoever".

> "loss of use"
> 
> I simply have no idea what this means in this context :)

It means if somebody posts a message to debian-user saying "hey, try
setting this flag in your XF86Config-4", and that flag causes the X
server to lock the PCI bus and the machine, and this machine happens to
be network router at the busiest backbone site on the planet, Debian
can't be sued for the traffic that failed to get routed while the
machine was locked up because some dumbass was doing host-based routing
at a major network site, using Linux to do it, running an X server on
that box, and playing around with his X configuration in a production
environment.

> "use or performance of [...] information"
> 
> Can we say "quality" instead? This sounds very odd to me.

Again, borrowed language.  The "performance" language is, I think, an
effort by copyright cartels to stretch the concept of "performance" into
all forms of use so that they can use copyright licenses to prevent you
from, say, reading a book.  ("Ah, you may have BOUGHT a copy of
this electronic book, but we didn't grant you a license to PERFORM it!
And turning it on so you can read it is a PERFORMANCE!")

Please trash that part; I should have omitted it, and I don't want
Debian to appear that it's lending creedence to that bullshit
extrapolation of copyright law.

-- 
G. Branden Robinson|Build a fire for a man, and he'll
Debian GNU/Linux   |be warm for a day.  Set a man on
[EMAIL PROTECTED] |fire, and he'll be warm for the
http://people.debian.org/~branden/ |rest of his life. - Terry Pratchett


pgp5q758uxbmB.pgp
Description: PGP signature

Re: some legal terms in the new disclaimers

[Josip Rodin]

On Tue, Mar 12, 2002 at 03:29:02PM -0500, Branden Robinson wrote:
> > "loss of use"
> > 
> > I simply have no idea what this means in this context :)
> 
> It means if somebody posts a message to debian-user saying "hey, try
> setting this flag in your XF86Config-4", and that flag causes the X
> server to lock the PCI bus and the machine, and this machine happens to
> be network router at the busiest backbone site on the planet, Debian
> can't be sued for the traffic that failed to get routed while the
> machine was locked up because some dumbass was doing host-based routing
> at a major network site, using Linux to do it, running an X server on
> that box, and playing around with his X configuration in a production
> environment.

Er, let's get back to the full context:

  In no event shall Debian be liable for any special, indirect or
  consequential damages, or damages of any kind whatsoever, resulting from
  loss of use, data or profits, arising out of or in connection with the use
  or performance of any information posted on a Debian mailing list.

Can't we simply say:

  In no event shall Debian be liable for any special, indirect or
  consequential damages, or damages of any kind whatsoever, arising out
  of or in connection with the use of any information posted on a Debian
  mailing list.

There doesn't seem to be any need to describe the whole chain of events
leading to the damage :)

(I also skipped the "or performance" part as you suggested below.)
  
-- 
 2. That which causes joy or happiness.

Re: debian-legal list entry - confidential information disclosure

[Thomas Bushnell, BSG]

Branden Robinson <[EMAIL PROTECTED]> writes:

> There is no notice of any confidentiality in the message(s) you
> cite.  Furthermore, even if there were, the Debian Project was and
> is not party to any such agreements.  

In the present case, the emails were sent by eemuconcept.com to a
particular individual, who chose to republish them onto the Debian
list.  That may have been an illegal copy, and if eemuconcept says to
remove them, we should comply.  They didn't post them here.

But, as I said before, that doesn't mean we give in!  We can comply,
and still keep a permanent record of their nastiness, and keep all
their email addresses as visible as they are now.