From: andreas@an3as.eu 
  
 Hi Ansgar, 
  
 Am Sat, Oct 04, 2025 at 11:39:52AM +0200 schrieb Ansgar €€€€: 
 > > If we agree that this is something we agree as a project, the next step 
 > > is to discuss how to make it feasible €€€ for example, whether the 
 > > proposed split of responsibilities between the Archive Team and the 
 > > DFSG/licensing team could help, and what kind of processes or 
 > > infrastructure improvements would be required. 
 > 
 > If you want guaranteed reaction teams, shifting responsibilities 
 > doesn't seem relevant. You need to guarantee that people are always 
 > available, so in practice paid positions as this cannot be guaranteed 
 > with volunteer work. 
  
 I was rather thinking along the lines of automating this process. 
 According to your insight, how complex would it be to integrate such an 
 "accidental removal" feature into our software stack? The removal could 
 even be implemented in a way that makes the affected content temporarily 
 "not visible to the public" (if I understood the advice I received 
 correctly). 
  
 > And you would need those for all relevant teams and with enough man 
 > power to handle vacations, sick leave, ... 
  
 The advice concerns how Debian should handle potential copyright 
 violations €€€ cases where code has been published without the right to do 
 so.   As you perfecctly know we do our best to avoid this.  Its just for 
 cases if something might have slipped through.  In the very improbable 
 case that someone claims the distribution of some code may be unlawful, 
 Debian needs to react quickly to minimize legal risks. The 48-hour 
 timeframe mentioned is not a hard rule but an example I came accross of 
 what might be considered €€€speedy€€€ action in a potential court case; the 
 key point is that we must not knowingly continue to distribute code that 
 infringes copyright. 
  
 It is therefore in Debian's interest to establish a clear, centralized 
 process for handling copyright claims. Such a process would take 
 pressure off individual maintainers and ensure that legal notices are 
 addressed consistently at the project level. While monitoring for such 
 issues may be tedious, it is a necessary safeguard for our developers. 
  
 > You also have to take into account people building services outside the 
 > main archive that distribute software artifacts without further 
 > coordination. 
 > 
 > How much is Debian willing to spend on this? 
  
 I would very much welcome it if more developers were financially 
 supported by companies that benefit from Debian €€€ as is already the case 
 today. Several companies employ Debian Developers and allow them to 
 dedicate part of their working time to important Debian work, which is 
 highly valuable and something I'd be glad to see expanded. 
  
 However, the situation we're discussing here doesn't seem like a good 
 example for that. Unlike the continuous and demanding work done by the 
 Security Team or the FTP masters €€€ which clearly requires steady 
 attention and could justify such external sponsorship €€€ handling rare 
 package removals due to potential copyright issues is not an ongoing 
 task. In this case, what we mainly need is a clear process and defined 
 responsibilities to ensure Debian can act safely and consistently, 
 rather than any form of funded position. 
  
 Kind regards 
     Andreas. 
  
 -- 
 https://fam-tille.de 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)