On 2022-02-04 18:39, Russ Allbery wrote: > In other words, this thread is once again drifting into a discussion of > how to do copyright review *better*, when my original point is that we > should seriously consider not doing the current type of incredibly tedious > and nit-picky copyright review *at all*, and instead rely more on > upstream's assertions, automated tools, and being reactive in solving the > bugs that people actually care about (i.e., notice).
If we're honest, that's basically how the rest of the open source world already operates in general. Our level of scrutiny is a burden that I don't see many others sharing. Of course "everybody's doing it" doesn't make something right. However, when things go wrong, they don't seem to go wrong in the dramatic ways we might anticipate them to. If GitHub (a Microsoft-owned entity and thus an attractive target for a lawsuit) is OK with distributing files uploaded by third parties without subjecting them to a manual review process, perhaps we have been overthinking the risks here.