
On Fri 04 Feb 2022 at 11:50PM +01, Christian Kastner wrote:

> On 2022-02-04 18:39, Russ Allbery wrote:
>> In other words, this thread is once again drifting into a discussion of
>> how to do copyright review *better*, when my original point is that we
>> should seriously consider not doing the current type of incredibly tedious
>> and nit-picky copyright review *at all*, and instead rely more on
>> upstream's assertions, automated tools, and being reactive in solving the
>> bugs that people actually care about (i.e., notice).
> If we're honest, that's basically how the rest of the open source world
> already operates in general. Our level of scrutiny is a burden that I
> don't see many others sharing.
> Of course "everybody's doing it" doesn't make something right. However,
> when things go wrong, they don't seem to go wrong in the dramatic ways
> we might anticipate them to.
> If GitHub (a Microsoft-owned entity and thus an attractive target for a
> lawsuit) is OK with distributing files uploaded by third parties without
> subjecting them to a manual review process, perhaps we have been
> overthinking the risks here.

Just to note that GitHub let *others* upload things without reviewing,
such that they're a communications platform (or whatever the legal term
is) not a publisher, but we're a publisher.

Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply via email to