On Sat, Mar 21, 2026 at 11:38:22PM +0100, Thomas Goirand wrote: >... > If we become a registered entity, it'd be a way more easy for governments to > get us accounted for. Even more in the case of a USA-registered Foundation. > While with the current case, it'd be a way harder for Debian to get into > trouble. For example, the foundation could be sued, and we'd have to pay for > such trial in USA. But with the current state, one would have to go after > single individuals. >...
It is strange that you consider going after single Debian members as preferable for Debian, single individuals are usually easier targets than large organizations. Often a major driver for creating a legal entity is exactly to remove as much as possible of the legal and financial risks from single individuals. Take the GDPR as an example: When not GDPR compliant processing of personal data played a role in expelling a member from Debian, the victim might sue in a civil court for compensation of material and non-material damages. When a job or customer depended on being a DD, the material damages might be a 5 or 6 digit Euro amount. It is easier for a legal entity to create processes for GDPR compliant processing of personal data than for each single individual. A legal entity moves the burden of having to defend yourself from legal action away from single individuals. When multiple individuals were committing a GDPR violation, the victim has the right to pick one to sue for compensation of all damages. A legal entity can pay compensation instead of a single individual, reducing the financial risks associated with contributing to Debian. A legal entity can take out insurance to further reduce risks for members. > Cheers, > > Thomas Goirand (zigo) cu Adrian

