Re: Dealing with unclear upstream licensing and legality

[aur]

Hi,

You folks are correct that my bringing in those topics was a poor choice 
in example. I did not want to initiate a debate about the ethics of any 
such hate speech or the validity of the packages that use such language.


I just wanted to highlight that as a project the Arch community is 
poorly equipped to deal with certain moral questions. I apologize if 
those topics offended anyone or contributed to unCoC like behavior.


Your example with protest-ware and further I would mention the 
controversy around offensive packages such as "fortune" 
https://svnweb.freebsd.org/base/head/usr.bin/fortune/datfiles/Makefile?view=log 
I find too difficult to have an objective way to make a _correct_ 
guideline or ruling for their inclusion as the moral views of 
communities shift over time and will always remain subjective.


I would just like to highlight my stance that unless a package has been 
deemed illegal the US or German count (still not sure where Arch is 
based in) it should not be removed.


The CoC clearly outlines criminal actions like piracy are not allowed, 
but I do not see controversial packages like the sports/gambling ones as 
contributing to the Arch project holding a controversial view. No one is 
accusing Arch of harboring gambling sites, or creating football hooliganism.


As such I think the more laissez-faire approach to AUR moderation is in 
the best interest of the community as it matches closer to the CoC in 
sections 
https://terms.archlinux.org/docs/code-of-conduct/#respect-other-users 
and 
https://terms.archlinux.org/docs/code-of-conduct/#respect-other-users 
allowing any morally gray packages to exist, while removing blatantly 
illegal ones.


I hope I am not violating the CoC more, I do not mean to flame or upset 
anyone, but the nature of this conversation (ethics, when applied to 
enforcement actions becomes politics) will be a violation of the CoC. I 
don't know how we as a community can form an agreement or growth without 
discussing it though.


If my response is against the intent of the discussion and is causing 
more division in the community, please let me know and I refocus my 
efforts in ways that are more productive to the AUR and Arch project.


Regards,

Robin Candau:

Le 27/09/2023 à 06:18, a...@nullvoid.me a écrit :

Hi,

Hi,


I'm gonna start with I'm not a lawyer, and realistically the best 
answer provided should be from a German (Arch project TOS list German 
laws to be followed) or US (SPI nonprofit owns the domain and 
financial accounts) lawyer.
Once again, I think this is more of an "ethical" matter rather than a 
strictly juridical one for now (at least when it comes the AUR platform 
itself), as the approach is more "what should or should not be allowed 
on the AUR (from an "ethical" POV)?" rather than "what are we risking by 
keeping those packages (from a juridical POV)?".


While the juridical question may be important, it is not the primary 
concern here and has until then been answered by "we're only hosting the 
recipes, not the ingredients themself".

But fair enough, I assume an answer from a lawyer cannot hurt.


The issue I think will always exist as to what does a platform to do 
mitigate legal risk when allowing User Generated Content to exis >
Arch Linux should not host content that violates laws and is generally 
immoral everywhere. CSAM or Malware content comes to mind.


Arch Linux should not host content that violates the DMCA or German 
copyright laws, such as a "minecraft-cracked" package. While the 
definition of hosts can be up for debate. Torrent sites that only host 
magnet links have been held liable for pointing to infringing files, 
so a PKGBUILD might be treated the same way in court.
Regardless of the purely juridical aspect of it, I agree we should not 
allow/promote such clearly illegal package ethically speaking.


Some programs have been treated as if they violate the DMCA or other 
copyright laws, like youtube-dl or whipper. Generally speaking as long 
as they are not advertised or used for illegal actions they themselves 
are not illegal. Qbittorrent and Deluge are legal. Popcorn-time has 
been less so.
I agree with that too, I don't see any issue regarding things like 
youtube-dl, whipper, Qbittorrent or Deluge. While they can be used to 
perform illegal actions (as many other things in life), they indeed 
shouldn't be categorized as such in my opinion and thus are not 
concerned by this debate.


However, as you said, there's no much doubt regarding popcorn-time and 
it should indeed be pointed out regarding this debate in my opinion.


While I believe that freedom of information is a great ideal to strive 
for in society, I understand the archlinux project would probably 
prefer to stay apolitical, and avoid harming their goal of being an OS 
instead of fighting sociopolitical issues with it's infrastructure.


There are several cases for exceptions that have been allowed 
generally under fair use clauses, 

Re: Dealing with unclear upstream licensing and legality

[Robin Candau]

Le 27/09/2023 à 10:50, Robin Candau a écrit :

Le 27/09/2023 à 06:18, a...@nullvoid.me a écrit :

Hi,

Hi,

[...]


Now, regarding the examples you gave, while there are no clear 
statement/guidelines about such packages on the AUR side (yet?), such 
controversial topics are already pointed out by the Arch Linux Code of 
Conduct [2] (as raised by Ralf as well [3]).
Quick parentheses, I'd like to remove the reference I made to Ralf's 
message there.
Indeed, the overall idea of the message doesn't actually cover the point 
I wanted to make and I apparently read it too fast the first time to see 
how stupidly and unnecessarily controversial and provocative the given 
examples are in there. So I'd like to apologize for that reference and 
dissociate myself from that message.

[...]


--
Regards,
Robin Candau / Antiz



OpenPGP_0xFDC3040B92ACA748.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Dealing with unclear upstream licensing and legality

[Robin Candau]

Le 27/09/2023 à 06:18, a...@nullvoid.me a écrit :

Hi,

Hi,


I'm gonna start with I'm not a lawyer, and realistically the best answer 
provided should be from a German (Arch project TOS list German laws to be 
followed) or US (SPI nonprofit owns the domain and financial accounts) lawyer.
Once again, I think this is more of an "ethical" matter rather than a 
strictly juridical one for now (at least when it comes the AUR platform 
itself), as the approach is more "what should or should not be allowed 
on the AUR (from an "ethical" POV)?" rather than "what are we risking by 
keeping those packages (from a juridical POV)?".


While the juridical question may be important, it is not the primary 
concern here and has until then been answered by "we're only hosting the 
recipes, not the ingredients themself".

But fair enough, I assume an answer from a lawyer cannot hurt.


The issue I think will always exist as to what does a platform to do mitigate 
legal risk when allowing User Generated Content to exis >
Arch Linux should not host content that violates laws and is generally immoral 
everywhere. CSAM or Malware content comes to mind.

Arch Linux should not host content that violates the DMCA or German copyright laws, such 
as a "minecraft-cracked" package. While the definition of hosts can be up for 
debate. Torrent sites that only host magnet links have been held liable for pointing to 
infringing files, so a PKGBUILD might be treated the same way in court.
Regardless of the purely juridical aspect of it, I agree we should not 
allow/promote such clearly illegal package ethically speaking.


Some programs have been treated as if they violate the DMCA or other copyright 
laws, like youtube-dl or whipper. Generally speaking as long as they are not 
advertised or used for illegal actions they themselves are not illegal. 
Qbittorrent and Deluge are legal. Popcorn-time has been less so.
I agree with that too, I don't see any issue regarding things like 
youtube-dl, whipper, Qbittorrent or Deluge. While they can be used to 
perform illegal actions (as many other things in life), they indeed 
shouldn't be categorized as such in my opinion and thus are not 
concerned by this debate.


However, as you said, there's no much doubt regarding popcorn-time and 
it should indeed be pointed out regarding this debate in my opinion.


While I believe that freedom of information is a great ideal to strive for in 
society, I understand the archlinux project would probably prefer to stay 
apolitical, and avoid harming their goal of being an OS instead of fighting 
sociopolitical issues with it's infrastructure.

There are several cases for exceptions that have been allowed generally under 
fair use clauses, abandonware is sometimes permitted to be distributed by not 
the copyright holders.

I hope that the policies the AUR moderators and arch linux teams adopt are as 
permissive as possible without taking on any extra legal risk.

In cases such as abgx360, I think we should keep it up until a legal DMCA 
takedown request comes in, or any form informal complaint from the copyright 
holder. Censorship is a political action and should be left as a choice only 
when forced by law, not done preemptively.
First of all, it is important to note that the official AUR FAQ states 
that "mostly everything is permitted on the AUR, as long as you are in 
compliance with the licensing terms of the content" [1]. I think that's 
a valid argument regarding the abgx360 case and a good starting point 
for this whole debate.


Secondly, I don't think it is fair to bring terms like "censorship" and 
"political action" in here. The removal of that software has only been 
done because of the assumption that it goes against the AUR 
guidelines/principles (regarding the above FAQ statement). That doesn't 
mean there wasn't a judgment mistake there, but it for sure never was 
with the intention to "censor" anything.


For packages that may be immoral but legal, such as a package that changes 
everything to racial slurs, sexist, or vulgar language. I think it also should 
stay in the AUR and users can choose if they want to compile it or not. If the 
AUR trusted users and policies start taking down content because they do not 
like it, it opens a very large can of worms.

Software can become extremely politicized quickly, and I view removing code from a 
repo similarly to burning books by authors you do not agree with. If the AUR team 
start to decide what is moral instead of what is illegal or harmful (malware), I fear 
for the overall usefulness of the AUR long term. The 
 would probably be considered 
immoral by any strong state authoritarian politically aligned user, and subject to 
removal.
I wasn't including such packages in the debate in the first place, but 
that's a legit point to raise.


First off, TU duties imply to stick to and enforce the AUR rules and 
guidelines when dealing with requests. 

Re: Dealing with unclear upstream licensing and legality

[Ralf Mardorf]

123456789 123456789 123456789 123456789 123456789 123456789 123456789 12
On Wed, 2023-09-27 at 04:18 +, a...@nullvoid.me wrote:
> For packages that may be immoral but legal, such as a package that
> changes everything to racial slurs, sexist, or vulgar language.
> I think it also should stay in the AUR and users can choose if they
> want to compile it or not.

Not even half of the countries on this planet have laws that are even
halfway compatible with each other. Many countries allow Holocaust [1]
denial or hate speech [2], both is clearly offending the Arch Linux CoC
[3].

What is the boundary of the CoC when it comes to PKGBUILDs rather than
discussions? Sports and gambling [4] are indeed not the same as
agitation, but when it comes to politics, the CoC already applies to
small things that are far from agitation [5], which presumably does not
apply to PKGBUILDs, but only to discussions.

Infogalactic search was removed from Brave, but the inhuman mindset
behind Brave is still the same, not conform with the Arch CoC. By
pointing this out on an Arch mailing list I clearly, without doubts
offended the CoC. I hope it's ok to mention this conflict after ethics
and morality were mentioned as an example now, since IMO ethics and
morality aren't clear enough, laws are probably clear enough, but you
need to decide which laws should apply. The laws of the EU, the USA,
North Korea ...?

Clear are broken licenses, trademark rights, but at some point there
will always be a few PKGBUILDs that are in a legal grey area.

However, ethics and morality are quite unsuitable standards. Laws are a
better standard, but keep in mind around 50% of the nations on this
planet share a Western worldview, but still have different laws, around
50% share an opposite worldview.


[1] https://en.wikipedia.org/wiki/Legality_of_Holocaust_denial
[2] https://en.wikipedia.org/wiki/Hate_speech#Hate_speech_laws
[3] "Controversy/controversial topics #

There is no explicit list of topics considered to be “trollish”,
controversial or provocative, but in the past, posts pertaining to
Religion, Sports, Race, Nationalism and Politics have invariably been
closed. Therefore, specifically avoid these and all divisive topics in
the Arch community. The staff certainly realize that such issues are
deeply ingrained human realities. However, this is a technical community
and is not intended nor able to effectively facilitate such commentary
nor the resulting unrest." -
https://terms.archlinux.org/docs/code-of-conduct/
[4] Sports betting management
https://aur.archlinux.org/packages/betcon
[5]
https://lists.archlinux.org/archives/list/arch-gene...@lists.archlinux.org/message/UMPVRRID5G2HTTBPVLITPAYQYPCPLUDB/

Re: Dealing with unclear upstream licensing and legality

[aur]

Hi,

I'm gonna start with I'm not a lawyer, and realistically the best answer 
provided should be from a German (Arch project TOS list German laws to be 
followed) or US (SPI nonprofit owns the domain and financial accounts) lawyer.

The issue I think will always exist as to what does a platform to do mitigate 
legal risk when allowing User Generated Content to exist.

Arch Linux should not host content that violates laws and is generally immoral 
everywhere. CSAM or Malware content comes to mind.

Arch Linux should not host content that violates the DMCA or German copyright 
laws, such as a "minecraft-cracked" package. While the definition of hosts can 
be up for debate. Torrent sites that only host magnet links have been held 
liable for pointing to infringing files, so a PKGBUILD might be treated the 
same way in court.

Some programs have been treated as if they violate the DMCA or other copyright 
laws, like youtube-dl or whipper. Generally speaking as long as they are not 
advertised or used for illegal actions they themselves are not illegal. 
Qbittorrent and Deluge are legal. Popcorn-time has been less so.

While I believe that freedom of information is a great ideal to strive for in 
society, I understand the archlinux project would probably prefer to stay 
apolitical, and avoid harming their goal of being an OS instead of fighting 
sociopolitical issues with it's infrastructure.

There are several cases for exceptions that have been allowed generally under 
fair use clauses, abandonware is sometimes permitted to be distributed by not 
the copyright holders.

I hope that the policies the AUR moderators and arch linux teams adopt are as 
permissive as possible without taking on any extra legal risk.

In cases such as abgx360, I think we should keep it up until a legal DMCA 
takedown request comes in, or any form informal complaint from the copyright 
holder. Censorship is a political action and should be left as a choice only 
when forced by law, not done preemptively.

For packages that may be immoral but legal, such as a package that changes 
everything to racial slurs, sexist, or vulgar language. I think it also should 
stay in the AUR and users can choose if they want to compile it or not. If the 
AUR trusted users and policies start taking down content because they do not 
like it, it opens a very large can of worms. 

Software can become extremely politicized quickly, and I view removing code 
from a repo similarly to burning books by authors you do not agree with. If the 
AUR team start to decide what is moral instead of what is illegal or harmful 
(malware), I fear for the overall usefulness of the AUR long term. The 
 would probably be considered 
immoral by any strong state authoritarian politically aligned user, and subject 
to removal.

I hope my points bring a new way of looking at this issue.

On September 26, 2023 9:53:36 PM UTC, Robin Candau  wrote:
>Le 26/09/2023 à 22:02, Connor Behan a écrit :
>> Sorry but I don't buy the logic here.
>That's fine, that thread is there to debate :D
>> 
>> On Tue, Sep 26, 2023 at 4:21 PM Robin Candau > > wrote:
>> 
>> Le 26/09/2023 à 20:11, netsysf...@das-labor.org
>>  a écrit :
>>  > abgx360 has been deleted recently (see
>>  >
>> 
>> https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX
>>  
>> ).
>>  I noticed it because 
>> https://wiki.archlinux.org/title/Burning_Xbox_360_games 
>>  has a broken link.
>>  >
>>  > There are two reasons for the deletion:
>>  > 1. Legality of home backups. Though we have stuff like
>> popcorntime in
>>  > the AUR or even whipper in extra, so it should not matter.
>>  > 2. Bad licensing.
>>  >
>>  > There is no upstream license set, thus applying the default
>> copyright
>>  > rules:
>>  >
>>  >> You're under no obligation to choose a license. However, without a
>>  >> license, the default copyright laws apply, meaning that you
>> retain all
>>  >> rights to your source code and no one may reproduce, distribute, or
>>  >> create derivative works from your work.
>>  >
>>  > However, as the AUR only ships PKGBUILDs we are neither
>> reproducing or
>>  > distributing it and it does also not seem like a derivative work.
>>  > Alad already poked upstream about this.
>>  > https://github.com/BakasuraRCE/abgx360/issues/7
>> 
>>  >
>>  > This was also painstakingly discussed on IRC in both -aur and -wiki,
>>  > leading to walls of text.
>>  > 

Re: Dealing with unclear upstream licensing and legality

[Connor Behan]

On Wed, Sep 27, 2023 at 12:03 AM Aaron Liu  wrote:

> How do "home backups" fall under fair-use? How can you maintain
> plausible deniability when there's an entire AUR request IRC discussion
> and mailing list chain about it?
>
> Discs don't last forever. How do home backups *not* fall under fair use?

I read the plausible deniability comment as a criticism of the attitude
that led to the IRC / list discussion being started in the first place.

On 2023/9/26 20:32, David C. Rankin wrote:
> > On 9/26/23 13:11, netsysf...@das-labor.org wrote:
> >> There are two reasons for the deletion:
> >> 1. Legality of home backups. Though we have stuff like popcorntime in
> >> the AUR or even whipper in extra, so it should not matter.
> >
> > Fair-use prevails.
> >
> >> 2. Bad licensing.
> >>
> >
> > Plausible deniability
> >
>

Re: Dealing with unclear upstream licensing and legality

[Aaron Liu]

How do "home backups" fall under fair-use? How can you maintain 
plausible deniability when there's an entire AUR request IRC discussion 
and mailing list chain about it?


On 2023/9/26 20:32, David C. Rankin wrote:

On 9/26/23 13:11, netsysf...@das-labor.org wrote:

There are two reasons for the deletion:
1. Legality of home backups. Though we have stuff like popcorntime in 
the AUR or even whipper in extra, so it should not matter.


Fair-use prevails.


2. Bad licensing.



Plausible deniability

Re: Dealing with unclear upstream licensing and legality

[David C. Rankin]

On 9/26/23 13:11, netsysf...@das-labor.org wrote:

There are two reasons for the deletion:
1. Legality of home backups. Though we have stuff like popcorntime in the AUR 
or even whipper in extra, so it should not matter.


Fair-use prevails.


2. Bad licensing.



Plausible deniability

--
David C. Rankin, J.D.,P.E.

Re: Dealing with unclear upstream licensing and legality

[Robin Candau]

Le 26/09/2023 à 22:02, Connor Behan a écrit :

Sorry but I don't buy the logic here.

That's fine, that thread is there to debate :D


On Tue, Sep 26, 2023 at 4:21 PM Robin Candau > wrote:


Le 26/09/2023 à 20:11, netsysf...@das-labor.org
 a écrit :
 > abgx360 has been deleted recently (see
 >

https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX
 
).
 I noticed it because https://wiki.archlinux.org/title/Burning_Xbox_360_games 
 has a broken link.
 >
 > There are two reasons for the deletion:
 > 1. Legality of home backups. Though we have stuff like
popcorntime in
 > the AUR or even whipper in extra, so it should not matter.
 > 2. Bad licensing.
 >
 > There is no upstream license set, thus applying the default
copyright
 > rules:
 >
 >> You're under no obligation to choose a license. However, without a
 >> license, the default copyright laws apply, meaning that you
retain all
 >> rights to your source code and no one may reproduce, distribute, or
 >> create derivative works from your work.
 >
 > However, as the AUR only ships PKGBUILDs we are neither
reproducing or
 > distributing it and it does also not seem like a derivative work.
 > Alad already poked upstream about this.
 > https://github.com/BakasuraRCE/abgx360/issues/7

 >
 > This was also painstakingly discussed on IRC in both -aur and -wiki,
 > leading to walls of text.
 > Antiz made the decision to delete in good faith and there was
apparently
 > also an internal discussion in the staff channel, which we agreed on
 > should have been public.
 >
 > My opinion is that the package should be restored. I do not even
use it
 > and only noticed because of said dead link, yet the decision
feels off.
 > Antiz said that they are rethinking it, too.

Hi,

Thanks for bringing this up in a ML thread!

Allow me to bring a bit more context about this whole situation and the
"painstakingly" discussion that followed:
Some time ago, we had to deal with a deletion request about an
unofficial game launcher allowing you to play the said paid game for
free (basically a pirated game and thus illegal. That was even clearly
written on upstream's website).
A quick debate has then been launched in the private TU channel at the
time to discuss whether we should reject it (and thus allow or simply
don't care about quoted "illegal" stuff on the AUR) or accept it and
take a position regarding this.

The main argument in favor of rejecting this request basically was that
the AUR is only hosting PKGBUILDs, not the actual sources. Meaning that
we cannot be accused of redistributing illegal/copyrighted/whatever
stuff as we are actually not redistributing anything, thus we shouldn't
care about it.

The main argument in favor of accepting this request is that, while the
AUR only hosts PKGBUILDs and not sources, and that it is made clear
that
AUR packages are not officially supported; the AUR itself (meaning the
actual platform) is an official Arch ressources that is managed,
maintained and moderator by official Arch staff. As such we should keep
a good image of this official ressource and not allow such quoted
"illegal" software, whatever the reason could be: piracy, licensing
violation (like it's the case for the software listed as an
example), etc...

As you probably guessed, my opinion goes into the above paragraph.
While the argument of "the AUR is only hosting PKGBUILDs" is valid in
situations where we would be accused of redistributing something
without
the proper permissions, I personally wouldn't want the AUR to become a
privileged source to share/download/install illegal stuff because of
the
gray area the above brings in term of moderation and legality.
What I'd like to highlight here is that it is an ethical matter more
than a technical/juridical one.

In that sense, I think it's totally fine to have a spotify AUR package,
despite the fact it may not be authorized to redistribute it (because
we're not actually redistributing it, that's the whole point).
However, I don't think it's fine having "Minecraft-cracked" AUR
package,
not because of the (not) redistributing part but because of
ethically of
letting/allowing a **clearly** illegal package on the AUR.

Minecraft-cracked is an extreme example because we know full well that 

Re: Dealing with unclear upstream licensing and legality

[Ralf Mardorf]

On Tue, 2023-09-26 at 21:23 +0200, Robin Candau wrote:
> However, I don't think it's fine having "Minecraft-cracked" AUR package, 
> not because of the (not) redistributing part but because of ethically of 
> letting/allowing a **clearly** illegal package on the AUR.

Hi,

in the case of a PKGBUILD in the context of a game, the ethical aspect
can be answered most clearly with illegality. In the case of a PKGBULID
that provides access to knowledge that is legally withheld from people
living in poverty, it could be considered ethically justifiable to
overlook a violation of the law.

There is no clear limit as to when the support of a violation of the law
by a PKGBUILD could be considered ethically legitimate, or as to when it
could be considered ethically unacceptable.

I'm not aware of a PKGBUILD that is ethically unclear in this way, but
one day such a PKGBUILD might become a topic.

Such issues were discussed way before the 
https://archive.org/stream/GuerillaOpenAccessManifesto/Goamjuly2008_djvu.txt
or Arch Linux existed.

In a nutshell, allowing something clearly illegal is not necessarily the
same as allowing something clearly unethically.

Regards,
Ralf

Re: Dealing with unclear upstream licensing and legality

[Connor Behan]

Sorry but I don't buy the logic here.

On Tue, Sep 26, 2023 at 4:21 PM Robin Candau  wrote:

> Le 26/09/2023 à 20:11, netsysf...@das-labor.org a écrit :
> > abgx360 has been deleted recently (see
> >
> https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX).
> I noticed it because
> https://wiki.archlinux.org/title/Burning_Xbox_360_games has a broken link.
> >
> > There are two reasons for the deletion:
> > 1. Legality of home backups. Though we have stuff like popcorntime in
> > the AUR or even whipper in extra, so it should not matter.
> > 2. Bad licensing.
> >
> > There is no upstream license set, thus applying the default copyright
> > rules:
> >
> >> You're under no obligation to choose a license. However, without a
> >> license, the default copyright laws apply, meaning that you retain all
> >> rights to your source code and no one may reproduce, distribute, or
> >> create derivative works from your work.
> >
> > However, as the AUR only ships PKGBUILDs we are neither reproducing or
> > distributing it and it does also not seem like a derivative work.
> > Alad already poked upstream about this.
> > https://github.com/BakasuraRCE/abgx360/issues/7
> >
> > This was also painstakingly discussed on IRC in both -aur and -wiki,
> > leading to walls of text.
> > Antiz made the decision to delete in good faith and there was apparently
> > also an internal discussion in the staff channel, which we agreed on
> > should have been public.
> >
> > My opinion is that the package should be restored. I do not even use it
> > and only noticed because of said dead link, yet the decision feels off.
> > Antiz said that they are rethinking it, too.
>
> Hi,
>
> Thanks for bringing this up in a ML thread!
>
> Allow me to bring a bit more context about this whole situation and the
> "painstakingly" discussion that followed:
> Some time ago, we had to deal with a deletion request about an
> unofficial game launcher allowing you to play the said paid game for
> free (basically a pirated game and thus illegal. That was even clearly
> written on upstream's website).
> A quick debate has then been launched in the private TU channel at the
> time to discuss whether we should reject it (and thus allow or simply
> don't care about quoted "illegal" stuff on the AUR) or accept it and
> take a position regarding this.
>
> The main argument in favor of rejecting this request basically was that
> the AUR is only hosting PKGBUILDs, not the actual sources. Meaning that
> we cannot be accused of redistributing illegal/copyrighted/whatever
> stuff as we are actually not redistributing anything, thus we shouldn't
> care about it.
>
> The main argument in favor of accepting this request is that, while the
> AUR only hosts PKGBUILDs and not sources, and that it is made clear that
> AUR packages are not officially supported; the AUR itself (meaning the
> actual platform) is an official Arch ressources that is managed,
> maintained and moderator by official Arch staff. As such we should keep
> a good image of this official ressource and not allow such quoted
> "illegal" software, whatever the reason could be: piracy, licensing
> violation (like it's the case for the software listed as an example),
> etc...
>
> As you probably guessed, my opinion goes into the above paragraph.
> While the argument of "the AUR is only hosting PKGBUILDs" is valid in
> situations where we would be accused of redistributing something without
> the proper permissions, I personally wouldn't want the AUR to become a
> privileged source to share/download/install illegal stuff because of the
> gray area the above brings in term of moderation and legality.
> What I'd like to highlight here is that it is an ethical matter more
> than a technical/juridical one.
>
> In that sense, I think it's totally fine to have a spotify AUR package,
> despite the fact it may not be authorized to redistribute it (because
> we're not actually redistributing it, that's the whole point).
> However, I don't think it's fine having "Minecraft-cracked" AUR package,
> not because of the (not) redistributing part but because of ethically of
> letting/allowing a **clearly** illegal package on the AUR.
>
> Minecraft-cracked is an extreme example because we know full well that the
publisher of Minecraft intends to make an income from its sale. Such is not
the case here.


> By the way, I insist on the **clearly** part. To take the 2 examples
> given in the initial message: I think the licensing violation/issue of
> the abgx360 package was clear enough to accept its deletion.
> As for whipper, I don't see any issue with it. While you can do illegal
> stuff with it, a ripping software itself as nothing illegal. Everybody
> own knives after all :p
> As for popcorntime if it is **clearly** categorized as illegal, I would
> personally vote for its removal.
>
> If it turns out that the GitHub user BakasauraRCE has 

Re: Dealing with unclear upstream licensing and legality

[Robin Candau]

Le 26/09/2023 à 20:11, netsysf...@das-labor.org a écrit :
abgx360 has been deleted recently (see 
https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX). I noticed it because https://wiki.archlinux.org/title/Burning_Xbox_360_games has a broken link.


There are two reasons for the deletion:
1. Legality of home backups. Though we have stuff like popcorntime in 
the AUR or even whipper in extra, so it should not matter.

2. Bad licensing.

There is no upstream license set, thus applying the default copyright 
rules:


You're under no obligation to choose a license. However, without a 
license, the default copyright laws apply, meaning that you retain all 
rights to your source code and no one may reproduce, distribute, or 
create derivative works from your work.


However, as the AUR only ships PKGBUILDs we are neither reproducing or 
distributing it and it does also not seem like a derivative work.
Alad already poked upstream about this. 
https://github.com/BakasuraRCE/abgx360/issues/7


This was also painstakingly discussed on IRC in both -aur and -wiki, 
leading to walls of text.
Antiz made the decision to delete in good faith and there was apparently 
also an internal discussion in the staff channel, which we agreed on 
should have been public.


My opinion is that the package should be restored. I do not even use it 
and only noticed because of said dead link, yet the decision feels off.

Antiz said that they are rethinking it, too.


Hi,

Thanks for bringing this up in a ML thread!

Allow me to bring a bit more context about this whole situation and the 
"painstakingly" discussion that followed:
Some time ago, we had to deal with a deletion request about an 
unofficial game launcher allowing you to play the said paid game for 
free (basically a pirated game and thus illegal. That was even clearly 
written on upstream's website).
A quick debate has then been launched in the private TU channel at the 
time to discuss whether we should reject it (and thus allow or simply 
don't care about quoted "illegal" stuff on the AUR) or accept it and 
take a position regarding this.


The main argument in favor of rejecting this request basically was that 
the AUR is only hosting PKGBUILDs, not the actual sources. Meaning that 
we cannot be accused of redistributing illegal/copyrighted/whatever 
stuff as we are actually not redistributing anything, thus we shouldn't 
care about it.


The main argument in favor of accepting this request is that, while the 
AUR only hosts PKGBUILDs and not sources, and that it is made clear that 
AUR packages are not officially supported; the AUR itself (meaning the 
actual platform) is an official Arch ressources that is managed, 
maintained and moderator by official Arch staff. As such we should keep 
a good image of this official ressource and not allow such quoted 
"illegal" software, whatever the reason could be: piracy, licensing 
violation (like it's the case for the software listed as an example), etc...


As you probably guessed, my opinion goes into the above paragraph.
While the argument of "the AUR is only hosting PKGBUILDs" is valid in 
situations where we would be accused of redistributing something without 
the proper permissions, I personally wouldn't want the AUR to become a 
privileged source to share/download/install illegal stuff because of the 
gray area the above brings in term of moderation and legality.
What I'd like to highlight here is that it is an ethical matter more 
than a technical/juridical one.


In that sense, I think it's totally fine to have a spotify AUR package, 
despite the fact it may not be authorized to redistribute it (because 
we're not actually redistributing it, that's the whole point).
However, I don't think it's fine having "Minecraft-cracked" AUR package, 
not because of the (not) redistributing part but because of ethically of 
letting/allowing a **clearly** illegal package on the AUR.


By the way, I insist on the **clearly** part. To take the 2 examples 
given in the initial message: I think the licensing violation/issue of 
the abgx360 package was clear enough to accept its deletion.
As for whipper, I don't see any issue with it. While you can do illegal 
stuff with it, a ripping software itself as nothing illegal. Everybody 
own knives after all :p
As for popcorntime if it is **clearly** categorized as illegal, I would 
personally vote for its removal.


Just a quick note about the painstakingly discussion that happened on 
IRC regarding this: I do agree that such a debate should have been 
discussed publicly and lead to a clear and established 
statement/decision (which we'll hopefully get now that it has been 
exposed here).
As such, I want to say that the decision of removing the abgx360 AUR 
package was purely my own personal decision.


To sum up, I think that the AUR itself should be maintained with the 
same ethics we try to