Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > linux.debian.project > #14324 > unrolled thread

Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Started byGerardo Ballabio <gerardo.ballabio@gmail.com>
First post2026-05-14 11:10 +0200
Last post2026-05-14 17:00 +0200
Articles 4 — 4 participants

Back to article view | Back to linux.debian.project


Contents

  Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework? Gerardo Ballabio <gerardo.ballabio@gmail.com> - 2026-05-14 11:10 +0200
    Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework? Dominik George <natureshadow@debian.org> - 2026-05-14 11:40 +0200
      Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework? Simon Josefsson <simon@josefsson.org> - 2026-05-14 12:40 +0200
        Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework? Matthias Geiger <werdahias@riseup.net> - 2026-05-14 17:00 +0200

#14324 — Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

FromGerardo Ballabio <gerardo.ballabio@gmail.com>
Date2026-05-14 11:10 +0200
SubjectRe: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?
Message-ID<MUAeR-52IC-13@gated-at.bofh.it>
Holger Levsen wrote:
> Also, this developer is on the lowNMU list, so maybe NMUing the package
and removing the links pointing to that homepage could be a first,
hopefully rather non-controversial step.

And what would you do when the maintainer reverts the NMU?

> I wonder if there is a better way to deal with this than reassigning #1024493
to the tech-ctte? (Looping in the community team would be my other idea.)

tech-ctte rules on *technical* issues, so this doesn't really seem
within their  mandate. And the community team has no powers on the
contents of packages.

The DPL might be able to act under 5.1.4, but I'd consider highly
dubious that overriding the person responsible for something is a
legitimate "decision for whom no one else has responsibility".

If 5.1.4 can't be invoked, I suppose there's no other way short of a
GR. In fact, I'm not sure that even a GR can overrule a maintainer on
a nontechnical issue (4.1.5 is only about "policy documents and
statements").

Gerardo

[toc] | [next] | [standalone]


#14325

FromDominik George <natureshadow@debian.org>
Date2026-05-14 11:40 +0200
Message-ID<MUAHT-52Sc-3@gated-at.bofh.it>
In reply to#14324
Hi,

>tech-ctte rules on *technical* issues, so this doesn't really seem
>within their  mandate. And the community team has no powers on the
>contents of packages.

It occurred to me, on several occasions, that noone in Debian (short of its members via a GR) is responsible for overseeing the Social Contract. Maybe with all the topics of these days (AI and its consequences, facsism,…), it's time for some sort of ethical council, and for updating the Social Contract?

-nik

[toc] | [prev] | [next] | [standalone]


#14326

FromSimon Josefsson <simon@josefsson.org>
Date2026-05-14 12:40 +0200
Message-ID<MUBDX-53tV-13@gated-at.bofh.it>
In reply to#14325

[Multipart message — attachments visible in raw view] — view raw

Dominik George <natureshadow@debian.org> writes:

> Hi,
>
>>tech-ctte rules on *technical* issues, so this doesn't really seem
>>within their  mandate. And the community team has no powers on the
>>contents of packages.
>
> It occurred to me, on several occasions, that noone in Debian (short
> of its members via a GR) is responsible for overseeing the Social
> Contract. Maybe with all the topics of these days (AI and its
> consequences, facsism,…), it's time for some sort of ethical council,
> and for updating the Social Contract?

I think this issue is somewhat similar to the advertisement concern with
gnome-control-center:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136336

In both packages, there is no real clear guidance from Debian Policies
what is deemed to be acceptable contents within a package.

It seems both these issues could be helped by better guidance on matters
of acceptable package content.

Personally, I would find it really problematic if we would have a hard
policy to filter packages depending on political, religious,
philosophical etc views of the upstream author.

That's a slippery slope to motivate excluding just about anything,
depending on your own political/religious/philosophical/etc preferences.

That said, I also have sympathy with the goal to shepherd an inclusive
and friendly atmosphere and Operating System that promotes the spirit of
the DSC/DFSG.

Having a package that display a really provocative message to the user
inside Debian seems problematic and warrant discussion and possibly some
action.

Maybe we don't need to bike-shed the engineering approach to social
concerns by defining a rigid policy document.  Social issues cannot
always be resolved by technical procedures.

Thus, I propose to write down some guiding principle on this, with
examples of clearly offensive content that maintainers should be
patching out.  It doesn't have to be a hard policy, but a guiding
principle around a complex social topic.

Such a document would encourage good social behaviour, and maybe we
could have a committe that guide maintainers on these matters is useful
as a escalation point different to the tech-ctte.

FWIW, Petter did patch out the offensive messages here, which seems
somewhat reasonable.  Dropping the Homepage URL may be warranted in this
situation too, but it could also be an over-reaction that is
counter-productive for end-users.  Repacking the upstream source code
without the offensive message could be done, but also has negative
consequences for auditing costs and maintainance.

/Simon

[toc] | [prev] | [next] | [standalone]


#14327

FromMatthias Geiger <werdahias@riseup.net>
Date2026-05-14 17:00 +0200
Message-ID<MUFHA-562v-11@gated-at.bofh.it>
In reply to#14326

[Multipart message — attachments visible in raw view] — view raw

On Thu, 14 May 2026 12:13, Simon Josefsson <simon@josefsson.org> wrote:
>Dominik George <natureshadow@debian.org> writes:
>
>> Hi,
>>
>>>tech-ctte rules on *technical* issues, so this doesn't really seem
>>>within their  mandate. And the community team has no powers on the
>>>contents of packages.
>>
>> It occurred to me, on several occasions, that noone in Debian (short
>> of its members via a GR) is responsible for overseeing the Social
>> Contract. Maybe with all the topics of these days (AI and its
>> consequences, facsism,…), it's time for some sort of ethical council,
>> and for updating the Social Contract?
+1
>
>I think this issue is somewhat similar to the advertisement concern with
>gnome-control-center:
>
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136336
>
>In both packages, there is no real clear guidance from Debian Policies
>what is deemed to be acceptable contents within a package.
>
The gnome-control-center popup is a non-issue IMO since KDE also has a 
donation banner, just not as frequent.
>It seems both these issues could be helped by better guidance on 
>matters
>of acceptable package content.
>
There is a stark contrast between asking for donations and having 
obvious hateful content in a package (and yes, that includes the 
homepage).
>Personally, I would find it really problematic if we would have a hard
>policy to filter packages depending on political, religious,
>philosophical etc views of the upstream author.
>
TTBOMK we do not have a clear policy on this, but we should. The DFSG 
already provides the framework, it's just not enforced yet.
>That's a slippery slope to motivate excluding just about anything,
>depending on your own political/religious/philosophical/etc preferences.
>
I like to point out the tolerance paradoxon here [0]. No one is 
suggesting to remove packages just on a whim; however distributing what 
is obviously hateful content does not fit the project values at all.
Especially when it's such a clear-cut case. The very minimum would be to 
remove the homepage.
>That said, I also have sympathy with the goal to shepherd an inclusive
>and friendly atmosphere and Operating System that promotes the spirit of
>the DSC/DFSG.
>
>Having a package that display a really provocative message to the user
>inside Debian seems problematic and warrant discussion and possibly some
>action.
>
>Maybe we don't need to bike-shed the engineering approach to social
>concerns by defining a rigid policy document.  Social issues cannot
>always be resolved by technical procedures.
>
>Thus, I propose to write down some guiding principle on this, with
>examples of clearly offensive content that maintainers should be
>patching out.  It doesn't have to be a hard policy, but a guiding
>principle around a complex social topic.

Well, the DFSG exits, we just don't have it mandating actions for 
packages (which IMO should be discussed).
I'd like to point out §5 here [1].
>Such a document would encourage good social behaviour, and maybe we
>could have a committe that guide maintainers on these matters is useful
>as a escalation point different to the tech-ctte.
>
>FWIW, Petter did patch out the offensive messages here, which seems
>somewhat reasonable.  Dropping the Homepage URL may be warranted in this
>situation too, but it could also be an over-reaction that is
>counter-productive for end-users.  Repacking the upstream source code
>without the offensive message could be done, but also has negative
>consequences for auditing costs and maintainance.
>
I fail to see how this is an overreaction; users *really* wanting to 
visit the homepage can always look it up themselves.

best,

werdahias

{0} https://en.wikipedia.org/wiki/Paradox_of_tolerance
[1] https://www.debian.org/social_contract

[toc] | [prev] | [standalone]


Back to top | Article view | linux.debian.project


csiph-web