Re: Friendly Reminder: Your Legal Responsibilities as a Fedora Community Member

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 04/02/2018 06:39 PM, Christopher wrote:
> On 04/02/2018 11:15 AM, Tom Callaway wrote:
>> Most of you are very good about this, and I appreciate it. However,
>> lately, at least one package cleared review and landed in Fedora which
>> was obviously infringing upon both copyrights and trademarks (in
>> egregious ways), so I felt it useful to remind everyone of this.
>>
>> Thanks,
>>
>> ~tom
>> (your friendly neighborhood Fedora Legal enforcer)
> 
> What are Fedora's mitigation procedures, when an infringement is
> discovered? Are these documented anywhere?

I should probably document them, as they currently only live in my head. :)

Essentially, the flow is:

* If there is not a Fedora bug open on it, go ahead and get one open.
  Block it on FE-Legal. (Anyone can do this, doesn't need to be me.)
  * If, for some reason, there is a need for the issue to be private, I
    at least bring the maintainer into the loop via email.

* Check to see if this is resolved already upstream. If it is, apply the
  fix. If not, open a ticket with the upstream (whenever there is a way
  to do that) explaining the concern as specifically as I can (it is not
  always possible for me to be precise, especially if patents are in
  play).

* Is this something that I can simply fix without having any functional
  impact on the package? (e.g. removing trademarked images)
  * If yes, I go ahead and do it. Also send our fix upstream.

* Is this risky to keep as-is while we get the issues resolved?
  (This is admittedly a bit of a judgment call, but I always try to
  minimize impact on Fedora.)
  * If yes, we take steps to immediately halt distribution, like
    removing builds from Koji and the compose trees. In some extreme
    cases, we might also remove builds from EOL releases.
  * If no, document how we can get this resolved and make a plan with
    the maintainer & upstream.

*****
We really want to get these caught _before_ they go into Fedora whenever
possible, which is a big part of why we do Review Requests.

~tom
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux