AppDevUploadProcess Automatic reviews

[Philipp Kern]

Scott,

am Fri, Sep 07, 2012 at 10:07:28AM -0400 hast du folgendes geschrieben:
> The current goal for the Ubuntu archive is to prevent distribution of content 
> which Canonical and the mirror providers don't have legal authorization to 
> distribute.  Changing from a proactive verification model (which is what we use 
> now, although it relies generally on self assertions in the code so it's 
> imperfect) to a reactive model where code is considered distributable based on 
> a third party assertion until someone complains seems like a very substantial 
> change.

I think that's also because we ask people to mirror stuff that Debian (and by
extension Ubuntu) does proactive checks.

> IANAL either, but this seems risky to me.  At the very least, I'd suggest 
> engaging them early to make sure they are comfortable with the concept of not 
> checking (new work item) and you'll need to figure out how you'll deal with 
> take down requests (another new work item).  If it turns out applications have 
> been distributed illegally, do you intend a way to remotely remove them?

I don't think there is any requirement to remotely remove such content (except
if it's malicious, maybe). On the contrary I think people would be yelling at
you, especially if they paid for the content (c.f. Amazon).

For Android you mainly risk your sign-up fee given that with every upload you
state that you have the necessary rights. If the distribution point ceases to
distribute the 3rd party content when he's made aware of a violation that seems
to be fair. However that wouldn't work go along well with mirroring this
repository.

Kind regards
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20120907/e31ea047/attachment.pgp>