Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Holger Levsen wrote:

Also, this developer is on the lowNMU list, so maybe NMUing the package

and removing the links pointing to that homepage could be a first,
hopefully rather non-controversial step.

And what would you do when the maintainer reverts the NMU?

I wonder if there is a better way to deal with this than reassigning #1024493

to the tech-ctte? (Looping in the community team would be my other idea.)

tech-ctte rules on *technical* issues, so this doesn't really seem
within their mandate. And the community team has no powers on the
contents of packages.

The DPL might be able to act under 5.1.4, but I'd consider highly
dubious that overriding the person responsible for something is a
legitimate "decision for whom no one else has responsibility".

If 5.1.4 can't be invoked, I suppose there's no other way short of a
GR. In fact, I'm not sure that even a GR can overrule a maintainer on
a nontechnical issue (4.1.5 is only about "policy documents and
statements").

Gerardo

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Hi,

tech-ctte rules on *technical* issues, so this doesn't really seem
within their mandate. And the community team has no powers on the
contents of packages.

It occurred to me, on several occasions, that noone in Debian (short of it
s members via a GR) is responsible for overseeing the Social Contract. Ma
ybe with all the topics of these days (AI and its consequences, facsism,?
??), it's time for some sort of ethical council, and for updating the S
ocial Contract?

-nik

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Dominik George <natureshadow@debian.org> writes:

Hi,

tech-ctte rules on *technical* issues, so this doesn't really seem
within their mandate. And the community team has no powers on the
contents of packages.

It occurred to me, on several occasions, that noone in Debian (short
of its members via a GR) is responsible for overseeing the Social
Contract. Maybe with all the topics of these days (AI and its
consequences, facsism,?), it's time for some sort of ethical council,
and for updating the Social Contract?

I think this issue is somewhat similar to the advertisement concern with gnome-control-center:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136336
In both packages, there is no real clear guidance from Debian Policies
what is deemed to be acceptable contents within a package.
It seems both these issues could be helped by better guidance on matters
of acceptable package content.
Personally, I would find it really problematic if we would have a hard
policy to filter packages depending on political, religious,
philosophical etc views of the upstream author.
That's a slippery slope to motivate excluding just about anything,
depending on your own political/religious/philosophical/etc preferences.
That said, I also have sympathy with the goal to shepherd an inclusive
and friendly atmosphere and Operating System that promotes the spirit of
the DSC/DFSG.
Having a package that display a really provocative message to the user
inside Debian seems problematic and warrant discussion and possibly some action.
Maybe we don't need to bike-shed the engineering approach to social
concerns by defining a rigid policy document. Social issues cannot
always be resolved by technical procedures.
Thus, I propose to write down some guiding principle on this, with
examples of clearly offensive content that maintainers should be
patching out. It doesn't have to be a hard policy, but a guiding
principle around a complex social topic.
Such a document would encourage good social behaviour, and maybe we
could have a committe that guide maintainers on these matters is useful
as a escalation point different to the tech-ctte.
FWIW, Petter did patch out the offensive messages here, which seems
somewhat reasonable. Dropping the Homepage URL may be warranted in this situation too, but it could also be an over-reaction that is
counter-productive for end-users. Repacking the upstream source code
without the offensive message could be done, but also has negative
consequences for auditing costs and maintainance.
/Simon


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

On Thu, 14 May 2026 12:13, Simon Josefsson <simon@josefsson.org> wrote: >Dominik George <natureshadow@debian.org> writes:

Hi,

tech-ctte rules on *technical* issues, so this doesn't really seem
within their mandate. And the community team has no powers on the >>>contents of packages.

It occurred to me, on several occasions, that noone in Debian (short
of its members via a GR) is responsible for overseeing the Social
Contract. Maybe with all the topics of these days (AI and its
consequences, facsism,\u2026), it's time for some sort of ethical council, >> and for updating the Social Contract?

+1

I think this issue is somewhat similar to the advertisement concern with >gnome-control-center:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136336

In both packages, there is no real clear guidance from Debian Policies
what is deemed to be acceptable contents within a package.

The gnome-control-center popup is a non-issue IMO since KDE also has a donation banner, just not as frequent.

It seems both these issues could be helped by better guidance on
matters
of acceptable package content.

There is a stark contrast between asking for donations and having
obvious hateful content in a package (and yes, that includes the
homepage).

Personally, I would find it really problematic if we would have a hard
policy to filter packages depending on political, religious,
philosophical etc views of the upstream author.

TTBOMK we do not have a clear policy on this, but we should. The DFSG
already provides the framework, it's just not enforced yet.

That's a slippery slope to motivate excluding just about anything,
depending on your own political/religious/philosophical/etc preferences.

I like to point out the tolerance paradoxon here [0]. No one is
suggesting to remove packages just on a whim; however distributing what
is obviously hateful content does not fit the project values at all.
Especially when it's such a clear-cut case. The very minimum would be to remove the homepage.

That said, I also have sympathy with the goal to shepherd an inclusive
and friendly atmosphere and Operating System that promotes the spirit of
the DSC/DFSG.

Having a package that display a really provocative message to the user
inside Debian seems problematic and warrant discussion and possibly some >action.

Maybe we don't need to bike-shed the engineering approach to social
concerns by defining a rigid policy document. Social issues cannot
always be resolved by technical procedures.

Thus, I propose to write down some guiding principle on this, with
examples of clearly offensive content that maintainers should be
patching out. It doesn't have to be a hard policy, but a guiding
principle around a complex social topic.

Well, the DFSG exits, we just don't have it mandating actions for
packages (which IMO should be discussed).
I'd like to point out ?5 here [1].

Such a document would encourage good social behaviour, and maybe we
could have a committe that guide maintainers on these matters is useful
as a escalation point different to the tech-ctte.

FWIW, Petter did patch out the offensive messages here, which seems
somewhat reasonable. Dropping the Homepage URL may be warranted in this >situation too, but it could also be an over-reaction that is >counter-productive for end-users. Repacking the upstream source code
without the offensive message could be done, but also has negative >consequences for auditing costs and maintainance.

I fail to see how this is an overreaction; users *really* wanting to
visit the homepage can always look it up themselves.
best,
werdahias
{0} https://en.wikipedia.org/wiki/Paradox_of_tolerance
[1] https://www.debian.org/social_contract


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Matthias Geiger wrote:

Well, the DFSG exits, we just don't have it mandating actions for package

s (which IMO should be discussed).

I'd like to point out ?5 here [1].

DFSG ?5 concerns the *license* of the program. "No Discrimination"
here means that the license must not restrict any person or group from
using, modifying and redistributing the program. It doesn't concern discriminatory views held by the *authors* of the program.

About "mandating actions for packages", I understand that DFSG
violation bugs are RC. You aren't "forced" to do anything (see also Constitution 2.1.1) but if you don't, your package won't be part of a
Debian stable release.
But this is not a case of DFSG violation.

Gerardo

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Am 15.05.26 um 09:52 schrieb Gerardo Ballabio:

Matthias Geiger wrote:

Well, the DFSG exits, we just don't have it mandating actions for packages (which IMO should be discussed).

I'd like to point out ?5 here [1].

DFSG ?5 concerns the *license* of the program. "No Discrimination"
here means that the license must not restrict any person or group from
using, modifying and redistributing the program. It doesn't concern discriminatory views held by the *authors* of the program.

About "mandating actions for packages", I understand that DFSG
violation bugs are RC. You aren't "forced" to do anything (see also Constitution 2.1.1) but if you don't, your package won't be part of a
Debian stable release.
But this is not a case of DFSG violation.

Gerardo

I second that.

It's been always the sameÿfor decades someÿguys show up with such
requests to restrict free software

because they're unable toÿread American law English correctly and/or no
law basics teachedÿin their edu systems.

If Geiger wantsÿto restrict GPL or DFSG he isÿfree to create his
ownÿunfree software under his own restricted license.

y
tom

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

On Fri, May 15, 2026 at 09:52:28AM +0200, Gerardo Ballabio wrote:

But this is not a case of DFSG violation.

indeed, it however violates our Code of Conduct, our diversity
statement and also the general rule "don't be an asshole".
and you have choosen your side.

--
cheers,
Holger
???????
??????? holger@(debian|reproducible-builds|layer-acht).org
??????? OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
???
Unpolitisch sein, heiát politisch zu sein, ohne es zu merken.


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Quoting schorpp (2026-05-15 11:02:17)

Am 15.05.26 um 09:52 schrieb Gerardo Ballabio:

Matthias Geiger wrote:

Well, the DFSG exits, we just don't have it mandating actions for packages (which IMO should be discussed).

I'd like to point out ?5 here [1].

DFSG ?5 concerns the *license* of the program. "No Discrimination"
here means that the license must not restrict any person or group from using, modifying and redistributing the program. It doesn't concern discriminatory views held by the *authors* of the program.

About "mandating actions for packages", I understand that DFSG
violation bugs are RC. You aren't "forced" to do anything (see also Constitution 2.1.1) but if you don't, your package won't be part of a Debian stable release.
But this is not a case of DFSG violation.

Gerardo

I second that.

It's been always the sameÿfor decades someÿguys show up with such
requests to restrict free software

because they're unable toÿread American law English correctly and/or no
law basics teachedÿin their edu systems.

This was mean. Your last paragraph does not add anything useful to this discussion. You are just ranting.

If Geiger wantsÿto restrict GPL or DFSG he isÿfree to create his
ownÿunfree software under his own restricted license.

Yes, "no discrimination" means that I am allowed to use my GPL software on a cruise missile guidance system if I want and copyright law will not stop me from doing so.
But "no discrimination" does not mean that I *have* to ship cruise missile guidance software in the operating system. Or white supremacist bullshit for that matter.
So I think we can talk about policies we'd like to have in Debian about what we want to ship and what not. We had similar discussions in the past when it was about the fortunes package, we have these discussions when it comes to adult content etc.
I'd welcome it if we could have more clear guidance about the content we want to ship in our OS. If it were up to me, I'd immediately throw bs1770gain out of the archive. But I also think that what we ship and do not ship should not be up to arbitrary maintainer opinion. I'd be nice to have a guiding document.
Do other distros have something like that already?
Thanks!
cheers, josch


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Le Fri, May 15, 2026 at 12:08:36PM +0200, Johannes Schauer Marin Rodrigues a ?crit :

So I think we can talk about policies we'd like to have in Debian about what we
want to ship and what not.

Thanks! By being concrete about what we can do, we ease the discussion and
the action.

For instance, "we should not link to the homepage" alone is obviously not a good solution to the problem: packages without homepage attract people who want to contribute to Debian by fixing the problem. And we do not want to expose them to racist propaganda. Also, there is the "Streisand effect" to consider.

So we can:
- replace the Homepage field of the package by a placeholder,
- or by a link to our diversity statement,
- or remove the Homepage field and add a lintian override to explain the
reason. Just "racism" is enough.
- maybe other people have better ideas?

For the justification, anybody with a language model can verify themselves without reading the text. I tried with Mistral-7B-Instruct-v0.3-Q4_K_M.gguf and llama.cpp on a Debian laptop; it works. (slowly)

Finally I would think twice about removing packages unless upstreams are hostile to us. For instance, I have started to screen all the homepages of our packages and found at least another one with clear racist statemnts. But I forsee that going through each case one by one, each with their specificities and divisive effects that will take time to heal if they heal at all, will be excruciating.

Have a nice week-end,

Charles

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med Tooting from home https://framapiaf.org/@charles_plessy
- You do not have my permission to use this email to train an AI -

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Holger Levsen wrote:

and you have choosen your side.

Have I? I haven't expressed any opinion on whether that package should
or shouldn't be in Debian. I have only discussed what the rules say.

And am I the only one who reads that as a threat?

Gerardo

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Quoting Gerardo Ballabio (2026-05-18 10:01:42)

Holger Levsen wrote:

and you have choosen your side.

Have I? I haven't expressed any opinion on whether that package should
or shouldn't be in Debian. I have only discussed what the rules say.

That's how I read your post as well: Just pointing out common
interpretation of rules.

And am I the only one who reads that as a threat?

No.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones
[x] quote me freely [ ] ask before reusing [ ] keep private


--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Subject: Re: Debian should not link to n*zis nor ship their software (Re: Debian Certified Laptops -- Possibility of collaborating with Framework?

Gerardo Ballabio <gerardo.ballabio@gmail.com> writes:

Holger Levsen wrote:

and you have choosen your side.

Have I? I haven't expressed any opinion on whether that package should
or shouldn't be in Debian. I have only discussed what the rules say.

I agree. I did not perceive you arguing that this package should or
shouldn't be in debian, just that this is not a matter of DFSG freeness.

And am I the only one who reads that as a threat?

I don't read it as a threat, but as someone being blinded by feeling
strongly about the topic and feeling the need to voice their emotions.

Best,
-Nikolaus

--- PyGate Linux v1.5.14
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)