When I wrote the code of conduct, I did not make it explicit that I
thought it was not meant to apply to the contents of packages, but I
think that anyone who reads it can understand that this is the case by
the language used.
However, I think it's clear by now that we need a project-wide consensus
on what policies apply to the contents of packages. This discussion
keeps popping up, and we don't really have a good answer, since we never
had a GR about the subject.
- The code of conduct applies to all program messages or documentation
texts that could be seen by a user in the normal use of a Debian
system, as well as to anything written by a Debian developer for the
Debian project. However, the following exceptions apply:
- Quotes by historic people when provided in appropriate context,
- Historic texts that are widely disemminated outside of Debian.
The main paragraph mentions "program messages (...) that could be seen
by a user in the normal use of a Debian system", which does not
encompass things like offensive messages in source code comments, or problematic variable names. This is not an accident; we are not the
morality police, and I think it serves no purpose for us to try to patch
out code of conduct-violating things in upstream source code. This is
not because I think things like that are not a problem; rather, because
I think it is a fight that should be fought upstream, not in Debian. Meanwhile, we should not remove packages from Debian just because
there's one four-letter word directed at a particular person in a fringe comment in a barely-used part of the source code.
The first exception would allow for things like quotes from Mein Kampf
in a fortunes-off package
or in a package that generally discusses the atrocities committed by
the Nazis and provides the quote for context; the second one would
allow things like religious texts or medieval literature.
I considered adding an exception for "quotes that are in a package
explicitly marked as not following this rule" to allow for fortunes-off packages containing anything the maintainer thinks is reasonable; but I
am not sure that it would be welcomed by most people in our community,
and also think that this opens the door to far too much, and I would
rather have a rule that sets explicit exceptions for particular types of offensive contents like I did before. I would be open to adding more exceptions if they're reasonable, these are just the two that I can
think of right now.
On 2025-07-21 at 07:02, Wouter Verhelst wrote:
When I wrote the code of conduct, I did not make it explicit that I
thought it was not meant to apply to the contents of packages, but I
think that anyone who reads it can understand that this is the case by
the language used.
However, I think it's clear by now that we need a project-wide consensus
on what policies apply to the contents of packages. This discussion
keeps popping up, and we don't really have a good answer, since we never had a GR about the subject.
<snip>
- The code of conduct applies to all program messages or documentation
texts that could be seen by a user in the normal use of a Debian
system, as well as to anything written by a Debian developer for the
Debian project. However, the following exceptions apply:
- Quotes by historic people when provided in appropriate context,
- Historic texts that are widely disemminated outside of Debian.
The main paragraph mentions "program messages (...) that could be seen
by a user in the normal use of a Debian system", which does not
encompass things like offensive messages in source code comments, or problematic variable names. This is not an accident; we are not the morality police, and I think it serves no purpose for us to try to patch out code of conduct-violating things in upstream source code. This is
not because I think things like that are not a problem; rather, because
I think it is a fight that should be fought upstream, not in Debian. Meanwhile, we should not remove packages from Debian just because
there's one four-letter word directed at a particular person in a fringe comment in a barely-used part of the source code.
The first exception would allow for things like quotes from Mein Kampf
in a fortunes-off package
I infer from the context here that you are intending that the fact of
being included in a package whose name marks it as containing potentially-offensive material would be the "appropriate context"
referenced by the rule. (If that is not correct, then the next paragraph
or two would not be applicable.)
However, it would be easy to argue that when the Mein Kampf quotes are presented by a call to 'fortune -o' or 'fortune -a', they are presented without *any* context, and therefore are not being provided "in an appropriate context".
or in a package that generally discusses the atrocities committed by
the Nazis and provides the quote for context; the second one would
allow things like religious texts or medieval literature.
Would there be need to consider the definition of "historic" for these purposes?
Would that be a line that shifts forward as history
progresses? Is there even an important value in the "historic" qualifier here, at least for the second exception, vs. letting that exception
cover widely-disseminated texts more broadly?
On Mon, Jul 21, 2025 at 08:29:03AM -0400, The Wanderer wrote:
On 2025-07-21 at 07:02, Wouter Verhelst wrote:
The first exception would allow for things like quotes from Mein Kampf
in a fortunes-off package
I infer from the context here that you are intending that the fact of
being included in a package whose name marks it as containing
potentially-offensive material would be the "appropriate context"
referenced by the rule. (If that is not correct, then the next paragraph
or two would not be applicable.)
However, it would be easy to argue that when the Mein Kampf quotes are
presented by a call to 'fortune -o' or 'fortune -a', they are presented
without *any* context, and therefore are not being provided "in an
appropriate context".
Yes, good point. Let me reword the exception to say,
"Quotes by historic people when either provided in an appropriate
content, or when behavior contrary to these policies was explicitly requested."
This leaves the "by historic people" part of the exception, even to fortunes-off packages. I don't think we should be having a policy that basically allows discriminatory remarks by any Tom, Dick or Harry who
found their way to IRC at some point in the past to make it through this
or our regular code of conduct.
or in a package that generally discusses the atrocities committed by
the Nazis and provides the quote for context; the second one would
allow things like religious texts or medieval literature.
Would there be need to consider the definition of "historic" for these
purposes?
Not in my opinion, no.
One thing I learned while drafting the original code of conduct is that
it's always OK, and sometimes sometimes beneficial, to be vague.
If you make up rules of human behavior, there will always be a bit of a
gray zone where it is not clear whether something is allowed, according
to the rules, or not. You can never hope to eliminate that gray zone completely; you can only make it asymptotically smaller. However, every
time you try to do so, there are two things that will happen:
- Your text gets larger and larger, until it gets unwieldy
- The chance increases of the rules outlawing something that should not
be outlawed, or not outlawing something that should be.
Because of this, I think it is a better idea to have a definition that
uses terms that are generally understood while still having some leeway
in it.
The phrase "historic person" is generally understood to mean "a person
of note who lived some time ago". Plato is, today, a historic person. So
are Adolf Hitler, JFK, and Yassir Arafat. But my great-great-great-great-great-great-grandfather, Petrus Verhelst[1], is
not, because he was not "a person of note". The current US president,
whoever that is at the time of writing of a particular text, also not. I don't know where the cutoff point is, and neither do you, and I think
that's a feature, not a bug.
Would that be a line that shifts forward as history progresses? Is
there even an important value in the "historic" qualifier here, at
least for the second exception, vs. letting that exception cover
widely-disseminated texts more broadly?
I think "widely-disseminated texts" also covers "memes", and just
because a racist text became a meme in some despicable Internet
subgroup doesn't mean we should accept it in Debian.
On 2025-07-21 at 10:41, Wouter Verhelst wrote:
This leaves the "by historic people" part of the exception, even to fortunes-off packages. I don't think we should be having a policy that basically allows discriminatory remarks by any Tom, Dick or Harry who
found their way to IRC at some point in the past to make it through this
or our regular code of conduct.
Agreed. (Though some of the quotes already present in fortunes-off - including some, but certainly not all, of the ones even I might agree
should be removed - come from what appear to be past Debian developers
in IRC. That's not "any Tom, Dick, or Harry", but it's not far off either.)
Looking at the CoC again imho it just does not apply to this
purpose. The CoC is all about interaction between people while this is
more like a one-way-street.
I would rather have something much narrower which could not be misused
to e.g. prevent shipping doom.
One thing I learned while drafting the original code of conduct is that
it's always OK, and sometimes sometimes beneficial, to be vague.
If you make up rules of human behavior, there will always be a bit of a
gray zone where it is not clear whether something is allowed, according
to the rules, or not. You can never hope to eliminate that gray zone completely; you can only make it asymptotically smaller. However, every
time you try to do so, there are two things that will happen:
- Your text gets larger and larger, until it gets unwieldy
- The chance increases of the rules outlawing something that should not
be outlawed, or not outlawing something that should be.
Because of this, I think it is a better idea to have a definition that
uses terms that are generally understood while still having some leeway
in it.
On Mon, Jul 21, 2025 at 04:59:32PM +0200, Iustin Pop wrote:
My point is here that setting a CoC for package data is just a proxy forHonestly, what *I* want is an answer, that we all can agree with, to the >question of whether the code of conduct applies to what we package, and
what we actually want, which I'm not sure is clear (to me; it might
already be to other people). If it is, then deriving the CoC for
packages from it should be rather straightforward.
if so whether it fully applies or only partially.
On Mon, 21 Jul 2025 19:22:22 +0200, Wouter Verhelst wrote:
On Mon, Jul 21, 2025 at 04:59:32PM +0200, Iustin Pop wrote:
My point is here that setting a CoC for package data is just a proxy for what we actually want, which I'm not sure is clear (to me; it might already be to other people). If it is, then deriving the CoC forHonestly, what *I* want is an answer, that we all can agree with, to the question of whether the code of conduct applies to what we package, and
packages from it should be rather straightforward.
if so whether it fully applies or only partially.
I'm feeling somewhat uneasy, and/because I think we have a logical problem here:
- The CoC is about interaction between people;
- what we are discussiong right now is accaptable contents of packages (messages, texts).
That's categorically different; I can't be respectful, assume good faith, be collaborative, be concise, be open, etc. against a text (as I can be about other people's behaviour).
I see the point in this topic about creating rules about what texts we want and don't want to have in Debian. But I strongly think that framing this as "application of the Debian CoC for packages" is a logical dead end. - If we want this, we need to create some new "What language is acceptable in
Debian" rules.
I.e. we just can't afford to be the morality police, but we agree with
it and wish someone would do it.
More like, we think it's a good idea if someone did it, but it's not the
main focus of our project and we should focus on the things that we can change (i.e., what gets into Debian), rather than trying to impose our
will upon the larger (Free Software) world.
Also, it seems to me that we're talking about an issue that isn't a
recurrent problem in the project, so it perhaps doesn't really need new rules, a GR or another long thread in -vote.
Honest question: in ~30 years, how many packages have been removed from
our archive due to offensive content? 4? 5? How many of the removal
requests turned into big drama?
Hi,
On 7/22/25 02:22, Wouter Verhelst wrote:
I.e. we just can't afford to be the morality police, but we agree with
it and wish someone would do it.
More like, we think it's a good idea if someone did it, but it's not the main focus of our project and we should focus on the things that we can change (i.e., what gets into Debian), rather than trying to impose our
will upon the larger (Free Software) world.
FWIW, someone else being the morality police is going to go poorly, it is therefore not a good idea, and we should resist it when it comes up.
However, this should not take the form of the stupidest form of liberalism where the more vile the speech you defend, the more of a free speech
advocate you are.
We decide what we ship and therefore make available to a wider audience, and this can not be distinct from our own values, or we spend a lot of time counteracting ourselves.
Hello,
Also, it seems to me that we're talking about an issue that isn't a recurrent problem in the project, so it perhaps doesn't really need new rules, a GR or another long thread in -vote.
It is a recurrent problem in the project. It's not daily but it
certainly is recurrent.
Honest question: in ~30 years, how many packages have been removed from
our archive due to offensive content? 4? 5? How many of the removal requests turned into big drama?
AFAIK, all of them.
On 21/07/2025 19:22, Wouter Verhelst wrote:
Do I think the answer "the code of conduct does not apply to packages in Debian and anything is allowed there" is appropriate? Well, that's complicated, as then that opens the door to blatant coc violations in changelog entries. Someone writing a changelog entry with "**** the XYZ team for making my life a living hell with this stupid requirement" in
it is potentially violating the code of conduct.
Noting briefly: yes, the "debian/" directory / tarball is a "mode of communication within the project" and already covered by the CoC.
* Wouter Verhelst: " CoC policy for package contents (was: Re: Can the
community team remove packages or kick me out for not removing packages?)"
(Mon, 21 Jul 2025 13:02:32 +0200):
Hi Wouter,
I intend to make this a formal GR proposal with the third option in the above list a few weeks from now, unless the thread is still full-on and productive by then.
I appreciate a lot your proposal. Would it make sense to delay a little bit further, because in a few weeks from now quite some interested people at least
in EU will be on vacation?
More importantly than morality issues Debian needs to consider legal
issues. I have no idea whether a CoC or GR is needed but if such an GR
is put to the vote legal constraints cannot be ignored.
Am 21.07.25 um 20:05 schrieb Lucas Nussbaum:
On 21/07/25 at 19:22 +0200, Wouter Verhelst wrote:
I can think of a few more examples that caused controversies in in the
past:
- A system load monitor, about 20 years ago, that used a cartoon of a
lady who was progressively undressed as the computer got warmer.
It was named 'hot-babe'.
Those themes for hot-babe could serve as test data points for a policy
on the content of packages: http://caca.zoy.org/wiki/hot-babe
- A toolkit called "weboob" (for "WEB Outside Of Browser") that had
devolved into a bunch of juvenile boob jokes
#906119, #907199
I vaguely remember a mailing list discussion about distributing a game
with child-porn elements - that was considered fine by some but is
strongly illegal in lots of jurisdictions. Luckily it never made it into Debian.
I *also* think that it's not a problem if software in Debian does such
things optionally, if explicitly enabled. But perhaps not everyone
agrees with that, and that's fine.
The line is difficult to draw: fortunes-*-off, hot-babe or weboob
are/were optional in Debian (as in no user is forced to install them,
and they probably don't/didn't have reverse-depends). So it would be OK
to keep them in Debian?
Debian has a responsibility regarding their mirrors to not make them inadvertendly distribute punishable material, even if optional. In some jurisdictions this also involves historical quotes if not put into a scientific historical context. Keeping them optional will not help the
mirror in case it gets under scrutiny.
I know that what different jurisdictions see as punishable offense
differs wildly around the world. But there is at least some agreement in
a majority of jurisdiction about what never goes and about what only
goes from a certain age. Remember that distributing inappropriate
material to minors is also punishable in some (most?) jurisdictions. And Debian does not do age verification. This means that at least the user interaction of every package needs to stay on the "appropriate for children"-side. No matter whether optional or not.
I haven't looked at fortune-off but if it contains porn, violence or
quotes of certain historical figures without appropriate context (I'm
not talking about DDs here), it needs to leave Debian.
Enforced age verification might cause problems for some games which does
not sit well with me and might need further discussion if legislation
goes as planned by the EU. But even games in Debian should have their
limits (as in the example mentioned above).
In any case user interaction can be required to respect the laws and
whenever anybody feels the need to present material to the user that is
known to be illegal in many jurisdictions it should not be distributed
by Debian. At the very least in order to protect our mirrors.
[email protected] writes:
There may be some edge cases. What if a country decided to forbid
shipping youtube downloaders ? Or gambling software ?
Or cryptographic algorithms that do not have government back doors.
There may be some edge cases. What if a country decided to forbid
shipping youtube downloaders ? Or gambling software ?
I see absolutely no reason for an uproar about a minor package that the release team (I fully trust their evaluation) considered to be not adequate for being legally distributed by Debian. If not already done, source should be removed too, for the same legal reasons.
Yes, if a package is illegal in a jurisdiction we care about (this does not necessarily include the whole world), it needs to be removed. Full stop. There is no compromise possible on that. I'm not discussing morals here. I'm discussing law.
That being said I have not downloaded and checked any fortune package myself because messages in this thread described content that is illegal in my jurisdiction. Nothing said in this thread convinced me otherwise.
That very much depends on "which quotes?".
period that you are not allowed to repeat in Germany without extensive discussion of historical context. I cannot see anybody reviewing every language to make sure those quotes are reliably removed.
I see absolutely no reason for an uproar about a minor package that the release team (I fully trust their evaluation) considered to be not
adequate for being legally distributed by Debian.
I'm not sure whether developing a Code of Acceptable Content policy at
this point in time is a good idea though.
Ilu <[email protected]> writes:
I'm not sure whether developing a Code of Acceptable Content policy at
this point in time is a good idea though.
I'll go much further than that, and say that I believe it's an
exceptionally bad idea.
As Debian Developers, we commit to adherence to a set of core common
values, which are expressed in our Social Contract. None of those
values clearly lead us to need a policy governing package content on any
axis other than compliance with the DFSG.
If external forces, like laws, force us to elide some content or come up
with additional complications in our distribution mechanisms as US law
on crypto export once did, then fine, we'll deal with those when we
must. But trying to apply some sort of moral code to package content,
or offering to avoid offending individuals or groups with the software
we distribute, feels likely to be directly in conflict with DFSG 5, "No Discrimination Against Persons or Groups", and/or DFSG 6, "No
Discrimination Against Fields of Endeavor".
It is at best a VERY slippery slope given our broad differences of
opinion about what is and is not offensive, that I think we should
completely avoid.
Am 24.07.25 um 12:27 schrieb Ilu:
Shipping gambling software is already forbidden in some jurisdictions
since Debian does not do age verification. At least if the gambling involves money in some way. Needs further investigation, does Debian
have such a package?
Shipping youtube downloaders has been negatively decided by at least one court case in one country that I know of, but the verdict is only enforcable inter partes. Shipping carries significant legal risks
though..
Shipping games without age verification is another risk. Has anybody
ever reviewed the games Debian ships under that aspect? I'd help with
such a review, I just don't want to install all those games and waste
time on playing them.
Just to make sure I'm not misunderstood: I do not want to start a discussion about games removal. I would - if really necessary - propose a move to a separate section in the archive to facilitate an easy "parental controls" setup.
The problem with this entire email (and other ones like it elsewhere in
the thread) is that it ignores that we are already there.
It is my understanding that fortunes packages with so called 'offensive' contents are being removed from the archive for code of conduct
reasons[1]. The debian changelog aside, this was never the intent of
the code of conduct, and that means that the code of conduct is being
abused, today, as a sort of code of acceptable conduct.
When I said upthread that I thought we should apply the code of conduct
to some parts of our package archive, it was because I bekieve (and a
member of the conduct team stated tey agree with that position) that
things like the debian changelog qualify as Debian conduct and thus fall under the CoC. When a package sprouts insults our users or at Debian in general, I think we should take reasonable efforts to switch that
behavior off (e.g., by not shipping sudo with the 'insults' feature on
by default), but we shouldn't require extensive patching to do so, and
we shouldn't exclude packages from the archive for that reason.
Yet, fortunes-off packages have been and are being removed, against the package maintainer's explicit wishes, for these reasons. This means that
we already do have an effective code of acceptable conduct, decided by
the release team and not the project at large, and I think that is
wrong.
I want us to have a vote on this subject so everyone agrees on what is expected, but I would want the outcome of that vote to make it clear
that, with perhaps a few exceptions as stated above, the code of conduct
does *not* apply to the archive and removing packages for that reason is wrong.
But make no mistake about it: the status quo is not "we have no code of acceptable conduct". The status quo is that we do.
[1] I say 'understanding' because I did not actually check the
communication from the release team that happened when these
packages were being removed, so all I know is second hand
information that may be inaccurate. Even so, that would imply that
there is some confusion about this subject, which is a similar
problem that a vote could solve, too.
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22
Parental controls don't need a separate section. They need you to not
give root access to the child.
I could see us perhaps add a field to debian/control to say "in
jurisdiction X, this package is considered acceptable for people over Y
years of age", and then add some controls in apt to disallow it to
install packages marked as such
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 715 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 13:12:23 |
| Calls: | 12,100 |
| Files: | 15,003 |
| Messages: | 6,518,006 |