diff options
author | galaxico <galaxico@quteity.cti> | 2019-07-27 17:31:01 +0300 |
---|---|---|
committer | galaxico <galaxico@quteity.cti> | 2019-07-27 17:31:01 +0300 |
commit | d1faaff4691ce303281aef03d4cd89f53a855b5d (patch) | |
tree | 8097dd5945647c26d798666e6b3edfef93275954 /greek/legal | |
parent | a4b1a79838b5e9dae7d6fef4ea3882c245e3421a (diff) |
additions to Greek translations
Diffstat (limited to 'greek/legal')
-rw-r--r-- | greek/legal/anssi.wml | 90 | ||||
-rw-r--r-- | greek/legal/cryptoinmain.wml | 750 | ||||
-rw-r--r-- | greek/legal/licenses/Makefile | 1 | ||||
-rw-r--r-- | greek/legal/licenses/gpl2.wml | 482 | ||||
-rw-r--r-- | greek/legal/licenses/index.wml | 132 | ||||
-rw-r--r-- | greek/legal/licenses/mit.wml | 24 | ||||
-rw-r--r-- | greek/legal/notificationforarchive.wml | 65 | ||||
-rw-r--r-- | greek/legal/notificationfornewpackages.wml | 66 | ||||
-rw-r--r-- | greek/legal/patent.wml | 83 | ||||
-rw-r--r-- | greek/legal/privacy.wml | 248 |
10 files changed, 1941 insertions, 0 deletions
diff --git a/greek/legal/anssi.wml b/greek/legal/anssi.wml new file mode 100644 index 00000000000..6f4291bd0d7 --- /dev/null +++ b/greek/legal/anssi.wml @@ -0,0 +1,90 @@ +#use wml::debian::template title="Cryptographic export/import attestation" +#use wml::debian::translation-check original="french" translation="bb3439fa8a9568782acebb5b5b50d732ec55014a" +#use wml::debian::translation-check translation="c0816ff3dae7deb1cd48fb2f83fa934f5e5f3559" maintainer="galaxico" + +<p> +Following the <a +href="debian-lenny-crypto-declaration.pdf">\ +declaration related to cryptology equipment</a>, the <a +href="http://www.ssi.gouv.fr/site_rubrique88.html">\ +FNISA (ANSSI)</a> assigned the <a +href="debian-lenny-crypto-attestation.pdf">\ +file number 1101027</a> to the request. +</p> + +<p> +Here is the translation of the <a +href="debian-lenny-crypto-attestation-export.pdf">\ +cryptographic export/import attestation</a> received; please use the <a +href="anssi.fr.html">original version</a> for legal purposes. +</p> + +<hr/> + +<p> +Paris, 20 January 2011 +</p> + +<p> +General Secretariat for Defence and National Security +<br/> +<em>French Network and Information Security Agency</em> +<br/> +<em>Regulatory Oversight Office</em> +</p> + +<p style="class:center"><strong> +The Chief Executive of the French Network and Information Security Agency +<br/> +to +<br/> +Mr Yves-Alexis Perez +</strong></p> + +<table border=0 width="100%" summary="mail headers"> +<colgroup span="2"> +<col width="10%"><col> +<tr><td> +Subject: +</td><td> +Classification of a cryptology equipment +</td></tr> +<tr><td> +Reference: +</td><td> +Your cryptology equipment declaration for <strong>Debian version 5.0 +(Lenny)</strong>, registered under the file number <strong>1101027</strong>. +</td></tr> +</table> + + +<p> +Sir, +</p> + +<p> +I hereby certify that the cryptology equipment indicated +in the above declaration comes under Category 3 +of Schedule 2 of decree No. 2007-663, 2 May 2007. +</p> + +<p> +I consequently inform you that you may freely engage in +transfer operations to a member state of the European Union and +export to a third-party state with this cryptology equipment. +</p> + +<p> +This declaration does not in any way constitute a statement about +the quality of this cryptology equipment or a recommendation +from the French Network and Information Security Agency. +</p> + +<p> +Yours Sincerely +</p> + +<p> +Ivan Maximoff, policy officer responsible for cryptography controls +</p> + diff --git a/greek/legal/cryptoinmain.wml b/greek/legal/cryptoinmain.wml new file mode 100644 index 00000000000..ec40e7adff6 --- /dev/null +++ b/greek/legal/cryptoinmain.wml @@ -0,0 +1,750 @@ +#use wml::debian::template title="Exploring Cryptographic Software in Debian's Main Archive" BARETITLE=true +#use wml::debian::translation-check translation="ba01cfdc529712e3626bdf15fd37d39e94126794" maintainer="galaxico" + +# Nota bene! This is basically draft text from the lawyers, and it must +# _not_ be modified for spelling errors and such. Formatting changes are +# fine (I think). -- Joy + +<table width="100%" summary="mail headers"> +<colgroup span="2"> +<col width="10%"> +<col> +</colgroup> +<tr><td>To:</td> + <td><a href="https://www.spi-inc.org/">Software in the Public Interest</a>, <a href="https://www.debian.org/">Debian Project</a></td></tr> +<tr><td>From:</td> + <td>Roszel C. Thomsen II, Partner, <a href="http://www.t-b.com/">Thomsen & Burke LLP</a></td></tr> +<tr><td>Date:</td> + <td>July 31, 2001</td></tr> +<tr><td>Re:</td> + <td>Exploring Cryptographic Software in Debian's Main Archive</td></tr> +</table> + +<p>Thank you for this opportunity to comment on Sam Hartman's white paper +entitled <q>Exploring Cryptographic Software in Debian's Main Archive</q>.</p> + +<p>We are providing this information as a general guideline to you. BXA +requires that each entity exporting products be familiar with and comply +with their affirmative obligations set forth in the Export Administration +Regulations. Please note that the regulations are subject to change. We +recommend that you obtain your own legal advice when attempting to +export. In addition some countries may restrict certain levels of +encryption imported into their country. We recommend consulting legal +counsel in the appropriate country or the applicable governmental +agencies in the particular country.</p> + +<p>By way of background, the export of cryptographic software from the +United States is governed under the United States Export Administration +Regulations (<q>EAR</q>, 15 CFR Part 730 et seq.) administered by the +Commerce Department's Bureau of Export Administration (<q>BXA</q>). BXA +revised the provisions of the EAR governing cryptographic software most +recently on October 19, 2000. I refer to these as the <q>new US +Regulations</q> in order to distinguish them from prior regulations that +were more restrictive.</p> + +<p>When the Clinton Administration came to Washington, encryption items +were controlled for export from the United States as <q>munitions</q> under +the Arms Export Control Act and the International Traffic in Arms +Regulations. Most applications for licenses to export strong encryption +items were denied. Industry and public interest groups lobbied for +liberalization, and the Clinton Administration reformed the outdated +U.S. export controls on encryption items in a series of graduated steps, +culminating the new US Regulations. The new Bush Administration is +considering further liberalizations that may be published later this +year.</p> + +<p>Despite these liberalizations, the U.S. export controls on commercial +encryption items remain complex and onerous. American companies must +submit encryption items for technical reviews by the intelligence +authorities prior to export. Exports to some agencies of foreign +governments require licenses, as do exports to telecommunications and +Internet service providers wishing to provide services to some +government agencies. Finally, post-export reporting requirements apply +to many exports from the United States. Thus, U.S. encryption export +controls continue to impose a significant regulatory burden on American +companies, retarding the worldwide deployment of strong cryptography in +commercial software programs.</p> + +<p>Not all software programs with encryption are commercial products, +however. For purposes of the EAR, cryptographic source code controls +fall into three categories: (a) open source, (b) community source, and +(c) proprietary source. The rules governing exports of each type of +source code are different, and they have been amended in important +respects in the new US Regulations.</p> + +<p>Open source refers to software that is available to the public without +restriction free of charge, under a GNU-style license agreement. Debian +would appear to fall into this category. The old regulations allowed +the export of open source to any end-user without a technical review, +provided that the person making the open source available filed a +contemporaneous notification with BXA and the National Security Agency +(<q>NSA</q>). However, the old regulations were silent with respect to +restrictions (if any) on the export of compiled executable software +derived from open source.</p> + +<p>Under the new US Regulations, not only the open source, but also the +compiled executable software derived from open source, is eligible for +export under the same conditions as the open source itself, provided +that the compiled executable is available without restriction and free +of charge. Unfortunately, if you include the compiled executable +software into a product that you distribute for a fee, then the +resulting product is subject to all of the rules that apply to +commercial software programs. For example, they must be submitted to +BXA and NSA for a one-time technical review, described above.</p> + +<p>Community source refers to software that is available to the public free +of charge for non-commercial use but that contains further restrictions +on commercial use. Community source may be exported under essentially +the same conditions as open source, but community source remains subject +to more detailed reporting requirements.</p> + +<p>Proprietary source refers to all source code that is neither <q>open</q> +nor <q>community</q> source. Exporters may provide proprietary source code +to any end-user in the EU and its partners, and to any non-government +end-user in other countries, promptly upon filing of a technical review +with BXA and NSA. The same reporting requirements applicable to +community source also apply to proprietary source.</p> + +<p>Please keep in mind that persons in the US who may post to sites outside +the US are governed by US law, even if they do so in their individual +capacity. Therefore, you may want to warn persons in the US that their +posting to the current crypto server outside the US are still subject to +US regulations.</p> + +<p>Finally, you should be aware that a core set of US export controls apply +to all exports of open source cryptographic software from the United +States. In essence, these controls prohibit the export of open source +cryptographic software under License Exception TSU to (1) prohibited +parties (listed at <a href="http://www.bxa.doc.gov/DPL/Default.shtm">http://www.bxa.doc.gov/DPL/Default.shtm</a>), +(2) prohibited countries (currently Cuba, Iran, Iraq, Libya, North +Korea, Sudan, Syria and Taliban Occupied Afghanistan) and (3) design, +development, stockpiling, production or use of nuclear, chemical or +biological weapons or missiles.</p> + +<p>With this background, your specific questions with respect to Debian are +address in the order that they appear in Sam Hartman's white paper, +below in italics.</p> + +<hr /> + +<h2><i>Exploring Cryptographic Software in Debian's Main Archive</i></h2> + +<p><i>Sam Hartman</i></p> + +<p><i>Debian Project</i></p> + +<hrline /> + +<p style="margin-left: 2em"> + <i>Debian is a free operating system. Currently for US export reasons, Debian + splits cryptographic software off into a separate archive located outside + the US. This document summarizes the questions we would need to answer from + a legal standpoint in order to merge these two archives.</i> +</p> + +<hrline /> + +<h3><i>About Debian</i></h3> + +<p><i>Debian is a group of individuals working to produce a free operating system. +These individuals are responsible for decisions they make while working on +Debian; there is no legal Debian organization that developers work for or that +decisions are made on behalf of. There is a registered non-profit, Software in +the Public Interest (SPI), that holds money and resources for Debian. So +decisions developers make may impact resources owned by SPI and thus impact +SPI. Other Debian resources are owned by various sponsors. Debian generally +depends on sponsors for network connectivity. There are also third-party groups +that copy the Debian software onto mirrors so that people around the world can +download and use it. Others make and sell CDs of Debian. All these groups might +be accountable to a greater or lesser extent for the decisions Debian makes. We +want to conduct ourselves in a manner that minimizes the liability for all +parties and, within that constraint, maximizes the value of our efforts.</i></p> + +<p><i>As with all operating system vendors, Debian needs to include cryptographic +software. This software provides security, allows users to engage in Internet +commerce, and accomplishes other tasks requiring cryptography. Today, this +software is stored on a server outside the United States, known as the <q>non-US +server</q>. Currently Debian takes no measures to assist US developers in +following export control regulations if they upload software to the non-US +archive or to prevent them from uploading software. We would like to move +cryptographic software from the non-US server onto our main server in the US.</i></p> + +<p><i>With the increasing networked nature of the work, and the fact that more and +more critical functions are being placed on computing platforms, and the +unfortunate growth of mischief and deliberate malice, security is going to be +increasingly important. Cryptography is an important corner stone of a number +of security processes. Any OS that does not make an effort to seamlessly +integrate cryptography is unlikely to be competitive.</i></p> + +<p><i>Putting all software on a single source, and the corresponding ability to +create a single set of CD's that have integrated cryptographic support makes it +easier for the users, makes it easier for CD vendors, simplifies the task of +developers uploading software to these sites, and simplifies the task of +replicating the software repositories on the internet.</i></p> + +<p><i>The rest of this document will focus on the main server within the US and on +its mirrors and copies around the world. It's important to realize that there +is currently a parallel structure set up to deal with the non-US server.</i></p> + +<p><i>Every few months Debian developers release a new official version of Debian. +This software is made available on the main (and for cryptographic software, +the non-US) server to a group of primary mirrors around the world. These +mirrors copy the software off the main server and make it available to users +and secondary mirrors. The users can use HTTP, FTP, or a variety of other +methods to retrieve the software. CD images are made available to users and +resellers. These images can be burned onto physical CDs by individuals or by +those wanting to sell/give away Debian.</i></p> + +<p><i>In addition, there are two constantly evolving releases of Debian: the testing +and unstable releases. These releases are updated on a daily basis by +developers around the world. Like the official releases, these releases are +made available on the main and non-US servers to primary mirrors. The primary +mirrors make software available via HTTP, FTP and other methods both to end +users and to secondary mirrors. CD images are sometimes made from these +releases. The important difference between these evolving releases and the +official release is that they are constantly changing.</i></p> + +<p><i>Often, developers upload binaries and source code at the same time. However, we +support many different types of computers each of which requires different +binaries for the same source code. Most developers make binaries only for one +of the computer architectures we support when they upload a changed program. +Automated processes go and use the source code they have uploaded to make +binaries for the other architectures. As such, some binaries for a particular +source code program will likely be uploaded at a later time than that source +code.</i></p> + +<p><i>Some Debian developers also use Debian resources to work on as-yet-unreleased +software. The primary resource that is useful for this task is the Debian CVS +server. Source code to projects on this server is almost always available to +the public, but may change many times in a day. The CVS server is in the US.</i></p> + +<p><i>However most Debian software is not developed directly by Debian developers. +Instead, the software is released to the public by some third party. Some +software is made available to the public on sites within the US, while other +original authors release their software on sites outside the US. Debian +developers are responsible for integrating the software into Debian. As part of +this job, many Debian developers end up working closely with the original +software author, often contributing code back to the original release.</i></p> + +<p><i>The software in Debian complies with the Debian Free Software Guidelines; the +DFSG. We believe this software has publicly available source code in the sense +of section 740.13(e) of the EAR. The guidelines require that the source code be +redistributable. The DFSG indirectly requires that one be able to distribute a +product based on the source code without paying a fee. We distribute all the +source code in Debian as part of our releases. Other software is distributed in +our non-free archive, but our focus in this document is on the DFSG-free +software. We would be interested in knowing to what extent we could move +non-DFSG-free software for which we can distribute source code into the US, but +we want to make sure advice in this area does not get confused with advice on +how to handle DFSG-free software.</i></p> + +<p><i>Debian developers live around the world and are citizens of many countries. +Obviously some are US citizens, but many others are not. Some may be citizens +of the seven forbidden countries in EAR section 740.13(e).</i></p> + +<p><i>As mentioned, we have mirrors all around the world. We do not have any official +mirrors (mirrors with which the project is connected) in any of the seven +countries listed in EAR section 740.13(e), although since our software is +publicly available, it might be copied into these countries. Most mirrors +within the US currently only mirror the main server (the one without +cryptography), although some mirror both the main and non-US portions of the +archive. Debian takes no responsibility for mirrors within the US that mirror +the non-US portion of the archive.</i></p> + +<hrline /> + +<h3><i>Our Goal</i></h3> + +<p><i>We want to include cryptographic software in our main archive. We want to +understand the risks to developers, users, SPI, mirror maintainers, CD +resellers, sponsors and any other parties that are connected with Debian so +that we can make an informed decision. We want to be able to document and +publicize these risks so that these parties do not commit a crime through +ignorance. Obviously, we also want to avoid taking unnecessary risks.</i></p> + +<p><i>In particular we would like to consider the following activities:</i></p> + +<ul> +<li><i>On a daily basis, adding and modifying DFSG-free software to our releases. + In practice only the testing and unstable releases are modified on a daily + basis, but the other releases are modified from time to time.</i></li> + +<li><i>Distributing cryptographic software as part of our releases over the + Internet and on CDs.</i></li> + +<li><i>Adding and changing DFSG-free cryptographic software on our CVS server.</i></li> + +<li><i>Any reactions we'd have to have to any changes in cryptographic regulations + (or laws).</i></li> +</ul> + +<hrline /> + +<p><em>END Debian Document Preamble</em></p> + +<p>I will try to reflect these goals in my answers to your questions. By +way of summary, I think that an initial notification should suffice for +the current archive and updates thereto. A new notification would be +required only if a new program with encryption should be added to the +archive. Additional distribution of freeware does not require further +notification. However, commercial versions would be subject to the +technical review, licensing and reporting requirements that apply to +other commercial products. Predicting the future of changes to laws or +regulations is difficult, but if the law changes, you would either have +to take down the site or modify it in order to remain in compliance. +You have no obligation to inform other constituencies of their legal +obligations, but if you have a list of frequently asked questions, I +would be pleased to suggest appropriate responses that you might wish to +offer.</p> + +<p>Questions (Note, each question by Debian is marked with "D:")</p> + +<blockquote class="question"> +<p> +<span>D:</span> + Do we need to notify the Bureau of Export Administration (BXA) + about software we add to releases? +</p> +</blockquote> + +<p>If the notification is drafted properly, and the archive remains on the +site identified in the notification, then you only have to file a single +notification with BXA for the initial archive. Only one notification +for one U.S. site is required; no separate notification is required for +mirror sites inside or outside the U.S. This notification would only +have to be updated if you added a new program implementing encryption.</p> + +<pre> + Department of Commerce + Bureau of Export Administration + Office of Strategic Trade and Foreign Policy Controls + 14th Street and Pennsylvania Ave., N.W. + Room 2705 + Washington, DC 20230 + + Re: Unrestricted Encryption Source Code Notification + Commodity: Debian Source Code + + Dear Sir/Madam: + Pursuant to paragraph (e)(1) of Part 740.13 of the U.S. Export + Administration Regulations ("EAR", 15 CFR Part 730 et seq.), we are + providing this written notification of the Internet location of the + unrestricted, publicly available Debian Source Code. Debian Source Code + is a free operating system developed by a group of individuals, + coordinated by the non-profit Software in the Public Interest. This + archive is updated from time to time, but its location is constant. + Therefore, and this notification serves as a one-time notification for + subsequent updates that may occur in the future. New programs will be + the subject of a separate notification. The Internet location for the + Debian Source Code is: https://www.debian.org. + + This site is mirrored to a number of other sites located + outside the United States. + + A duplicate copy of this notification has been sent to the ENC + Encryption Request Coordinator, P.O. Box 246, Annapolis Junction, MD + 20701-0246. + + If you have any questions, please call me at (xxx) xxx-xxxx. + + Sincerely, + Name + Title +</pre> + + +<blockquote class="question"> +<p> +<span>D:</span> + What information do we need to include in the notifications? +</p> +</blockquote> + +<p>The draft language above includes the information that you need to +include in the notification</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + How often do we need to notify? We want to notify as little as + possible as it creates more work for us and for the government, + but we want to notify as often as necessary to follow the + regulations. +</p> +</blockquote> + +<p>As drafted above, and assuming that the archive remains on the Internet +site identified in the notification, you should not have to file a +subsequent notification for subsequent updates. You would only file +another notification if you added a new program implementing +cryptography.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + If we move our cryptographic software into this country, + and the laws or regulations change to be more restrictive, what + are we likely to lose? Would we have to destroy any software, + or CDs? Would we have to remove it from our master or secondary + sites? If we use the increased availability of cryptographic + software to improve the security of the rest of the system, and + the cryptographic legal climate worsens, would be likely to have + to discard all copies of such software in the U.S.? +</p> +</blockquote> + +<p>The trend has been toward increased liberalization of the export +controls on cryptography in the United States, rather than increased +restrictions. This trend has been constant over the past decade and has +accelerated in the past year. We cannot advise you with respect to what +you might lose unless and until new regulations are published. However, +we believe that you would retain copyrights to the software and some, +albeit perhaps more limited, rights to export.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + In order of decreasing preference, we would like to notify: + </p> + <ul> + <li>Once for the entire Debian archive</li> + + <li>Once for each official release (keeping in mind that + testing/unstable change between releases)</li> + + <li>Once when a new program containing cryptography is added to + the archive</li> + + <li>Once when a new version of a program containing cryptography + is added to the archive.</li> + </ul> + +</blockquote> + +<p>I think that you only have to file a new notification if you add a new +program that incorporates cryptography. Updates to existing programs +should be covered by the broad language of the notification we +suggested, above.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + New packages enter the debian archive through the following sequence + of steps. At what point must the notification happen? +</p> + <ol> + <li>Upstream developer releases a package as open-source. + This step gets skipped in the case of a native-Debian package.</li> + <li>A Debian developer packages the source and binary for Debian, + frequently with source changes.</li> + <li>The package is uploaded to ftp-master, incoming.</li> + <li>The new package fails to install, because it's new.</li> + <li>Ftp admins add the needed records for the package.</li> + <li>The package installs into the archive, within a few days.</li> + <li>The package gets copied to the mirror sites.</li> + </ol> +</blockquote> + +<p>The regulations are pretty clear that the notification has to occur +prior to or contemporaneous with public availability. Exports prior to +public availability require an export license. Therefore, if the archive +in step 3 is not publicly available, then either the package must be made +publicly available prior to step 3 (and notifications sent), or export +licenses will be needed for Debian developers. If the archive in step 3 +is publicly available, then notification at that point would eliminate the +need to have export licenses for Debian developers.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + If the upstream author has notified BXA, is the notification needed? + (Packaging for debian can involve modifications to the source + involving file locations, and occasionally functional differences, + although the general goal is to make the upstream code work in + Debian with minimal modification.) +</p> +</blockquote> + +<p>If the upstream author has notified BXA, that is sufficient.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Do we need to notify when new binaries (object code) are added if + we have already notified for the source code? +</p> +</blockquote> + +<p>I do not think that you have to file a new notification for object code, +provided that a notification for the source code has been filed.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Is notification required for programs that do not contain crypto + algorithms, but are linked against crypto libraries? What about + programs that launch other programs in order to do cryptographic + functions? +</p> +</blockquote> + +<p>As long as the program is open source, it may include an open crypto API +and still qualify under License Exception TSU.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + New programs can be checked easily prior to their release (and + notification done at that time), but when an update is performed, + there isn't a manual step at which to do the notification. Would + it be acceptable to notify BXA for each addition of software, with + an indication that future updates may include the addition of + crypto functionality? +</p> +</blockquote> + +<p>Yes. Overreporting should probably be avoided where reasonable, but +underreporting must be avoided. Future updates of an existing program +do not require separate notification. Only new programs require separate +notification.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Can we automate the process of sending in notifications? +</p> +</blockquote> + +<p>You may automate the process of sending notifications. This in an +internal procedural matter. BXA and NSA do not care how you handle the +filing of notifications internally.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + What form should the notification take? +</p> +</blockquote> + +<p>The BXA notification may be in either electronic or paper form; +however, the NSA notification must be in paper form.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Who can send in the notifications? For example, do they need to + be a US citizen? +</p> +</blockquote> + +<p>Any person may send in the notification; citizenship is not relevant.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Are there any other concerns we should be aware of? What steps + other than notification do we need to take? +</p> +</blockquote> + +<p>Other than notification, you might consider implementing a reverse IP +lookup that identifies the computer requesting the download, and that +blocks downloads of the cryptographic archive to countries embargoed by +the United States: Cuba, Iran, Iraq, Libya, North Korea, Syria, Sudan +and Taliban Occupied Afghanistan. In addition, you might consider +having a provision in your license agreement, or a separate screen prior +to download, that advises the person downloading the software as +follows:</p> + +<p>This software is subject to U.S. export controls applicable to open source +software that includes encryption. Debian has filed the notification with +the Bureau of Export Administration and the National Security Agency that +is required prior to export under the provisions of License Exception TSU +of the U.S. Export Administration Regulations. Consistent with the +requirements of License Exception TSU, you represent and warrant that you +are eligible to receive this software, that you are not located in a country +subject to embargo by the United States, and that you will not use the +software directly or indirectly in the design, development, stockpiling +or use of nuclear, chemical or biological weapons or missiles. Compiled +binary code that is given away free of charge may be re-exported under the +provisions of License Exception TSU. However, additional technical review +and other requirements may apply to commercial products incorporating this +code, prior to export from the United States. For additional information, +please refer to www.bxa.doc.gov.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Currently, users around the world can access and potentially + download software that is awaiting integration into our archive. + Likely, we would do any necessary notifications as software is + processed into the archive, so software in this state would be + awaiting notification. Would this be a problem? If so, would it + be acceptable to set up an alternate queue of cryptographic + software awaiting integration into the archive available only to + our developers? In order to process software into our distribution, + developers who are often outside the US need to examine the + software and make sure it meets certain guidelines. How should we + accomplish this access? Are there any other solutions to this + pre-notification area of the archive we should consider? + </p> + <p>One issue we often run into is software patents. Clearly the + integration of cryptography into software doesn't remove any of the + patent concerns we would normally have to think about. However, are + there any new issues we need to consider when patents interact with + cryptography export regulations? It seems that at least for exemption + TSU (section 740.13 of the EAR), patents do not influence whether the + source code is public. + +</p> +</blockquote> + +<p>It is important to differentiate between the archive that has been a +subject of notification, and new programs. You can update the archive +that has been a subject of notification without further notification, as +described above. Only new programs need to be subject of a separate +notification, prior to posting. If new programs must be reviewed by +developers prior to posting, and such software is not both publicly +available and already notified to the U.S. government, then I recommend +that you consider obtaining an export license authorizing this limited, +pre-notification review. You are correct that patents do not disqualify +software from eligibility for export under License Exception TSU.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Distribution, Mirroring and CDs</p> + + <p>Do our mirrors within the US need to notify the BXA if we add + cryptography to our archive? How often do they need to notify BXA? + We would like to avoid a situation where mirrors have to notify for + each new program Debian adds to the archive, even if our master + server must send in such notifications. We need to keep operations + simple for mirror operators. What, if anything, would mirrors + outside the US need to do?</p> + + <p>If we send an update to a mirror rather than waiting for it to + download software, do we need to take any special steps? What if we + send a mirror a request to download new/changed software? + +</p> +</blockquote> + +<p>Once the notification has been filed for the central server, no further +notification is required for mirror sites.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Which of the following vendors (if any) would be able to ship + unmodified Debian binaries (and source) with only notification? + Which would require review and approval? Could the review be + concurrent with shipment, or must approval predate shipment? +</p> + <p> + A) mail-order shipment of CD's for the cost of the media?<br /> + B) mail-order shipment of CD's for profit?<br /> + C) off-the-shelf sales of CD's for the cost of the media?<br /> + D) off-the-shelf sales of CD's for profit?<br /> + E) vendor providing CD's from A or C above, along with hardware. HW + sold at a profit, but with no preinstall?<br /> + F) E, but with software pre-installed?<br /> + G) any of the above, selling support for the software? + </p> + + <p>If it's easier, another way to look at this is: what conditions must + be met for the vendor to ship binaries under License Exception TSU, + and what expenses is the vendor allowed to recover costs and/or sell + at a profit?</p> +</blockquote> + +<p>Reasonable and customary fees for reproduction and distribution are +allowed, but not license fees or royalties. Support also is allowed, +subject to the above limitation.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + If the one-time review is required for unmodified binaries shipped + for-profit, can that approval be used by other vendors which are + shipping unmodified binaries? +</p> +</blockquote> + +<p>A one time review is for the product, and is vendor-independent.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + Would it be acceptable to set up an official mirror in a country + forbidden in EAR section 740.13(e)? +</p> +</blockquote> + +<p>You would have to apply for a license to set up an official mirror in an +embargoed country.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + If it is technically infeasible to block access from the T7 countries + to a web (or ftp, etc) server, does due diligence require extreme + measures? Does the defacto standard of (US) industry common-practice + meet due diligence? +</p> +</blockquote> + +<p>The de facto industry standard should suffice. I hope that the government +will recognize that any system devised by man can be defeated, with enough +effort.</p> + + +<blockquote class="question"> +<p> +<span>D:</span> + What steps should we take if we become aware of someone downloading + software into one of these countries from a mirror within the US? + What if we become aware of downloads into one of these countries + from a mirror outside the US? +</p> + <p>Some of our developers may live in or be citizens of the seven + countries forbidden for exemption TSU. Would it be a problem for + these developers to have access to cryptographic software on our + machines? Would we need to ask them not to download such software? + What steps should we take if we become aware of them downloading + cryptographic software?</p> +</blockquote> + +<p>Simply posting cryptographic software on a server that may be accessible +from an embargoed country does not constitute <q>knowledge</q> that the +software has been exported there. Therefore, criminal liability would +not apply to the act of posting. We recommend that you perform IP +checking and deny downloads to known embargoed countries. This due +diligence also would provide a defense to a claim of civil liability. +If you find out that your software has been downloaded to a prohibited +destination, then I recommend that you block future downloads to that +specific site unless and until you obtain a license from BXA.</p> + +<hr /> + +<p>Debian thanks the <a href="http://www.hp.com/">Hewlett-Packard</a> +<a href="http://www.hp.com/products1/linux/">Linux Systems Operation</a> +for their support in obtaining this legal opinion.</p> diff --git a/greek/legal/licenses/Makefile b/greek/legal/licenses/Makefile new file mode 100644 index 00000000000..c26323c0c92 --- /dev/null +++ b/greek/legal/licenses/Makefile @@ -0,0 +1 @@ +include $(subst webwml/greek,webwml/english,$(CURDIR))/Makefile diff --git a/greek/legal/licenses/gpl2.wml b/greek/legal/licenses/gpl2.wml new file mode 100644 index 00000000000..1f40c928950 --- /dev/null +++ b/greek/legal/licenses/gpl2.wml @@ -0,0 +1,482 @@ +#use wml::debian::template title="GNU GENERAL PUBLIC LICENSE" NOCOPYRIGHT="true" +#use wml::debian::translation-check translation="d109ac4197d816202547b41d15ccf7b9e9e35b8e" maintainer="galaxico" + +<p><strong> +Version 2, June 1991 +</strong></p> + +<pre> +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +</pre> + +<h3><a name="preamble"></a><a name="SEC2">Preamble</a></h3> + +<p> + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. +</p> + +<p> + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. +</p> + +<p> + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + +</p> + +<p> + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. +</p> + +<p> + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. +</p> + +<p> + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. +</p> + +<p> + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. +</p> + +<p> + The precise terms and conditions for copying, distribution and +modification follow. +</p> + + +<h3><a name="terms"></a><a name="SEC3">TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION</a></h3> + + +<a name="section0"></a><p> +<strong>0.</strong> + + This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". +</p> + +<p> +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. +</p> + +<a name="section1"></a><p> +<strong>1.</strong> + You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. +</p> + +<p> +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + +</p> + +<a name="section2"></a><p> +<strong>2.</strong> + You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: +</p> + +<dl> + <dt> </dt> + <dd> + <strong>a)</strong> + + You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + </dd> + <dt> </dt> + <dd> + <strong>b)</strong> + You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + </dd> + <dt> </dt> + <dd> + + <strong>c)</strong> + If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + </dd> +</dl> + +<p> +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. +</p> + +<p> +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. +</p> + +<p> + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. +</p> + +<a name="section3"></a><p> +<strong>3.</strong> + You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: +</p> + +<!-- we use this doubled UL to get the sub-sections indented, --> +<!-- while making the bullets as unobvious as possible. --> + +<dl> + <dt> </dt> + <dd> + + <strong>a)</strong> + Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + </dd> + <dt> </dt> + <dd> + <strong>b)</strong> + Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + </dd> + <dt> </dt> + + <dd> + <strong>c)</strong> + Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + </dd> +</dl> + +<p> +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. +</p> + +<p> +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. +</p> + +<a name="section4"></a><p> +<strong>4.</strong> + You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. +</p> + +<a name="section5"></a><p> +<strong>5.</strong> + You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. +</p> + +<a name="section6"></a><p> +<strong>6.</strong> + + Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. +</p> + +<a name="section7"></a><p> +<strong>7.</strong> + If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. +</p> + +<p> +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. +</p> + +<p> +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +</p> + +<p> +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. +</p> + +<a name="section8"></a><p> +<strong>8.</strong> + If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. +</p> + +<a name="section9"></a><p> +<strong>9.</strong> + The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +</p> + +<p> +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. +</p> + +<a name="section10"></a><p> +<strong>10.</strong> + If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. +</p> + +<a name="section11"></a><p><strong>NO WARRANTY</strong></p> + +<p> + +<strong>11.</strong> + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. +</p> + +<a name="section12"></a><p> +<strong>12.</strong> + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. +</p> + +<h3>END OF TERMS AND CONDITIONS</h3> + +<h3><a name="howto"></a><a name="SEC4">How to Apply These Terms to Your New Programs</a></h3> + +<p> + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. +</p> + +<p> + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. +</p> + +<pre> +<var>one line to give the program's name and an idea of what it does.</var> +Copyright (C) <var>yyyy</var> <var>name of author</var> + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +</pre> + +<p> +Also add information on how to contact you by electronic and paper mail. +</p> + +<p> +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: +</p> + +<pre> +Gnomovision version 69, Copyright (C) <var>year</var> <var>name of author</var> + +Gnomovision comes with ABSOLUTELY NO WARRANTY; for details +type `show w'. This is free software, and you are welcome +to redistribute it under certain conditions; type `show c' +for details. +</pre> + +<p> +The hypothetical commands <samp>`show w'</samp> and <samp>`show c'</samp> should show +the appropriate parts of the General Public License. Of course, the +commands you use may be called something other than <samp>`show w'</samp> and +<samp>`show c'</samp>; they could even be mouse-clicks or menu items--whatever +suits your program. +</p> + +<p> +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: +</p> + + +<pre> +Yoyodyne, Inc., hereby disclaims all copyright +interest in the program `Gnomovision' +(which makes passes at compilers) written +by James Hacker. + +<var>signature of Ty Coon</var>, 1 April 1989 +Ty Coon, President of Vice +</pre> diff --git a/greek/legal/licenses/index.wml b/greek/legal/licenses/index.wml new file mode 100644 index 00000000000..fb363f13e3c --- /dev/null +++ b/greek/legal/licenses/index.wml @@ -0,0 +1,132 @@ +#use wml::debian::template title="License information" GEN_TIME="yes" +#use wml::debian::translation-check translation="a2d057aa44562ddcc643379de20b7fc2c0c7f9e4" maintainer="galaxico" + +<p>This page presents the opinion of some debian-legal contributors on how +certain licenses follow the +<a href="$(HOME)/social_contract#guidelines">Debian Free Software +Guidelines</a> (DFSG). Most of these opinions were formed in +discussions on the <a href="https://lists.debian.org/debian-legal/">\ +debian-legal mailing list</a> in response to questions from +potential package maintainers or licensors. We welcome +enquiries from maintainers considering particular licenses, but +we encourage most maintainers to use one of the common licenses: +GPL, LGPL, modified BSD, or Artistic.</p> + +<p>Software packaged for Debian is normally classified into one of four +categories. There is free software (main), non-free software +(non-free), free software which depends on some non-free +software (contrib) and software which cannot be redistributed +(not included). +<a href="$(DOC)/debian-policy/ch-archive.html">Debian Policy section 2</a> +explains exactly how the DFSG +are applied to the archive. If in doubt, maintainers are +asked to email debian-legal about licenses, including the text +of any new license into the body of the email. +You may find it helpful to +<a href="https://lists.debian.org/search.html">search the list archives</a> +for the name of the license before emailing lists with questions +about it. If you still email questions, please link to some of +the previous relevant discussions.</p> + +<p>debian-legal is advisory. The actual decision-makers are the +ftpmasters and the package maintainers. However, if one cannot +convince most of the generally liberal debian-legal contributors, +it's probably not clear that the software follows the DFSG.</p> + +<p>Because the actual decision-makers are the +ftpmasters and the package maintainers, it is a very good idea +to check +<a href="https://ftp-master.debian.org/REJECT-FAQ.html">the ftpmasters REJECT FAQ</a> +and search site:packages.debian.org for any license that you doubt, +to look for other examples of its handling for debian. +(The search works because package copyright files are published on +packages.debian.org as plain text.)</p> + +<p>Other lists are maintained by the +<a href="https://www.gnu.org/licenses/license-list">Free Software +Foundation</a> (FSF) and the +<a href="https://opensource.org/licenses/">Open Source +Initiative</a> (OSI). Please note however, that +the Debian project decides on particular packages rather than +licenses in abstract, and the lists are general explanations. It +is possible to have a package containing software under a +"free" license with some other aspect that makes it non-free. +Sometimes, debian-legal comments on a license in abstract, not +applied to any particular software. While these discussion +can suggest possible problems, often no firm answers can be +reached until some specific software is examined.</p> + +<p>You may contact debian-legal if you have questions or comments +about these summaries.</p> + +<p>Licenses currently found in Debian main include:</p> + +<ul> +<li><a href="https://www.gnu.org/licenses/gpl.html">GNU General Public License</a> (common)</li> +<li><a href="https://www.gnu.org/licenses/lgpl.html">GNU Lesser General Public License</a> (common)</li> +<li>GNU Library General Public License (common)</li> +<li><a href="https://opensource.org/licenses/BSD-3-Clause">Modified BSD License</a> (common)</li> +<li><a href="http://www.perl.com/pub/a/language/misc/Artistic.html">Perl Artistic license</a> (common)</li> +<li><a href="http://www.apache.org/licenses/">Apache License</a></li> +<li><a href="http://www.jclark.com/xml/copying.txt">Expat/MIT-style licenses</a></li> +<li><a href="http://www.gzip.org/zlib/zlib_license.html">zlib-style licenses</a></li> +<li><a href="http://www.latex-project.org/lppl/">LaTeX Project Public License</a></li> +<li><a href="http://www.python.org/download/releases/2.5.2/license/">Python Software Foundation License</a></li> +<li><a href="http://www.ruby-lang.org/en/LICENSE.txt">Ruby's License</a></li> +<li><a href="http://www.php.net/license/">PHP License</a></li> +<li><a href="http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231">W3C Software Notice and License</a></li> +<li><a href="http://www.openssl.org/source/license.html">OpenSSL License</a></li> +<li><a href="https://opensource.org/licenses/Sleepycat">Sleepycat License</a></li> +<li><a href="http://www.cups.org/book/examples/LICENSE.txt">Common UNIX Printing System License Agreement</a></li> +<li>vhf Public License</li> +<li><a href="http://tunes.org/legalese/bugroff.html">"No problem Bugroff" license</a></li> +<li>Unmodified BSD License (also known as the +original or 4-clause BSD license. +It included an advertising requirement and is now deprecated even +by the BSD project.)</li> +<li>public domain (not a license, strictly speaking)</li> +<li><a href="http://www.openafs.org/frameset/dl/license10.html">IBM Public License Version 1.0</a></li> +</ul> + +<p>If you use one of these licenses, +please try to use the latest version and edit no more than necessary, +unless indicated otherwise. +Licenses marked (common) can be found in <tt>/usr/share/common-licenses</tt> +on a Debian system.</p> + +<p>Licenses currently found in the non-free archive section include:</p> + +<ul> +<li>NVIDIA Software License</li> +<li>SCILAB License</li> +<li>Limited Use Software License Agreement</li> +<li>Non-Commercial License</li> +<li>FastCGI / Open Market License</li> +<li>LaTeX2HTML License</li> +<li>Open Publication License</li> +<li>Free Document Dissemination License</li> +<li>AT&T Open Source License</li> +<li>Apple Public Source License</li> +<li>Aladdin Free Public License</li> +<li>Generic amiwm License (an XV-style license)</li> +<li>Digital License Agreement</li> +<li>Moria/Angband license</li> +<li>Unarj License</li> +<li>id Software License</li> +<li>qmail terms</li> +</ul> + +<p>Please do not upload software under these licenses to the +main archive.</p> + +<p>Additionally, some software is not distributable (for example, +has no license at all), even in non-free.</p> + + +<h2>Work in Progress</h2> + +<p>For help with interpreting the DFSG, you should check the +<a href="https://people.debian.org/~bap/dfsg-faq">DFSG FAQ</a> +that answers some common questions about the DFSG and how to analyse +software.</p> + diff --git a/greek/legal/licenses/mit.wml b/greek/legal/licenses/mit.wml new file mode 100644 index 00000000000..b631a9f15ae --- /dev/null +++ b/greek/legal/licenses/mit.wml @@ -0,0 +1,24 @@ +#use wml::debian::template title="MIT License (Expat)" NOCOPYRIGHT="true" +#use wml::debian::translation-check translation="5425c35dc1781f6f22e3c8d056fbde54079fca34" maintainer="galaxico" + +<p> +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: +</p> +<p> +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. +</p> +<p> +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +</p> diff --git a/greek/legal/notificationforarchive.wml b/greek/legal/notificationforarchive.wml new file mode 100644 index 00000000000..7cca3d3d682 --- /dev/null +++ b/greek/legal/notificationforarchive.wml @@ -0,0 +1,65 @@ +#use wml::debian::template title="Unrestricted Encryption Source Code Notification" BARETITLE=true +#use wml::debian::translation-check translation="8da95139c3595d47371ba8d288784086ae2ebacd" maintainer="galaxico" + +# Nota bene! This is basically draft text from the lawyers, and it must +# _not_ be modified for spelling errors and such. Formatting changes are +# fine (I think). -- Joy + +<table border=0 width="100%" summary="mail headers"> +<colgroup span="2"> +<col width="10%"> +<col> +<tr><td>To:</td> <td><email crypt@bxa.doc.gov></td></tr> +<tr><td>Subject:</td> <td>Initial one-time notification for Debian GNU/Linux</td></tr> +</table> + +<p class="right"> + Department of Commerce<br> + Bureau of Export Administration<br> + Office of Strategic Trade and Foreign Policy Controls<br> + 14th Street and Pennsylvania Ave., N.W.<br> + Room 2705<br> + Washington, DC 20230<br> +</p> + +<p><strong>Re: Unrestricted Encryption Source Code Notification +Commodity: Debian Source Code</strong></p> + +<p>Dear Sir/Madam,</p> + +<p> +Pursuant to paragraph (e)(1) of Part 740.13 of the U.S. Export +Administration Regulations ("EAR", 15 CFR Part 730 et seq.), we are +providing this written notification of the Internet location of the +unrestricted, publicly available Source Code of packages in the Debian +operating system. Debian is a free operating system developed by a group +of individuals, coordinated by the non-profit Software in the Public +Interest. This archive is updated from time to time, but its location +is constant. At present, the software listed in this notification does +not include cryptographic functionality, however we expect cryptographic +functionality to be added to much of it in future. Therefore this +notification serves as a one-time notification for subsequent updates +that may occur in the future to software covered by this notification. +Such updates may add or enhance cryptographic functionality of the +Debian operating system. Additional notifications will be submitted as +new components are added to the Debian operating system. The Internet +location for the Debian Source Code is: http://ftp.debian.org/debian/</p> + +<p>This site is mirrored to a number of other sites located both within +and outside the United States.</p> + +<p>Descriptions of the contents of the Debian archive are +<a href="https://ftp-master.debian.org/crypto-in-main/archive_contents.txt">attached</a>.</p> + +<p>Further information about the Debian project is available at +<a href="$(HOME)/">https://www.debian.org/</a></p> + +<p>If you have any questions, please contact Ben Collins, via email at +xxx@xxx, or telephone on (XXX) XXX-XXXX.</p> + +<pre><cite> + Sincerely, + Ben Collins (Project Leader) + and Anthony Towns (Release Manager) + for the Debian Project +</cite></pre> diff --git a/greek/legal/notificationfornewpackages.wml b/greek/legal/notificationfornewpackages.wml new file mode 100644 index 00000000000..5e289704e98 --- /dev/null +++ b/greek/legal/notificationfornewpackages.wml @@ -0,0 +1,66 @@ +#use wml::debian::template title="Unrestricted Encryption Source Code Notification" BARETITLE=true +#use wml::debian::translation-check translation="16f8863b5a80b644458dbf8f2ffc4ef0ef0644e8" maintainer="galaxico" + +# Nota bene! This is basically draft text from the lawyers, and it must +# _not_ be modified for spelling errors and such. Formatting changes are +# fine (I think). -- Joy + +<table border=0 width="100%" summary="mail headers"> +<colgroup span="2"> +<col width="10%"> +<col> +<tr><td>To:</td> <td><email crypt@bxa.doc.gov></td></tr> +<tr><td>Subject:</td> <td>Addition to <var>__DISTRO__</var> Source Code</td></tr> +</table> + +<p class="right"> + Department of Commerce<br> + Bureau of Export Administration<br> + Office of Strategic Trade and Foreign Policy Controls<br> + 14th Street and Pennsylvania Ave., N.W.<br> + Room 2705<br> + Washington, DC 20230<br> +</p> + +<p><strong>Re: Unrestricted Encryption Source Code Notification +Commodity: Addition to Debian Source Code</strong></p> + +<p>Dear Sir/Madam,</p> + +<p> +Pursuant to paragraph (e)(1) of Part 740.13 of the U.S. Export +Administration Regulations ("EAR", 15 CFR Part 730 et seq.), we are +providing this written notification of the Internet location of the +unrestricted, publicly available Source Code of a package being added +to the Debian Source Code. Debian Source Code is a free operating +system developed by a group of individuals, coordinated by the +non-profit Software in the Public Interest. This notification serves +as a notification of an addition of new software to the Debian +archive. Previous notifications have covered the archive as a whole +and other software added in the past. This archive is updated from +time to time, but its location is constant. Therefore this +notification serves as a one-time notification for subsequent updates +that may occur in the future to the software covered by this +notification. Such updates may add or enhance cryptographic +functionality of the Debian operating system. The Internet location +for the Debian Source Code is: http://ftp.debian.org/debian/</p> + +<p>This site is mirrored to a number of other sites located outside the +United States.</p> + +<p>The following software is being added to the Debian archive:</p> + +<pre> +---------------------------------------------------------------------- +<var>__BINARY_DESCRIPTIONS__</var> +---------------------------------------------------------------------- +</pre> + +<p>If you have any questions, please email me at xxx@xxx, +or call me on (XXX) XXX-XXXX.</p> + +<pre><cite> + Sincerely, + Ben Collins + Debian Developer +</cite></pre> diff --git a/greek/legal/patent.wml b/greek/legal/patent.wml new file mode 100644 index 00000000000..424dc148a02 --- /dev/null +++ b/greek/legal/patent.wml @@ -0,0 +1,83 @@ +#use wml::debian::template title="Debian Position on Software Patents" BARETITLE="true" +#use wml::debian::translation-check translation="088c528e5eb9d95504ef91aa449795178ac06be1" maintainer="galaxico" + +<pre><code>Version: 1.0 +Published: 19 February 2012 +</code></pre> + + +<h1>Introduction</h1> + +<p>This document describes Debian's position on patents. Debian recognizes the +threat that patents pose to Free Software, and continues to work with others in +the Free Software community on patent defense.</p> + +<p>The policy included below intends to provide clear and useful guidance for +community members confronted with patent issues, so that the Debian community +can coordinate its patent defense free from fear, uncertainty, and doubt.</p> + + +<h1>Policy Statement</h1> + +<ol> + +<li><p>Debian will not knowingly distribute software encumbered by patents; + Debian contributors should not package or distribute software they know to + infringe a patent.</p></li> + +<li><p>Debian will not accept a patent license that is inconsistent with + the <a href="$(HOME)/social_contract">Debian Social Contract</a> + or <a href="$(HOME)/social_contract#guidelines">Debian Free Software + Guidelines</a>.</p></li> + +<li><p>Unless communications related to patents are subject to attorney-client + privilege, community members may be forced to produce them in a lawsuit. + Also, patent concerns expressed publicly may turn out to be unfounded but + create a good deal of fear, uncertainty, and doubt in the meantime. + Therefore, please refrain from posting patent concerns publicly or + discussing patents outside of communication with legal counsel, where they + are subject to attorney-client privilege.</p></li> + +<li><p>Patent risks affect the entire community. If you are concerned about a + specific patent, please do not keep it to yourself — notify legal + counsel.</p></li> + +<li><p>All communication related to specific patent risk should be directed to + <a href="mailto:patents@debian.org">patents@debian.org</a>, which is + maintained under the rules of attorney-client privilege. The risk will be + evaluated and any necessary response will be made directly to affected + parties.</p></li> + +</ol> + + +<h1>Contact Information</h1> + +<p>In case you want to contact us about specific patent risks in the Debian +archive, please mail <a href="mailto:patents@debian.org">patents@debian.org</a> +mentioning:</p> + +<ul> +<li>your name,</li> +<li>your role in Debian,</li> +<li>the name of the involved packages or projects,</li> +<li>the title, number, and jurisdiction of the involved patent(s),</li> +<li>a narrative of your concerns.</li> +</ul> + + +<h1>Further Information</h1> + +<p>For further information on patents and how they interact with community Free +Software distributions we recommend reading our +<a href="$(HOME)/reports/patent-faq">Community Distribution Patent Policy +FAQ</a>, a document meant to educate Free Software developers, and especially +distribution editors, about software patent risks.</p> + + +<hr /> + +<p>The Debian Project thanks +the <a href="http://www.softwarefreedom.org">Software Freedom Law Center</a> +(SFLC) for their legal advice on these matters.</p> + diff --git a/greek/legal/privacy.wml b/greek/legal/privacy.wml new file mode 100644 index 00000000000..0e77271213a --- /dev/null +++ b/greek/legal/privacy.wml @@ -0,0 +1,248 @@ +#use wml::debian::template title="Privacy Policy" NOCOMMENTS="yes" +#use wml::debian::translation-check translation="3c6ffb2bcd885b73ca6311b72caa3ab54fdaeea1" maintainer="galaxico" + +## Translators may want to add a note stating that the translation +## is only informative and has no legal value, and people +## should look at the original English for that. +## Some languages have already put such a note in the +## translations of /trademark and /license, for example. + +<p>The <a href="https://www.debian.org/">Debian Project</a> is a volunteer +association of individuals who have made common cause to create a free +operating system, referred to as Debian. </p> + +<p>There is no requirement for anyone who +wishes to use Debian to provide the project with any personal information; it +is freely downloadable without registration or other form of identification +from both official mirrors run by the project and numerous third parties.</p> + +<p>Various other aspects of interacting with the Debian Project will, however, +involve the collection of personal information. This is primarily in the form +of names and email addresses in emails received by the project; all Debian +mailing lists are publicly archived, as are all interactions with the bug +tracking system. This is in keeping with our <a +href="https://www.debian.org/social_contract">Social Contract</a>, in +particular our statement that we will give back to the free software community +(#2), and that we will not hide our problems (#3). We do not perform further +processing on any of the information we hold, but there are instances where it +is automatically shared with third parties (such as emails to lists, or +interactions with the bug tracking system).</p> + +<p>The list below categorises the various services run by the project, the +information used by those services and the reasons it is required.</p> + +<p>Please note that hosts and services under the <strong>debian.net</strong> +domain are not part of the official Debian project; +they are run by individuals who have an association with the project rather +than the project themselves. +Questions about exactly what data those services hold should be directed +at the service owners rather than the Debian Project itself.</p> + +<h2>Contributors (<a href="https://contributors.debian.org/">contributors.debian.org</a>)</h2> + +<p>The Debian Contributors site provides an aggregation of data about where +someone has contributed to the Debian Project, whether that's through filing a +bug report, making an upload to the archive, posting to a mailing list or +various other interactions with the Project. It receives its information from +the services in question (details about an identifier such as login name and +time of last contribution) and provides a single reference point to see where +the Project is storing information about an individual.</p> + +<h2>The Archive (<a href="https://ftp.debian.org/debian/">ftp.debian.org</a>)</h2> + +<p>The primary distribution method of Debian is via its public archive network. +The archive consists of all of the binary packages and their associated source +code, which will include personal information in the form of names and email +addresses stored as part of changelogs, copyright information, and general +documentation. The majority of this information is provided via the upstream +software authors distributed source code, with Debian adding additional +information to track authorship and copyright to ensure that licenses are being +correctly documented and the Debian Free Software Guidelines adhered to.</p> + +<h2>Bug Tracking System (<a href="https://bugs.debian.org/">bugs.debian.org</a>)</h2> + +<p>The bug tracking system is interacted with via email, and stores all emails +received in relation to a bug as part of that bug's history. In order that the +project can effectively deal with issues found in the distribution, and to +enable users to see details about those issues and whether a fix or workaround +is available, the entirety of the bug tracking system is openly accessible. +Therefore any information, including names and email addresses as part of email +headers, sent to the BTS will be archived and publicly available.</p> + +<h2>DebConf (<a href="https://www.debconf.org/">debconf.org</a>)</h2> + +<p>The DebConf registration structure stores the details of conference +attendees. These are required to determine eligibility to bursaries, association +to the project, and to contact attendees with appropriate details. They may +also be shared with suppliers to the conference, e.g. attendees staying in the +conference provided accommodation will have their name and attendance date +shared with the accommodation provider.</p> + +<h2>Developers LDAP (<a href="https://db.debian.org">db.debian.org</a>)</h2> + +<p>Project contributors (developers and others with guest accounts) who +have account access to machines within the Debian infrastructure have +their details stored within the project's LDAP infrastructure. This +primarily stores name, username and authentication information. However +it also has the optional facility for contributors to provide additional +information such as gender, instant messaging (IRC/XMPP), country and +address or phone details, and a message if they are on vacation. +</p> + +<p> +Name, username and some of the voluntarily provided details +are freely available via the web interface or LDAP search. Additional +details are only shared with other individuals who have account access +to the Debian infrastructure and is intended to provide a centralised +location for project members to exchange such contact information. It is +not explicitly collected at any point and can always be removed by +logging into the db.debian.org web interface or sending signed email to +the email interface. See <a href="https://db.debian.org/">https://db.debian.org/</a> and +<a href="https://db.debian.org/doc-general.html">https://db.debian.org/doc-general.html</a> for more details. +</p> + +<h2>Gitlab (<a href="https://salsa.debian.org/">salsa.debian.org</a>)</h2> + +<p>salsa.debian.org provides an instance of the <a +href="https://about.gitlab.com/">GitLab</a> DevOps lifecycle management tool. +It is primarily used by the Project to allow Project contributors to host +software repositories using Git and encourage collaboration between +contributors. As a result it requires various pieces of personal information to +manage accounts. For Project members this is tied to the central Debian LDAP +system, but guests may also register for an account and will have to provide +name and email details in order to facilitate the setup and use of that +account.</p> + +<p>Due to the technical nature of git contributions to the git repositories +held on salsa will contain the name and email address recorded within those git +commits. The chained nature of the git system means that any modification to +these commit details once they are incorporated into the repository is +extremely disruptive and in some cases (such as when signed commits are in use) +impossible.</p> + +<h2>Gobby (<a href="https://gobby.debian.org/">gobby.debian.org</a>)</h2> + +<p>Gobby is a collaborative online text editor, which tracks contributions and +changes against connected users. No authentication is required to connect to +the system and users may choose any username they wish. However while no +attempt is made by the service to track who owns usernames it should be +understand that it may prove possible to map usernames back to individuals +based upon common use of that username or the content they post to a +collaborative document within the system.</p> + +<h2>Mailing Lists (<a href="https://lists.debian.org/">lists.debian.org</a>)</h2> + +<p>Mailing lists are the primary communication mechanism of the Debian Project. +Almost all of the mailing lists related to the project are open, and thus +available for anyone to read and/or post to. All lists are also archived; for +public lists this means in a web accessible manner. This fulfils the project +commitment to transparency, and aids with helping our users and developers +understand what is happening in the project, or understand the historical +reasons for certain aspects of the project. Due to the nature of email these +archives will therefore potentially hold personal information, such as names +and email addresses.</p> + +<h2>New Members site (<a href="https://nm.debian.org/">nm.debian.org</a>)</h2> + +<p>Contributors to the Debian Project who wish to formalise their involvement +may choose to apply to the New Members process. This allows them to gain the +ability to upload their own packages (via Debian Maintainership) or to become +full voting members of the Project with account rights (Debian Developers, in +uploading and non-uploading variants). As part of this process various personal +details are collected, starting with name, email address and +encryption/signature key details. Full Project applications also involve the +applicant engaging with an Application Manager who will undertake an email +conversation to ensure the New Member understands the principles behind Debian +and has the appropriate skills to interact with the Project infrastructure. +This email conversation is archived and available to the applicant and +Application Managers via the nm.debian.org interface. Additionally details of +outstanding applicants are publicly visible on the site, allowing anyone to see +the state of New Member processing within the Project to ensure an appropriate +level of transparency.</p> + +<h2>Popularity Contest (<a href="https://popcon.debian.org/">popcon.debian.org</a>)</h2> + +<p>"popcon" tracks which packages are installed on a Debian system, to enable +the gathering of statistics about which packages are widely used and which are +no longer in use. It uses the optional "popularity-contest" package to collect +this information, requiring explicit opt-in to do so. This provides useful +guidance about where to devote developer resources, for example when migrating +to newer library versions and having to spend effort on porting older +applications. Each popcon instance generates a random 128 bit unique ID which +is used to track submissions from the same host. No attempt is made to map this +to an individual about submissions are made via email or HTTP and it is thus +possible for personal information to leak in the form of the IP address used +for access or email headers. This information is only available to the Debian +System Administrators and popcon admins; all such meta-data is removed before +submissions are made accessible to the project as a whole. However users should +be aware that unique signatures of packages (such as locally created packages +or packages with very low install counts) may make machines deducible as +belonging to particular individuals.</p> + +<p>Raw submissions are stored for 24 hours, to allow replaying in the event of +issues with the processing mechanisms. Anonymized submissions are kept for at +most 20 days. Summary reports, which contain no personally identifiable +information, are kept indefinitely.</p> + +<h2>snapshot (<a href="http://snapshot.debian.org/">snapshot.debian.org</a>)</h2> + +<p>The snapshot archive provides a historical view of the Debian archive +(ftp.debian.org above), allowing access to old packages based on dates and +version numbers. It carries no additional information over the main archive +(and can thus contain personal information in the form of names + email address +within changelogs, copyright statements and other documentation), but can +contain packages that are no longer part of shipping Debian releases. This +provides a useful resource to developers and users when tracking down +regressions in software packages, or providing a specific environment to run a +particular application.</p> + +<h2>Votes (<a href="https://vote.debian.org/">vote.debian.org</a>)</h2> + +<p>The vote tracking system (devotee) tracks the status of ongoing General +Resolutions and the results of previous votes. In the majority of cases this +means that once the voting period is over details of who voted (usernames + +name mapping) and how they voted becomes publicly visible. Only Project +members are valid voters for the purposes of devotee, and only valid votes are +tracked by the system.</p> + +<h2>Wiki (<a href="https://wiki.debian.org/">wiki.debian.org</a>)</h2> + +<p>The Debian Wiki provides a support and documentation resource for the +Project which is editable by everyone. As part of that contributions are +tracked over time and associated with user accounts on the wiki; each +modification to a page is tracked to allow for errant edits to be reverted and +updated information to be easily examined. This tracking provides details of +the user responsible for the change, which can be used to prevent abuse by +blocking abusive users or IP addresses from making edits. User accounts also +allow users to subscribe to pages to watch for changes, or see details of +changes throughout the entire wiki since they last checked. In general user +accounts are named after the name of the user, but no validation is performed +of the account names and a user may choose any free account name. An email +address is required for the purposes of providing a mechanism for account +password reset, and notifying the user of any changes on pages they are +subscribed to.</p> + +<h2>Echelon</h2> + +<p>Echelon is a system used by the Project to track member activity; in +particular it watches the mailing list and archive infrastructures, looking for +posts and uploads to record that a Debian member is active. Only the most +recent activity is stored, in the member's LDAP record. It is thus limited to +only tracking details of individuals who have accounts within the Debian +infrastructure. This information is used when determining if a project member +is inactive or missing and thus that there might be an operational requirement +to lock their account or otherwise reduce their access permissions to ensure +Debian systems are kept secure.</p> + +<h2>Service related logging</h2> + +<p>In addition to the explicitly listed services above the Debian +infrastructure logs details about system accesses for the purposes of ensuring +service availability and reliability, and to enable debugging and diagnosis of +issues when they arise. This logging includes details of mails sent/received +through Debian infrastructure, web page access requests sent to Debian +infrastructure, and login information for Debian systems (such as SSH logins to +project machines). None of this information is used for any purposes other than +operational requirements and it is only stored for 15 days in the case of web +server logs, 10 days in the case of mail log and 4 weeks in the case of +authentication/ssh logs.</p> |