Conversation

Notices

1. Pseudo-Riemann (pseudoriemann@pl.dira.cc)'s status on Saturday, 17-Dec-2022 05:59:14 JST Pseudo-Riemann
   According to the Rust Book, on crates.io: "Be careful, because a publish is permanent. The version can never be overwritten, and the code cannot be deleted."
   
   How is this compatible with copyright? Or the GDPR? I get what they're going for, but it seems like a big ask to waive the right to ever remove content you created from their website.
   • Adrian Cochrane (alcinnz@floss.social)'s status on Saturday, 17-Dec-2022 05:59:05 JST Adrian Cochrane

     in reply to

     @pseudoriemann On the otherhand, allowing for a projects' dependencies to be deleted can cause significant damage. Heard of leftpad.js?

     The other solution would be to (automatically) vendor dependencies into the projects depending on them, but that could require a significant rearchitecting...

   • Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 17-Dec-2022 07:22:38 JST Wolf480pl

     in reply to

     • Adrian Cochrane

     @pseudoriemann @alcinnz
     to be clear, I'd expect that whoever tried it would be in equal and opposite trouble, but...

   • Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 17-Dec-2022 07:22:39 JST Wolf480pl

     in reply to

     • Adrian Cochrane

     @pseudoriemann @alcinnz

     > people not reading / understanding the ToS

     or people maliciously disobeying the ToS while uploading data they have no right to upload

     or people abusing their repo to host illegal content

     or people abusing their repo as a free CDN for commercial purposes

     I wonder if anyone tried that yet...

   • Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 17-Dec-2022 07:22:40 JST Wolf480pl

     in reply to

     • Adrian Cochrane

     @pseudoriemann @alcinnz

     As for GDPR... maybe they have in ToS sth like "you shall not upload any personal data", but then again, what do they do if someone does it anyway?

   • Pseudo-Riemann (pseudoriemann@pl.dira.cc)'s status on Saturday, 17-Dec-2022 07:22:40 JST Pseudo-Riemann

     in reply to

     • Adrian Cochrane
     • Wolf480pl
     @wolf480pl @alcinnz Yeah such a clause might cover them somewhat. I'd feel uncomfortable handing over such a permanent right, but then again I'm not really in the business of writing open source software.
     
     And yeah people not reading / understanding the ToS could get them into legal trouble. They say "if you release a secret, tough luck" but I bet they can find it in their hearts to do a deletion when someone uploads a Star Wars movie.
   • Wolf480pl (wolf480pl@mstdn.io)'s status on Saturday, 17-Dec-2022 07:22:41 JST Wolf480pl

     in reply to

     • Adrian Cochrane

     @pseudoriemann @alcinnz
     if the ToS contains something like

     "by uploading you give us non-exclusive non-revocable copyright license to redistribute those files for the purpose of hosting a package repository, and promise under penalty or sth that you have the necessary rights to grant such license"

     then they should be in the clear wrt. copyright I think...

     Well until someone uploads something without having such license.

     IANAL tho

   • Pseudo-Riemann (pseudoriemann@pl.dira.cc)'s status on Saturday, 17-Dec-2022 07:22:42 JST Pseudo-Riemann

     in reply to

     • Adrian Cochrane
     @alcinnz I understand that. But I just don't see how it's legal. Afaik you aren't forced to pick a free software license for your crate. How do the operators of crates.io justify not respecting the wishes of the owner of the intellectual property they are hosting?
     Ok maybe checking the "I read the terms of service" box on upload does give them the legal right to share the content forever. (I know nothing about IP laws)
   • Adrian Cochrane (alcinnz@floss.social)'s status on Saturday, 17-Dec-2022 07:23:13 JST Adrian Cochrane

     in reply to

     • Wolf480pl

     @wolf480pl @pseudoriemann There'd always be the possibility to the webmaster to cover exceptional cases...