On Mon, 30 May 2022 15:05:46 -0400 Konstantin Ryabitsev <konstantin@linuxfoundation.org> wrote:
Mirrors are simply acting as a service provider and therefore they don't have the same risks as infringing parties. Services like Cloudflare or AWS S3 aren't responsible for the content they are serving, and the mirrors are pretty much offering the exact same service. The only responsibility we have is to respond to DMCA or GDPR requests.
That is a really good point, I hadn't thought of that! A service provider can hardly be held accountable for the content that traverses its systems, at least when they are a 'mere conduit'. However, if a mirror operator makes the decision to leave out the source packages from the content that they serve (thereby acting as a moderator), wouldn't that make them liable for that very same content? In other words, if you leave out the sources, can't you be held accountable for leaving out the sources? I'm curious, did you ever get a DMCA or GDPR request for something that happened on your mirror, and have you ever taken something down because of it?