Bonum Certa Men Certa

Shaya Potter & Debian WaReZ expulsion

posted by Roy Schestowitz on Mar 15, 2024,
updated Mar 15, 2024

Shaya Potter

Reprinted with permission from Daniel Pocock.

In recent years, Debian leaders have abused their positions to leak rumors and gossip about some developers while hiding far more serious scandals.

One of those is the shadow expulsion of Shaya Potter (blog, CV) in 1998.

Potter was a child prodigy who began a US Navy internship when he was fifteen or sixteen. At the same time, Novare, Inc was hosting some Debian infrastructure on their company servers.

Potter claims his software was being deployed to the USS Theodore Roosevelt (Secure Tactical Access Terminal) while at the same time, Debian records show that he was stashing WaReZ on master.debian.org, a server operated by Novare.

The case of a navy intern committing piracy is interesting for a wide range of reasons that have a lot more to do with Debian than the navy.

Potter began co-authoring Debian as a minor. It appears that he was 19 when he was caught with WaReZ but it is not clear what age he was when he actually downloaded these illegal copies of software. The age of majority varies between different countries and different states of the US. Therefore, there was some confusion about whether it should be handled as a juvenile offence. I recently wrote about the concerns with FSFE encouraging minors to do unpaid work on open source projects.

Earlier this year I wrote about the fact that only 86 of the original Debian co-authors agreed to form an association with a constitution. If we look at the names of the people who consented to form an association, Shaya Potter is not in the list. If Potter did not consent to the constitution then he wasn't a member at all. Morever, the association only came into existence at the end of the vote in December 1998. Potter was supposedly expelled in November 1998, one month before the vote. Therefore, as the organization didn't really exist yet and as he hadn't consented to be a member, we can't really say he was expelled at all.

Nonetheless, it looks like his position with the US Navy also ended the year after the Debian drama. Barely five years later, Potter went on to win the LISA'05 award for the best student paper.

The great irony in this case is that people were angry with Potter for violating copyright law. Yet this was the first time the developers forcefully removed the name of a Debian co-author from the software. Therefore, by removing his name and failing to give him equal credit as a joint author of the Debian software, they were violating his copyright interests. They set a precedent for violating the copyright interests of other authors, for example, the violent suppression of Ted Walther in DebConf6.

To put this in perspective, consider the case of Rolf Harris, convicted of harassment and abuse in the UK. His copyright interests from a long career in show business still continued to receive royalties even during his time in prison. If a sex offender can continue receiving royalties while in prison, why can't all Debian Developers continue receiving recognition even after minor disputes within the project?

At the time, developers expressed some concern that the scandal would be leaked and gain significant publicity due to the connection with the US Navy.

It is interesting to see how this scandal regarding a minor and the US military was covered up while gossip about other developers, like the assault on Ted Walther was deliberately leaked. The accusations against Potter were far more serious than the gossip about Walther.

In 2018, Debian leader Chris Lamb started making attacks on the privacy of volunteers and our families.

Despite supposedly being "expelled" from an organization that didn't exist, Potter has continued maintaining the hebcal package, the Perpetual Jewish Calendar, for more than twenty years. Potter moved to Israel in August 2019, four months after the decision to send DebConf20 to Haifa, Israel. It looks like the expulsion was in some ways a charade so that Debian can pretend they take a hard line on piracy while in reality, there were no consequences for Potter's career. He walked straight out of the US Navy and into IBM TJ Watson research laboratory.

Please see the next blog post for details about how Potter made these bad choices under the burden of 14,000 messages from debian-private.

One of Potter's earlier emails to the debian-private gossip network

Subject: Re: Debian release strategy (Was: Re: XFree86 3.2 is out, should we , , delay the release , of Debian 1.2)
Date: Fri, 1 Nov 1996 14:17:42 -0500 (EST)
From: Shaya Potter <spotter@itd.nrl.navy.mil>
To: Klee Dienes <klee@sedona.com>
CC: Bruce Perens <Bruce@pixar.com>, debian-private@lists.debian.org

On 1 Nov 1996, Klee Dienes wrote:
> > > I think the key is getting LIBC 6 and the new X available _early_ in > > the time frame. > > I've got a preliminary packaging of glibc-1.96 ready (as part of the > testing/development of the POSIX/FIPS-152 conformance testing > package). I've been holding off on uploading it until after rex was > frozen to avoid adding too much confusion to the pot, as well as to > see what comes of our new-found relationship with Lasermoon. I'll > upload a copy on Monday after the code freeze takes place.
Oh, about the posix testing, if you need help I am still here.
Thanks,
Shaya -- Shaya Potter spotter@itd.nrl.navy.mil
-- Please respect the confidentiality of material on the debian-private list. TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Potter asked the Debian leader to hand over copies of debian-private discussion about underage developers.

Subject: Re: why I want the archives on me (was Re: spotter@debian.org)
Date: Tue, 17 Nov 1998 12:56:41 -0500
From: Shaya Potter <spotter@ymail.yu.edu>
To: joost@pc47.mpn.cp.philips.com
CC: debian-private@lists.debian.org

----- Original Message ----- From: <joost@pc47.mpn.cp.philips.com>
> >On Tue, 17 Nov 1998, Shaya Potter wrote: > >> Now that this is out of the way, I'd like to publicly ask if I can have an >> archive of all the communication that went on in regard to me. > >Strictly speaking I tend to disagree that you or anybody has an a-priori >right to know what is being said and told on debian-private. It is simply >a private list. Things would be different if you were mentioned in a >public list without being able to respond. But that is in all aspects >clearly not the current situation.
First, I never said I have a right. In many ways I think i don't have a right, or even if I did, I don't deserve it. I don't think my statements have implied that I believe I have a right to demand that it be given to me.
I do have a right to ask that it be done. Debian has a right to say yes or no.
> >(Nevertheless, I think that it would be considerate to cc: you in >any discussion that involves you in a very personal manner - this has >IMHO until now hardly been the case though.)
It hasn't? Than how did the decision to expell me come about? Who told people who made the decision what happened? Was this all done in private mail?
> >If a non-subscriber of debian-private must share in the conversation on >debian-private, then this should IMHO be done by adding that person to the >clearly visible cc: line of the header of any messages to be "published." >That way, it will be adequately clear that the correspondence leaves the >realm of debian-private and thus everybody can conclude that normal >confidentiality can not be expected. AFAIK respect for the confidential >nature of debian-private is a prerequisite for subscription to this list.
I would have respected the confidentiality, as I have made it known that I don't want this to spread, as I am embarrased by my actions.
> >Practically speaking, I disagree that the underlying case generally >concerns you. What matters here is not who Shaya Potter personally is or >what particularly Shaya Potter did. The discussion is about how issues >like the one involving you relate to Debian. This discussion does not >involve you personally.
I don't want the entire discussion, I just want to see the parts that touch on me personally. I don't care for the rest, of what about underage developers and the like....
> >> I was told that it would not be a star chamber, and that I'd be cc'd in >> on all the corrospondace. That didn't occur. > >There was no "star chamber." You have already been generously cc:'-ed.
I was? The only cc:'s I ever got were in response to me starting a thread. That implies to me, that acc. to what you were saying, that no discussion on -private occured that I didn't start. However, I know this not to be the case, as before I was unsubscribed from -private, I saw a thread or 2 started that dealt with me.
> >IMHO you do not have a right to be cc:-'ed on the _general_ discussion >which does not particularly (personally) involve you.
never said I did.
> >> Also, I really have no idea of what discussion went on, if mistruthes >> were spread about the incident (as in reality, I'm the only one that >> knows completely what happened, and no one really ever asked me for the >> full story). > >If this worries you so much, then I seriously wonder why you did not >immediately relate it to debian-private when the issue arose in the first >place?
I did apologize on -private right away, however, I didn't want to spread what I did. I specifically told people that I would rather this not be discussed on -private and have me showed the door quietly, and told never to come back. That didn't happen, it was discussed on -private. I don't know what was discussed in relation to me, so I want to be informed.
> >Again, the discussion is not yours. Again, you are not personally >involved. Your only "role" in the discussion is that you have created a >precedent. I thinks we can all agree that we would rather have had you >not be a precedent case, but it happened. I'm very sorry, but you'll >have to blame yourself for that.
Trust me, I've blamed myself a lot for this. If you seen any of my corrospondance you would know this. I don't blame anyone for my predicament, but myself.
>Discussion on debian-private does not count as a statement from Debian. >So there simply were no statements. I'm not really in favor of making any >strong or overly verbose statements either. If there ever is to be a >statement from Debian about an issue such as the current one involving >Shaya, I think that person should be briefed thoroghly beforehand.
I'm not talking about a debian statement. I don't want a public statement, and I know a lot of people from debian don't want one either (though some might). What I meant by statements, was statements that individuals made, that might be incorrect, or inacurate.
>Shaya, can you please just put this to a rest? IMHO it is not very >productive for anybody. And please take it from me that you have no >reason to be concerned that you have been in a "star chamber."
I am not worried about a star chamber, I would have prefered it in many ways. However, at least with a star chamber you usually get to see the case presented against you, even though you don't have the ability to defend yourself. As I said many times, my case is indefensable, so that wouldn't bother me.
Shaya

Potter actually resigned on 2 November 1998 but they still spent two weeks deciding to expel him

He was not a member anyway as the organization didn't exist yet. He resigned. Therefore, how obscene it is to retrospectively have an expulsion.

This practice of expelling a non-member, which is obviously unethical and impossible, laid the foundation for many future problems in Debian. For example, Frans Pop had tried to resign before committing suicide but people pulled him back in.

Subject: Re: Novare and master
Date: Mon, 2 Nov 1998 15:56:06 -0600
From: Ean R . Schuessler <ean@novare.net>
To: Shaya Potter <spotter@yucs.org>
CC: debian-private@lists.debian.org

On Mon, Nov 02, 1998 at 12:59:22AM -0500, Shaya Potter wrote: > I have heard through the grapevine that you are considering pulling > novare's support of debian b/c of my actions. is this true? if it is, I > would hope that you reconsider and view me as an aberation. My behavior > was wrong, stupid, illegal, puts novare and debian in a sticky situation > and above all that, broke a trust that was given to me. I would like to > apologize for these things, but in my mind an apology doesn't fix the > past, it can only set the foundation for the future. If in your mind, you > would be more open to allowing debian to continue on as is, if I am gone, > let this be my letter of resignation. If other debian developers think I > should be gone,let it too be a letter of resignation. I don't want this > to turn into a public argument and the more it's argued even in private, > the more public it can become. I can't take the embarasment and rather be > kicked out and punished swiftly than have the chance of staying.
Say what? You're on smack. Kick your bootie for being a naughty little man, yes. Stop supporting Debian because you wanted some 3l1t3 w4r3$, not friggin' likely.
I think that you should take on 10 new packages and maintain them in an exemplary manner, you should also break some raw eggs on your face, take a picture and we'll post it on devel. I might even send my girlfriend to infiltrate your Navy base and spank you bloody. What you should stop doing, however, is whining and pirating software.
Ahimsa. E
-- _______________________________________________________________________ Ean Schuessler Director of New Products and Technologies Novare International Inc. The Unstoppable Fist of Digital Action *** WARNING: This signature may contain jokes.

Please see the next blog post for details about how Potter made these bad choices under the burden of 14,000 messages from debian-private.

Other Recent Techrights' Posts

European Patent Office (EPO) Series: Czech Mate: EPO Kingmaker or Merely a Pawn in the Game?
recent "missions" of the EPO President
SLAPP Censorship - Part 131 Out of 200: A Big Win for the Media in the United Kingdom (UK) Today
In a democratic society the Right to Know, which is closely connected to freedom of the press (or what one might label "blogging" or "blag"), comes above all else, except where there are lives being put at risk
IBM's Fedora Plans to Integrate Slop Into "Fedora Workstation as a Default Feature."
IBM does not care whether the community wants this or not
The Media Talks a Lot About XBox Layoffs, a Closer Look at the Data Shows Microsoft 'Bloodbath'
'Bloodbath' is the term insiders use
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 07, 2026
IRC logs for Tuesday, July 07, 2026
Links 07/07/2026: Microsoft Cuts Doom "id Software" and Turkey Detains Journalists
Links for the day
Gemini Links 07/07/2026: Old Computer Challenge (OCC) and Hardware Tests
Links for the day
A Break From the Routine
What matters is what whistleblowers keep feeding information to us
SLAPP Censorship - Part 132 Out of 200: When You Cannot Pay a Million Pounds (1,335,520.00 United States Dollar) to Lawyers But Have a Strong Community
Techrights compensates for its fiscal poverty with a wealth of community spirit
Fame is Not the Goal
"Fame" kills
Mental Health in Free Software Communities
clearly there is a subject that merits debate and it ought not be a taboo anymore
The Era of Sponsored Spam
There is no "era of AI", there is era of BRIBES to PRETEND there is an "era of AI"
Gemini Links 07/07/2026: Cleaning, Old Computer, and More
Links for the day
Links 07/07/2026: Le Monde Combats LLM Slop Plagiarism, "ACLU Launches Largest Ever Midterm Electoral Program"
Links for the day
Extremism in the Free Software World is Mostly a Myth
Only the firm belief that justice applies to all will produce a just society
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 06, 2026
IRC logs for Monday, July 06, 2026
Links 07/07/2026: Kernelized Secure Operating System (KSOS) and "Exploiting Thoughtcrime in LLMs"
Links for the day
SLAPP Censorship - Part 130 Out of 200: Jealousy, Envy, Hubris
This site is primarily about Free software
Gemini Links 06/07/2026: Still Mostly Dry, GoToSocial, and More
Links for the day
European Patent Office (EPO) Series: Effective Dispute Resolution… But Not For EPO Staff
Slovenia fielded one of the few Administrative Council delegations which managed to maintain its own independent line against the tyrannical EPOnian "Sun King"
Community Sites Need Genuine Collaboration and True Autonomy
People who want to communicate, federate and organise for effective change need to evolve
Free Software Foundation (FSF) Covers Quibble, Free Software for Secure Communications, in the FSF Summer Bulletin
The Georgia Tech folks are bringing Free software education and contributions to one of the better known Computer Science hubs in the US
Microsoft Layoffs Include Windows, Bing, Slop (CoPilot etc.) and There Will More More Rounds (or Waves) to Come
"43% of Xbox laid off"
Obscene Contradiction in Microsoft's Layoffs Tally ("Official" Numbers Do Not Add Up)
Notice how they treat "LinkedIn" as separate
Preserving Comments About the Real IBM Before They Get Deleted
IBM in the 1980s is not what it is right now
Cybershow on "Escaping Prisons For Your Mind"
"THE CYBER SHOW: Stealing technofascism's boots, and stomping on its own face with them."
Links 06/07/2026: At Least 20% Staff Reduction in XBox (Microsoft), Taiwan Sees Uptick in Chinese Aggression/Provocation, Senator Rodante Marcoleta Arrested
Links for the day
Confirmed: Microsoft Layoffs Come in Two Waves, Just Like Last Summer
To us, what stands out is the admission from Microsoft that there are two (or more) waves
In Praise of the UK's Stance on Free Speech (but Some Reservations)
At the moment there is a healthy discussion going on with the objective of disrupting attacks on British press
Exposing Corruption at the European Patent Office (EPO), a Call for More Whistleblowers
We predict that, provided enough whistleblowers speak out, António "the unready" won't even finish his current term
Leaving Our Pets for Several Days
This week our pets will be worried that "mommy and daddy" are away
Dating Trees and Dating 'Apps'
several high-profile stories in the news about scandals in "dating apps"
DW Documentary About Julian Assange Turns 2
It was released just days after Assange had turned 53 and about two weeks after he had left the UK
Independent Media is the Only Form of Legitimate Media
Independent media is, indeed, what we need to demand more of
The Story of the European Patent Office (EPO) Wagging the Dog (EU)
The aim of the series is to properly inform the world - not just Europeans - how Europe's second-largest institution is run [...] How did a corporate hub of monopolies become so detached from the Rule of Law?
GNU/Linux Up to New High in Libya, Windows Down to All-Time Low
GNU/Linux touches 5% there, based on statCounter
Links 06/07/2026: Artists Reject Slop (or Even de Facto Bribes to Market/Endorse Slop)
Links for the day
SLAPP Censorship - Part 129 Out of 200: Iranian Tactics
Hunger for revenge compels people to do overzealous, irrational things
Quiet Week
Many in the US are still enjoying an extended weekend
The Media Needs to Speak of Slop as a Climate Issue Like It Did With Bitcoin
But the slop industry keeps paying the media to play along with the hype
IBM's Fall
IBM's fate is closely connected to that of the Free software movement because of the salaries
Social Dialogue at the European Patent Office (EPO) is Dead, the Strikes and Work Stoppage-Like Actions Carry on
What next for the EPO?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 05, 2026
IRC logs for Sunday, July 05, 2026
Links 05/07/2026: Shadows of the Upper Peninsula and 2026 Old Computer Challenge
Links for the day