Shaya Potter & Debian WaReZ expulsion
Reprinted with permission from Daniel Pocock.
In recent years, Debian leaders have abused their positions to leak rumors and gossip about some developers while hiding far more serious scandals.
One of those is the shadow expulsion of Shaya Potter (blog, CV) in 1998.
Potter was a child prodigy who began a US Navy internship when he was fifteen or sixteen. At the same time, Novare, Inc was hosting some Debian infrastructure on their company servers.
Potter claims his software was being deployed to the USS Theodore Roosevelt (Secure Tactical Access Terminal) while at the same time, Debian records show that he was stashing WaReZ on master.debian.org, a server operated by Novare.
The case of a navy intern committing piracy is interesting for a wide range of reasons that have a lot more to do with Debian than the navy.
Potter began co-authoring Debian as a minor. It appears that he was 19 when he was caught with WaReZ but it is not clear what age he was when he actually downloaded these illegal copies of software. The age of majority varies between different countries and different states of the US. Therefore, there was some confusion about whether it should be handled as a juvenile offence. I recently wrote about the concerns with FSFE encouraging minors to do unpaid work on open source projects.
Earlier this year I wrote about the fact that only 86 of the original Debian co-authors agreed to form an association with a constitution. If we look at the names of the people who consented to form an association, Shaya Potter is not in the list. If Potter did not consent to the constitution then he wasn't a member at all. Morever, the association only came into existence at the end of the vote in December 1998. Potter was supposedly expelled in November 1998, one month before the vote. Therefore, as the organization didn't really exist yet and as he hadn't consented to be a member, we can't really say he was expelled at all.
Nonetheless, it looks like his position with the US Navy also ended the year after the Debian drama. Barely five years later, Potter went on to win the LISA'05 award for the best student paper.
The great irony in this case is that people were angry with Potter for violating copyright law. Yet this was the first time the developers forcefully removed the name of a Debian co-author from the software. Therefore, by removing his name and failing to give him equal credit as a joint author of the Debian software, they were violating his copyright interests. They set a precedent for violating the copyright interests of other authors, for example, the violent suppression of Ted Walther in DebConf6.
To put this in perspective, consider the case of Rolf Harris, convicted of harassment and abuse in the UK. His copyright interests from a long career in show business still continued to receive royalties even during his time in prison. If a sex offender can continue receiving royalties while in prison, why can't all Debian Developers continue receiving recognition even after minor disputes within the project?
At the time, developers expressed some concern that the scandal would be leaked and gain significant publicity due to the connection with the US Navy.
It is interesting to see how this scandal regarding a minor and the US military was covered up while gossip about other developers, like the assault on Ted Walther was deliberately leaked. The accusations against Potter were far more serious than the gossip about Walther.
In 2018, Debian leader Chris Lamb started making attacks on the privacy of volunteers and our families.
Despite supposedly being "expelled" from an organization that didn't exist, Potter has continued maintaining the hebcal package, the Perpetual Jewish Calendar, for more than twenty years. Potter moved to Israel in August 2019, four months after the decision to send DebConf20 to Haifa, Israel. It looks like the expulsion was in some ways a charade so that Debian can pretend they take a hard line on piracy while in reality, there were no consequences for Potter's career. He walked straight out of the US Navy and into IBM TJ Watson research laboratory.
One of Potter's earlier emails to the debian-private gossip network
Subject: Re: Debian release strategy (Was: Re: XFree86 3.2 is out, should we , , delay the release , of Debian 1.2) Date: Fri, 1 Nov 1996 14:17:42 -0500 (EST) From: Shaya Potter <spotter@itd.nrl.navy.mil> To: Klee Dienes <klee@sedona.com> CC: Bruce Perens <Bruce@pixar.com>, debian-private@lists.debian.org
On 1 Nov 1996, Klee Dienes wrote:
> > > I think the key is getting LIBC 6 and the new X available _early_ in > > the time frame. > > I've got a preliminary packaging of glibc-1.96 ready (as part of the > testing/development of the POSIX/FIPS-152 conformance testing > package). I've been holding off on uploading it until after rex was > frozen to avoid adding too much confusion to the pot, as well as to > see what comes of our new-found relationship with Lasermoon. I'll > upload a copy on Monday after the code freeze takes place.
Oh, about the posix testing, if you need help I am still here.
Thanks,
Shaya -- Shaya Potter spotter@itd.nrl.navy.mil
-- Please respect the confidentiality of material on the debian-private list. TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Potter asked the Debian leader to hand over copies of debian-private discussion about underage developers.
Subject: Re: why I want the archives on me (was Re: spotter@debian.org) Date: Tue, 17 Nov 1998 12:56:41 -0500 From: Shaya Potter <spotter@ymail.yu.edu> To: joost@pc47.mpn.cp.philips.com CC: debian-private@lists.debian.org
----- Original Message ----- From: <joost@pc47.mpn.cp.philips.com>
> >On Tue, 17 Nov 1998, Shaya Potter wrote: > >> Now that this is out of the way, I'd like to publicly ask if I can have an >> archive of all the communication that went on in regard to me. > >Strictly speaking I tend to disagree that you or anybody has an a-priori >right to know what is being said and told on debian-private. It is simply >a private list. Things would be different if you were mentioned in a >public list without being able to respond. But that is in all aspects >clearly not the current situation.
First, I never said I have a right. In many ways I think i don't have a right, or even if I did, I don't deserve it. I don't think my statements have implied that I believe I have a right to demand that it be given to me.
I do have a right to ask that it be done. Debian has a right to say yes or no.
> >(Nevertheless, I think that it would be considerate to cc: you in >any discussion that involves you in a very personal manner - this has >IMHO until now hardly been the case though.)
It hasn't? Than how did the decision to expell me come about? Who told people who made the decision what happened? Was this all done in private mail?
> >If a non-subscriber of debian-private must share in the conversation on >debian-private, then this should IMHO be done by adding that person to the >clearly visible cc: line of the header of any messages to be "published." >That way, it will be adequately clear that the correspondence leaves the >realm of debian-private and thus everybody can conclude that normal >confidentiality can not be expected. AFAIK respect for the confidential >nature of debian-private is a prerequisite for subscription to this list.
I would have respected the confidentiality, as I have made it known that I don't want this to spread, as I am embarrased by my actions.
> >Practically speaking, I disagree that the underlying case generally >concerns you. What matters here is not who Shaya Potter personally is or >what particularly Shaya Potter did. The discussion is about how issues >like the one involving you relate to Debian. This discussion does not >involve you personally.
I don't want the entire discussion, I just want to see the parts that touch on me personally. I don't care for the rest, of what about underage developers and the like....
> >> I was told that it would not be a star chamber, and that I'd be cc'd in >> on all the corrospondace. That didn't occur. > >There was no "star chamber." You have already been generously cc:'-ed.
I was? The only cc:'s I ever got were in response to me starting a thread. That implies to me, that acc. to what you were saying, that no discussion on -private occured that I didn't start. However, I know this not to be the case, as before I was unsubscribed from -private, I saw a thread or 2 started that dealt with me.
> >IMHO you do not have a right to be cc:-'ed on the _general_ discussion >which does not particularly (personally) involve you.
never said I did.
> >> Also, I really have no idea of what discussion went on, if mistruthes >> were spread about the incident (as in reality, I'm the only one that >> knows completely what happened, and no one really ever asked me for the >> full story). > >If this worries you so much, then I seriously wonder why you did not >immediately relate it to debian-private when the issue arose in the first >place?
I did apologize on -private right away, however, I didn't want to spread what I did. I specifically told people that I would rather this not be discussed on -private and have me showed the door quietly, and told never to come back. That didn't happen, it was discussed on -private. I don't know what was discussed in relation to me, so I want to be informed.
> >Again, the discussion is not yours. Again, you are not personally >involved. Your only "role" in the discussion is that you have created a >precedent. I thinks we can all agree that we would rather have had you >not be a precedent case, but it happened. I'm very sorry, but you'll >have to blame yourself for that.
Trust me, I've blamed myself a lot for this. If you seen any of my corrospondance you would know this. I don't blame anyone for my predicament, but myself.
>Discussion on debian-private does not count as a statement from Debian. >So there simply were no statements. I'm not really in favor of making any >strong or overly verbose statements either. If there ever is to be a >statement from Debian about an issue such as the current one involving >Shaya, I think that person should be briefed thoroghly beforehand.
I'm not talking about a debian statement. I don't want a public statement, and I know a lot of people from debian don't want one either (though some might). What I meant by statements, was statements that individuals made, that might be incorrect, or inacurate.
>Shaya, can you please just put this to a rest? IMHO it is not very >productive for anybody. And please take it from me that you have no >reason to be concerned that you have been in a "star chamber."
I am not worried about a star chamber, I would have prefered it in many ways. However, at least with a star chamber you usually get to see the case presented against you, even though you don't have the ability to defend yourself. As I said many times, my case is indefensable, so that wouldn't bother me.
Shaya
Potter actually resigned on 2 November 1998 but they still spent two weeks deciding to expel him
He was not a member anyway as the organization didn't exist yet. He resigned. Therefore, how obscene it is to retrospectively have an expulsion.
This practice of expelling a non-member, which is obviously unethical and impossible, laid the foundation for many future problems in Debian. For example, Frans Pop had tried to resign before committing suicide but people pulled him back in.
Subject: Re: Novare and master Date: Mon, 2 Nov 1998 15:56:06 -0600 From: Ean R . Schuessler <ean@novare.net> To: Shaya Potter <spotter@yucs.org> CC: debian-private@lists.debian.org█
On Mon, Nov 02, 1998 at 12:59:22AM -0500, Shaya Potter wrote: > I have heard through the grapevine that you are considering pulling > novare's support of debian b/c of my actions. is this true? if it is, I > would hope that you reconsider and view me as an aberation. My behavior > was wrong, stupid, illegal, puts novare and debian in a sticky situation > and above all that, broke a trust that was given to me. I would like to > apologize for these things, but in my mind an apology doesn't fix the > past, it can only set the foundation for the future. If in your mind, you > would be more open to allowing debian to continue on as is, if I am gone, > let this be my letter of resignation. If other debian developers think I > should be gone,let it too be a letter of resignation. I don't want this > to turn into a public argument and the more it's argued even in private, > the more public it can become. I can't take the embarasment and rather be > kicked out and punished swiftly than have the chance of staying.
Say what? You're on smack. Kick your bootie for being a naughty little man, yes. Stop supporting Debian because you wanted some 3l1t3 w4r3$, not friggin' likely.
I think that you should take on 10 new packages and maintain them in an exemplary manner, you should also break some raw eggs on your face, take a picture and we'll post it on devel. I might even send my girlfriend to infiltrate your Navy base and spank you bloody. What you should stop doing, however, is whining and pirating software.
Ahimsa. E
-- _______________________________________________________________________ Ean Schuessler Director of New Products and Technologies Novare International Inc. The Unstoppable Fist of Digital Action *** WARNING: This signature may contain jokes.