Bonum Certa Men Certa

Shaya Potter & Debian WaReZ expulsion

posted by Roy Schestowitz on Mar 15, 2024,
updated Mar 15, 2024

Shaya Potter

Reprinted with permission from Daniel Pocock.

In recent years, Debian leaders have abused their positions to leak rumors and gossip about some developers while hiding far more serious scandals.

One of those is the shadow expulsion of Shaya Potter (blog, CV) in 1998.

Potter was a child prodigy who began a US Navy internship when he was fifteen or sixteen. At the same time, Novare, Inc was hosting some Debian infrastructure on their company servers.

Potter claims his software was being deployed to the USS Theodore Roosevelt (Secure Tactical Access Terminal) while at the same time, Debian records show that he was stashing WaReZ on master.debian.org, a server operated by Novare.

The case of a navy intern committing piracy is interesting for a wide range of reasons that have a lot more to do with Debian than the navy.

Potter began co-authoring Debian as a minor. It appears that he was 19 when he was caught with WaReZ but it is not clear what age he was when he actually downloaded these illegal copies of software. The age of majority varies between different countries and different states of the US. Therefore, there was some confusion about whether it should be handled as a juvenile offence. I recently wrote about the concerns with FSFE encouraging minors to do unpaid work on open source projects.

Earlier this year I wrote about the fact that only 86 of the original Debian co-authors agreed to form an association with a constitution. If we look at the names of the people who consented to form an association, Shaya Potter is not in the list. If Potter did not consent to the constitution then he wasn't a member at all. Morever, the association only came into existence at the end of the vote in December 1998. Potter was supposedly expelled in November 1998, one month before the vote. Therefore, as the organization didn't really exist yet and as he hadn't consented to be a member, we can't really say he was expelled at all.

Nonetheless, it looks like his position with the US Navy also ended the year after the Debian drama. Barely five years later, Potter went on to win the LISA'05 award for the best student paper.

The great irony in this case is that people were angry with Potter for violating copyright law. Yet this was the first time the developers forcefully removed the name of a Debian co-author from the software. Therefore, by removing his name and failing to give him equal credit as a joint author of the Debian software, they were violating his copyright interests. They set a precedent for violating the copyright interests of other authors, for example, the violent suppression of Ted Walther in DebConf6.

To put this in perspective, consider the case of Rolf Harris, convicted of harassment and abuse in the UK. His copyright interests from a long career in show business still continued to receive royalties even during his time in prison. If a sex offender can continue receiving royalties while in prison, why can't all Debian Developers continue receiving recognition even after minor disputes within the project?

At the time, developers expressed some concern that the scandal would be leaked and gain significant publicity due to the connection with the US Navy.

It is interesting to see how this scandal regarding a minor and the US military was covered up while gossip about other developers, like the assault on Ted Walther was deliberately leaked. The accusations against Potter were far more serious than the gossip about Walther.

In 2018, Debian leader Chris Lamb started making attacks on the privacy of volunteers and our families.

Despite supposedly being "expelled" from an organization that didn't exist, Potter has continued maintaining the hebcal package, the Perpetual Jewish Calendar, for more than twenty years. Potter moved to Israel in August 2019, four months after the decision to send DebConf20 to Haifa, Israel. It looks like the expulsion was in some ways a charade so that Debian can pretend they take a hard line on piracy while in reality, there were no consequences for Potter's career. He walked straight out of the US Navy and into IBM TJ Watson research laboratory.

Please see the next blog post for details about how Potter made these bad choices under the burden of 14,000 messages from debian-private.

One of Potter's earlier emails to the debian-private gossip network

Subject: Re: Debian release strategy (Was: Re: XFree86 3.2 is out, should we , , delay the release , of Debian 1.2)
Date: Fri, 1 Nov 1996 14:17:42 -0500 (EST)
From: Shaya Potter <spotter@itd.nrl.navy.mil>
To: Klee Dienes <klee@sedona.com>
CC: Bruce Perens <Bruce@pixar.com>, debian-private@lists.debian.org

On 1 Nov 1996, Klee Dienes wrote:
> > > I think the key is getting LIBC 6 and the new X available _early_ in > > the time frame. > > I've got a preliminary packaging of glibc-1.96 ready (as part of the > testing/development of the POSIX/FIPS-152 conformance testing > package). I've been holding off on uploading it until after rex was > frozen to avoid adding too much confusion to the pot, as well as to > see what comes of our new-found relationship with Lasermoon. I'll > upload a copy on Monday after the code freeze takes place.
Oh, about the posix testing, if you need help I am still here.
Thanks,
Shaya -- Shaya Potter spotter@itd.nrl.navy.mil
-- Please respect the confidentiality of material on the debian-private list. TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Potter asked the Debian leader to hand over copies of debian-private discussion about underage developers.

Subject: Re: why I want the archives on me (was Re: spotter@debian.org)
Date: Tue, 17 Nov 1998 12:56:41 -0500
From: Shaya Potter <spotter@ymail.yu.edu>
To: joost@pc47.mpn.cp.philips.com
CC: debian-private@lists.debian.org

----- Original Message ----- From: <joost@pc47.mpn.cp.philips.com>
> >On Tue, 17 Nov 1998, Shaya Potter wrote: > >> Now that this is out of the way, I'd like to publicly ask if I can have an >> archive of all the communication that went on in regard to me. > >Strictly speaking I tend to disagree that you or anybody has an a-priori >right to know what is being said and told on debian-private. It is simply >a private list. Things would be different if you were mentioned in a >public list without being able to respond. But that is in all aspects >clearly not the current situation.
First, I never said I have a right. In many ways I think i don't have a right, or even if I did, I don't deserve it. I don't think my statements have implied that I believe I have a right to demand that it be given to me.
I do have a right to ask that it be done. Debian has a right to say yes or no.
> >(Nevertheless, I think that it would be considerate to cc: you in >any discussion that involves you in a very personal manner - this has >IMHO until now hardly been the case though.)
It hasn't? Than how did the decision to expell me come about? Who told people who made the decision what happened? Was this all done in private mail?
> >If a non-subscriber of debian-private must share in the conversation on >debian-private, then this should IMHO be done by adding that person to the >clearly visible cc: line of the header of any messages to be "published." >That way, it will be adequately clear that the correspondence leaves the >realm of debian-private and thus everybody can conclude that normal >confidentiality can not be expected. AFAIK respect for the confidential >nature of debian-private is a prerequisite for subscription to this list.
I would have respected the confidentiality, as I have made it known that I don't want this to spread, as I am embarrased by my actions.
> >Practically speaking, I disagree that the underlying case generally >concerns you. What matters here is not who Shaya Potter personally is or >what particularly Shaya Potter did. The discussion is about how issues >like the one involving you relate to Debian. This discussion does not >involve you personally.
I don't want the entire discussion, I just want to see the parts that touch on me personally. I don't care for the rest, of what about underage developers and the like....
> >> I was told that it would not be a star chamber, and that I'd be cc'd in >> on all the corrospondace. That didn't occur. > >There was no "star chamber." You have already been generously cc:'-ed.
I was? The only cc:'s I ever got were in response to me starting a thread. That implies to me, that acc. to what you were saying, that no discussion on -private occured that I didn't start. However, I know this not to be the case, as before I was unsubscribed from -private, I saw a thread or 2 started that dealt with me.
> >IMHO you do not have a right to be cc:-'ed on the _general_ discussion >which does not particularly (personally) involve you.
never said I did.
> >> Also, I really have no idea of what discussion went on, if mistruthes >> were spread about the incident (as in reality, I'm the only one that >> knows completely what happened, and no one really ever asked me for the >> full story). > >If this worries you so much, then I seriously wonder why you did not >immediately relate it to debian-private when the issue arose in the first >place?
I did apologize on -private right away, however, I didn't want to spread what I did. I specifically told people that I would rather this not be discussed on -private and have me showed the door quietly, and told never to come back. That didn't happen, it was discussed on -private. I don't know what was discussed in relation to me, so I want to be informed.
> >Again, the discussion is not yours. Again, you are not personally >involved. Your only "role" in the discussion is that you have created a >precedent. I thinks we can all agree that we would rather have had you >not be a precedent case, but it happened. I'm very sorry, but you'll >have to blame yourself for that.
Trust me, I've blamed myself a lot for this. If you seen any of my corrospondance you would know this. I don't blame anyone for my predicament, but myself.
>Discussion on debian-private does not count as a statement from Debian. >So there simply were no statements. I'm not really in favor of making any >strong or overly verbose statements either. If there ever is to be a >statement from Debian about an issue such as the current one involving >Shaya, I think that person should be briefed thoroghly beforehand.
I'm not talking about a debian statement. I don't want a public statement, and I know a lot of people from debian don't want one either (though some might). What I meant by statements, was statements that individuals made, that might be incorrect, or inacurate.
>Shaya, can you please just put this to a rest? IMHO it is not very >productive for anybody. And please take it from me that you have no >reason to be concerned that you have been in a "star chamber."
I am not worried about a star chamber, I would have prefered it in many ways. However, at least with a star chamber you usually get to see the case presented against you, even though you don't have the ability to defend yourself. As I said many times, my case is indefensable, so that wouldn't bother me.
Shaya

Potter actually resigned on 2 November 1998 but they still spent two weeks deciding to expel him

He was not a member anyway as the organization didn't exist yet. He resigned. Therefore, how obscene it is to retrospectively have an expulsion.

This practice of expelling a non-member, which is obviously unethical and impossible, laid the foundation for many future problems in Debian. For example, Frans Pop had tried to resign before committing suicide but people pulled him back in.

Subject: Re: Novare and master
Date: Mon, 2 Nov 1998 15:56:06 -0600
From: Ean R . Schuessler <ean@novare.net>
To: Shaya Potter <spotter@yucs.org>
CC: debian-private@lists.debian.org

On Mon, Nov 02, 1998 at 12:59:22AM -0500, Shaya Potter wrote: > I have heard through the grapevine that you are considering pulling > novare's support of debian b/c of my actions. is this true? if it is, I > would hope that you reconsider and view me as an aberation. My behavior > was wrong, stupid, illegal, puts novare and debian in a sticky situation > and above all that, broke a trust that was given to me. I would like to > apologize for these things, but in my mind an apology doesn't fix the > past, it can only set the foundation for the future. If in your mind, you > would be more open to allowing debian to continue on as is, if I am gone, > let this be my letter of resignation. If other debian developers think I > should be gone,let it too be a letter of resignation. I don't want this > to turn into a public argument and the more it's argued even in private, > the more public it can become. I can't take the embarasment and rather be > kicked out and punished swiftly than have the chance of staying.
Say what? You're on smack. Kick your bootie for being a naughty little man, yes. Stop supporting Debian because you wanted some 3l1t3 w4r3$, not friggin' likely.
I think that you should take on 10 new packages and maintain them in an exemplary manner, you should also break some raw eggs on your face, take a picture and we'll post it on devel. I might even send my girlfriend to infiltrate your Navy base and spank you bloody. What you should stop doing, however, is whining and pirating software.
Ahimsa. E
-- _______________________________________________________________________ Ean Schuessler Director of New Products and Technologies Novare International Inc. The Unstoppable Fist of Digital Action *** WARNING: This signature may contain jokes.

Please see the next blog post for details about how Potter made these bad choices under the burden of 14,000 messages from debian-private.

Other Recent Techrights' Posts

Extortion is a Crime, Even If You're Based in Another Continent and Work for Microsoft
reported to British authorities
 
Gemini Links 06/06/2025: "MBA Tear" and Slop ('AI') as Plagiarism
Links for the day
Links 06/06/2025: "Convicted Felon and MElon Trade Insults" and Europe Snubbed by US Again
Links for the day
Links 06/06/2025: Microsoft XBox Bracing For More Mass Layoffs, Climate Disaster, Fake 'Money' Tokens From US President
Links for the day
Gemini Links 06/06/2025: Vanishing Cultures and MElon Implosion
Links for the day
We're in 6/6 Now, Almost Halfway in 2025
2025 was probably the best year for us
South Americans Are Saying Goodbye to Microsoft
We're hardly even "Cherry-Picking" or conveniently singling out one South American nation
Abuse Inside the Polish Patent Office (UPRP) - Part III: Data Protection Failures, Just Like at the European Patent Office (EPO)
Just less than a decade ago we showed that the EPO had illegally shared staff data with third parties
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 05, 2025
IRC logs for Thursday, June 05, 2025
Pushing Microsoft's Proprietary Trash/Trap as "Open" and "Linux" (Windows is 'Linux' Now?)
Maybe it's time to just stop saying "FOSS". The people who use that term are promoting Microsoft.
Slopwatch: Comparing Linux to Vermin, Attacking BSD With LLM Slop, and Helping Microsoft Demonise Linux/OpenBSD/SSH Over Weak User Passwords
Microsoft must be laughing its arse off, seeing how a bunch of Serial Sloppers (no skills, no comprehension, no integrity, no creativity) and slopfarms use Microsoft LLM to flood the Web with anti-Linux FUD
Links 05/06/2025: US Poised for Another $2.4 Trillion to Debt, Cops Want GAFAM Kill Switches
Links for the day
Links 05/06/2025: First US Spacewalk 60 Years Ago, GNU Octave 10.2.0 is Out
Links for the day
Scandinavia Saying Goodbye to Microsoft
The Danes have had enough of Microsoft
GNU/Linux Measured at 6% in Bangladesh, According to statCounter
Windows isn't growing, it's going away
Nat Friedman Had Left Microsoft GitHub Exactly One Week Before Matthew Garrett Sent His First SLAPP (Which Was an Empty Threat, He Was Abusing the Legal System of Another Continent to Terrorise Critics Who Had Just Unearthed Major Microsoft Scandals)
And it was likely talked about by his lawyers around the exact same time Nat Friedman was packing up
Gemini Links 05/06/2025: Loop Earplugs Review and ANS Forth
Links for the day
Armenian Adoption of GNU/Linux
Russian influence in Armenian must be worrying to Microsoft
Abuse Inside the Polish Patent Office (UPRP) - Part II: Turning a Once-Respected Patent Office Into a Circus and Laughing Stock
It's not legal, but administrators who don't care about the law and don't fear the law would just go ahead and turn things to junk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 04, 2025
IRC logs for Wednesday, June 04, 2025
Slopwatch: Mindless Slop Pieces, Fake Images and Text, Linux FUD on the Cheap
spewed out by Microsoft-controlled LLMs
Links 04/06/2025: Workers' Strikes, Sudan Exodus
Links for the day
Links 04/06/2025: Linux Foundation PR Spam and Lee Jae-myung Wins Election
Links for the day
Gemini Links 04/06/2025: Future Leaders of the World and Platforming Jordan Peterson
Links for the day
Links 04/06/2025: WSL Backfiring on Microsoft and "Disney, Microsoft Announce Massive Layoffs"
Links for the day
Our Case is a Very Easy Win, the SLAPPs From Microsofters Were a Grave Error, and Censoring Information Won't Work (It'll Only Ever Backfire)
Censoring is what people do when they lose the argument
Say the Truth, the Rest Will Follow
There's no guarantee that writing the truth will result in an audience (or readership), but over time - in the long run - people generally gravitate towards what they know or feel to be crude truth, not just what's comforting (albeit false or self-deluding, usually groupthink dictated from above)
How to Expose High-Level Corruption Without Getting in (Too Much) Trouble
Democracy depends on free press and freedom of the press depends on being able to safely publish (and keep available) material that bad people don't want to be known to anybody
In-Depth EPO Coverage at Techrights Turns Eleven
11 years is a very long time
Windows Measured Below 10% in Afghanistan, GNU/Linux Gaining a Lot
about 80% are Android (Linux) users, compared to only about 10% for Windows
Poland's Political Predicament and Social Control Media
Democracy and fake "tech" don't mix well; the latter tends to interfere with the former and that's why we get more "Putins" out there
EPO: Taking Away From the Staff to Give More to the Rich
The Central Staff Committee (CSC) wrote to EPO staff earlier this week
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 03, 2025
IRC logs for Tuesday, June 03, 2025
Abuse Inside the Polish Patent Office (UPRP) - Part I: It's a Lot Like the EPO
we can commence a series soon
Gemini Links 04/06/2025: Inescapable Questions and Quitting All "Oligarch Tech"
Links for the day