Debian Project Leader Andreas Tille says Debian has made no decision on age verification compliance and is still awaiting legal analysis.

Debian Project Leader Andreas Tille has addressed the ongoing debate over age-verification laws and their potential impact on free software operating systems. Long story short: he clarified that Debian has not adopted a position and is awaiting legal analysis.

In his latest “Bits from the DPL” message, Tille stated that the main question is whether operating systems and package distribution mechanisms might be required to provide age-related information to applications.

He noted that Debian and other projects are discussing the issue, and that Software in the Public Interest, a non-profit corporation founded to act as a fiscal sponsor for organizations that develop open-source software and hardware, has begun seeking legal guidance.

  • Onno (VK6FLAB)@lemmy.radio
    29·
    3 days ago

    This is what the DPL actually wrote on the subject:

    Recent discussions have started around new age verification legislation that may affect free software operating systems. In particular, the California Digital Age Assurance Act (AB 1043), expected to take effect in 2027, raises questions about whether operating systems and package distribution mechanisms could be required to provide age-related information to applications. In parallel, a recently adopted law in Brazil appears to introduce similar requirements and is already in force, with initial interpretations suggesting it could apply to components such as package management tools. These developments are currently under discussion within Debian and other projects, and SPI has initiated efforts to obtain legal guidance. At this stage, the situation remains unclear, and further analysis is ongoing.

    From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way. It seems plausible that obligations, if any, may primarily affect redistributors or commercial entities building products on top of Debian. In such cases, Debian would as usual be open to contributions that help downstreams meet their requirements, while keeping such features optional and respecting the needs of users in other jurisdictions. However, this is an area where proper legal analysis is still required.

    Source: https://lists.debian.org/debian-devel-announce/2026/04/msg00001.html

    • tburkhol@lemmy.world
      27·
      3 days ago

      From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way. It seems plausible that obligations, if any, may primarily affect redistributors or commercial entities building products on top of Debian. In such cases, Debian would as usual be open to contributions that help downstreams meet their requirements, while keeping such features optional and respecting the needs of users in other jurisdictions. However, this is an area where proper legal analysis is still required.

      I found this part very reassuring. Being neither a lawyer nor having read any of the legislation (of which I am not a subject, anyway), the “it’s not our job” approach seems very reasonable. Facilitating downstream vendors who do want/have to comply seems like an exceptional effort to show good faith to local legal processes, while remaining, fundamentally, just people freely sharing knowledge.

      I hope their lawyers can make that work.

    • ThomasWilliams@lemmy.world
      1·
      2 days ago

      The legislation is clear and unambiguous : an operating system must provide an age verification which is able to accessible by third parties on the internet.

      From a non-lawyer perspective, it is not yet clear how such regulations apply to a non-commercial, volunteer-driven project like Debian, which does not sell software and provides it in a highly decentralized way

      There’s no mention of selling in the law.

      • Onno (VK6FLAB)@lemmy.radio
        3·
        2 days ago

        And how is an operating system defined in that law?

        Should this be handled at the BIOS level, the kernel level, the init level, the packaging level, the GUI level, the user login level, the user desktop level, or somewhere else entirely, like a derivative distribution with its own layers, some of which will be different from the base distro?

        I’m asking because each of those levels are pretty much handled by different groups of individuals, groups and organisations in different jurisdictions, cultures and countries.

        While we’re talking about options on where to put this “feature”, who is liable for it not being implemented?

        You might have an opinion on where it “should” be, but I can guarantee you that there are at least as many opinions on where it should be as people you ask.

        That’s why the Debian Project is doing what it is.

    • Skullgrid@lemmy.world
      61·
      3 days ago

      I wonder what the perspective is on Systemd, which debian uses, starting to implement this shit already, with the same bootlicker already ruining XDG