On 3/25/06, Manoj Srivastava <[EMAIL PROTECTED]> wrote: > On 22 Mar 2006, Anthony Towns stated: > > On Mon, Mar 13, 2006 at 03:28:50PM -0500, Raul Miller wrote: > >> On 3/7/06, Ian Jackson <[EMAIL PROTECTED]> wrote: > >>> Why does contrib exist ? > >> [essay elided.] > > > > So is there an alternate proposal to > > > > http://lists.debian.org/debian-ctte/2006/03/msg00037.html > > > > so we can have a vote and make a decision? AFAICS we've discussed > > this pretty thoroughly. > > I am going to be out of town for the latter half of next week, > so if a vote comes up when I am gone, I support the resolution in > the mail: > http://lists.debian.org/debian-ctte/2006/03/msg00037.html > > I am not sure I see that it is at variance with published > policy, nor do I see why it makes contrib ambiguous, really.
The ambiguity is in the resolution's interpretation of the quoted policy: ... must not require a package outside of _main_ for compilation or execution ... Does no-operation or substandard operation satisfy requirements for execution? One argument in favor of the above resolution is that if no operation is documented as a part of the ABI, that is sufficient for these requirements. But this concept is not expressed in policy, and it's just as reasonable to require normal operation be possible to satisfy requirements for execution. Another argument put forward in favor of the above resolution is that if no software has been packaged, this policy is irrelevant as the requirements are for non-packaged software. But this argument seems more dubious than the "no operation is sufficient for the typical case" concept. The final, and perhaps most convincing argument in favor of ndiswrapper is that it allows the use of CIPE. But CIPE seems flawed, and oddly enough the most recent in-depth coverage of these issues seems old: http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010864.html The last release of cipe (1.6.0) was in 2004. The last debian update to the cipe package (1.5.4) was in 2004. There's not even an option to use anything better than a 32 bit checksum for integrity purposes (which is one of the more egregious security flaws in cipe). Poking around a bit more, it looks like people have mostly abandoned cipe for stuff like openvpn (which we also distribute). I see no evidence that anyone cares enough about the cipe package to justify it being in main. If CIPE is the reason we have ndiswrapper in main, I think we're doing our users a disfavor. I'm not aware of any other arguments in favor of that resolution which satisfy this policy. Is "we should be distributing CIPE in main" really the reason for keeping ndiswrapper in main? or is there some better argument? If there is such an argument, I'd like to understand it before I make a proposal based on the idea that there are no better arguments in favor of this resolution. -- Raul
