> From: Jason Gunthorpe [mailto:[EMAIL PROTECTED]
> > Why would they want to do this? I usually run a completely
> unstable system,
> > that is rather stable BTW, so don't understand why someone
> who runs a stable
> > system would want to "lie" about a package being stable
> when, in fact, it
* Rando Christensen <[EMAIL PROTECTED]> [001129 21:27]:
> What I would most like to see myself is adding a /etc/licensing/
> directory in which every license used on the system can esist, for
> example:
>
> /etc/licensing/
> \-- GPL
> \-- BSD
> \-- Other
$ cd /usr/share/co
Rando Christensen <[EMAIL PROTECTED]> writes:
> What does everyone think? Is this too farfetched of a plan, or is it a
> Good Idea?
It's not a horrid idea, but it doesn't solve the problem, which is
that the GPL requires that you give a copy of the GPL to anyone you
give the binary for a program
Anthony Towns writes:
> Is it also illegal to email a 20 line, GPLed, .c file to someone,
> without attaching the entire GPL?
Probably, but it's also harmless.
However, Debian is in a different position, and the problem is that
people can and do pull .debs off the Debian site and install them o
IMO, no matter WHAT way it's implememented, there is a strong issue
here, and it could be implemented WAY past the GPL, to other licenses as
well.
What I would most like to see myself is adding a /etc/licensing/
directory in which every license used on the system can esist, for
example:
/etc/lic
Okay.. Let's see if I'm following here and can therefore correctly
summerise:
We're required to ship a copy of the GPL with each complete work. We just
don't know for sure of the granularity of a "complete work" under the GPL.
So I maintain, from the point of view of an end-user of Debian, tha
On Thu, 30 Nov 2000, Anthony Towns wrote:
> On Wed, Nov 29, 2000 at 05:36:42PM -0800, Thomas Bushnell, BSG wrote:
> > So you're right that the rule is that the GPL must be shipped when you
> > ship the complete work, and that it's not quite sensible to mean with
> > every piece of the complete wor
On Wed, 29 Nov 2000, Reimer, Fred wrote:
> Why would they want to do this? I usually run a completely unstable system,
> that is rather stable BTW, so don't understand why someone who runs a stable
> system would want to "lie" about a package being stable when, in fact, it is
It isn't lieing, i
[Reimer, Fred - Wed, 29 Nov 2000 08:01:15 PM CST]
} > This is a common assumption and is wrong. The most popular
} > use of apt-get
} > source -b has been to make stable compiles of unstable
} > packages. Rather
} > than some source tweak.
}
} Why would they want to do this? I usually run a com
> -Original Message-
> From: Jason Gunthorpe [mailto:[EMAIL PROTECTED]
>
> > THEORETICALLY, if a user downloads the source and does a
> simple compile they
> > SHOULD get the same binaries produced as the developer did.
> This assumes
> > that they are using the standard compiler and li
On Wed, Nov 29, 2000 at 05:36:42PM -0800, Thomas Bushnell, BSG wrote:
> So you're right that the rule is that the GPL must be shipped when you
> ship the complete work, and that it's not quite sensible to mean with
> every piece of the complete work.
Note that we ship the base-files package marke
On Wed, Nov 29, 2000 at 06:36:12PM -0700, Jason Gunthorpe wrote:
>
> On Wed, 29 Nov 2000, Ben Collins wrote:
>
> > > Mmkay... 9 Gb mirror pulse... that will work. (not)
> >
> > That's a seperate issue that does not pertain to the UUID's. Let's discuss
> > this later.
>
> Er, so far the only
Brian Mays <[EMAIL PROTECTED]> writes:
> As it stands, the GPL does not define what comprises a work. It
> establishes no boundaries. Therefore, Debian can claim that the
> distribution (or at least the essential parts of it, without which the
> distribution will not work) *is* our work.
You
On Wed, 29 Nov 2000, Ben Collins wrote:
> > Mmkay... 9 Gb mirror pulse... that will work. (not)
>
> That's a seperate issue that does not pertain to the UUID's. Let's discuss
> this later.
Er, so far the only reason to have a UUID that has held up to scrutiny
revolves around whatever your si
Massimo Dal Zotto <[EMAIL PROTECTED]> writes:
> Why not simply include the GPL file in each package and replace it with an
> hard-link to the common copy in the package postinst?
> In this way we can make RMS happy and still have one real copy of the GPL.
I agree completely.
Anand Kumria <[EMAIL PROTECTED]> writes:
> I had a quick review of it and nothing stood out for me: 4 -> 12
> don't apply. 0 -> 2 don't apply.
Sections 1 and 2 DO apply; section 3 begins:
"You may copy and distribute the Program ... in object code or
executable form under the terms of Sections
On Wed, 29 Nov 2000, Reimer, Fred wrote:
> THEORETICALLY, if a user downloads the source and does a simple compile they
> SHOULD get the same binaries produced as the developer did. This assumes
> that they are using the standard compiler and libraries in the particular
This is a common assumpt
"Sean 'Shaleh' Perry" <[EMAIL PROTECTED]> writes:
> we do not remove the copyright. it is still in the source. I fail to see why
> having 300 copies of the same file is needed.
It's not; we don't have to install the file, merely ship it with the
.deb.
> -Original Message-
> From: Ben Collins [mailto:[EMAIL PROTECTED]
>
> > The "easy" answer to that is that the version should
> automatically get
> > bumped for user builds much like the kernel compile # is
> for Linux. The
> > maintainers, when generating an "official" version, can
>
On Thu, Nov 30, 2000 at 12:55:36AM +, James Troup wrote:
> "Sean 'Shaleh' Perry" <[EMAIL PROTECTED]> writes:
>
> > > Good grief. This would require all non-rsync mirrors to redownload
> > > *every* .deb in the newly released distribution in whole, and
> > > would require every user to redownlo
> -Original Message-
> From: Ben Collins [mailto:[EMAIL PROTECTED]
>
> Plus pkg+version+arch is not always enough. Note (even though it is a
> bug/mistake in it's own right), there are potato/woody
> packages with the
> same version and arch, that are not the same binary. This is very
> i
>
> So you think it's easy to force users to generate a unique version number?
> How are you going to do that? If you make a debian developer pass a
> special arg, how are you going to keep users from using the same thing?
>
> Obviously it's not so easy, or it would already be done.
>
beyond th
* Reimer, Fred <[EMAIL PROTECTED]> [001129 17:03]:
> The "easy" answer to that is that the version should automatically get
> bumped for user builds much like the kernel compile # is for Linux. The
> maintainers, when generating an "official" version, can specify the exact
> version when they comp
>
> The "easy" answer to that is that the version should automatically get
> bumped for user builds much like the kernel compile # is for Linux. The
> maintainers, when generating an "official" version, can specify the exact
> version when they compile the package, but it should automatically inc
> -Original Message-
> From: Sean 'Shaleh' Perry [mailto:[EMAIL PROTECTED]
> > Sorry, I'm not a Debian developer so honestly don't know
> all the policies or
> > processes behind making debs. But, it seems clear to me
> that if you use the
> > pkg+version+arch as your UUID then a change
"Sean 'Shaleh' Perry" <[EMAIL PROTECTED]> writes:
> > Good grief. This would require all non-rsync mirrors to redownload
> > *every* .deb in the newly released distribution in whole, and
> > would require every user to redownload every package they've
> > installed if they want to upgrade from foo
On Wed, 29 Nov 2000, Ben Collins wrote:
> bug/mistake in it's own right), there are potato/woody packages with the
> same version and arch, that are not the same binary. This is very
This is an archive bug and James's new scripts make it impossible.
> important from a security/signing standpoin
On Wed, Nov 29, 2000 at 04:14:25PM -0800, Joey Hess wrote:
> If I understand right, Ben wants something unique that can be signed
> for some secrit package signing scheme. Assuming the sig goes in a
> component after control.tar.gz and data.tar.gz, why can't is just sign
> a concacentation of their
On Wed, Nov 29, 2000 at 04:12:39PM -0800, Sean 'Shaleh' Perry wrote:
> > Your UUID is the pkg+version+arch. From my viewpoint it's as simple as
> > that. Maybe the official policy needs to be updated so that it is clear
> > that any change to the binary packages, including just compile time chang
>
> Good grief. This would require all non-rsync mirrors to redownload *ever*
> .deb in the newly released distribution in whole, and would require
> every user to redownload every package they've installed if they want to
> upgrade from foo-unstable to foo-stable. It'd also mean package signature
On Wed, Nov 29, 2000 at 04:12:39PM -0800, Sean 'Shaleh' Perry wrote:
> > Your UUID is the pkg+version+arch. From my viewpoint it's as simple as
> > that. Maybe the official policy needs to be updated so that it is clear
> > that any change to the binary packages, including just compile time chang
* Joey Hess <[EMAIL PROTECTED]> [001129 16:17]:
> [...] sign a concacentation of their md5sums? [...]
> I don't understand how signing a uuid that is just listed in the control
> file and could be modified by anyone is cryptographically secure.
I would like to suggest that whatever signature schem
>
> Sorry, I'm not a Debian developer so honestly don't know all the policies or
> processes behind making debs. But, it seems clear to me that if you use the
> pkg+version+arch as your UUID then a change in the md5sum caused by adding a
> signature would not effect the "UUID" and therefore be mo
> On Wed, Nov 29, 2000 at 07:40:11PM +0100, Wichert Akkerman wrote:
>
> > A more authoritive source disagrees with you.. RMS wrote the GPL
> > so I'll trust his opinion above yours.
>
> Ehm, Wichert, you wrote a [PROPOSAL] not a [DO IT NOW] message, so I
> think we could discuss about it.
>
> I
> -Original Message-
> From: Sean 'Shaleh' Perry [mailto:[EMAIL PROTECTED]
> > Your UUID is the pkg+version+arch. From my viewpoint it's
> as simple as
> > that. Maybe the official policy needs to be updated so
> that it is clear
> > that any change to the binary packages, including jus
On Wed, Nov 29, 2000 at 02:35:52PM -0800, Brian Frederick Kimball wrote:
> "[...] and give any other recipients of the Program a copy of
> this License along with the Program."
^^
Is in the same mirror or cd enough? Or should we interpret as "in the
s
If I understand right, Ben wants something unique that can be signed
for some secrit package signing scheme. Assuming the sig goes in a
component after control.tar.gz and data.tar.gz, why can't is just sign
a concacentation of their md5sums?
I don't understand how signing a uuid that is just liste
> Your UUID is the pkg+version+arch. From my viewpoint it's as simple as
> that. Maybe the official policy needs to be updated so that it is clear
> that any change to the binary packages, including just compile time changes,
> requires a version update? That way you could change your "sigs" as
There should be a happy medium ground where *ANY* change to a deb -- that
effects what is actually installed on a system when the package is
installed, results in a version update. But, a "internal signature by the
archive maintainer" would not, assuming that is in the deb header and does
not effe
> From: Ben Collins [mailto:[EMAIL PROTECTED]
> > (Aside: APT internally builds a fairly reliable ID for most
> purposes,
> > some of you may have noticed that it can tell you have
> local compiles,
> > this is how.)
>
> This is a perfect example to answer your question above.
> Local builds ca
On Wed, 29 Nov 2000, Ben Collins wrote:
> That would be bad. Do that and then the Packages file needs regenerating,
> the package needs to be re-signed by everyone, and things will get upgraded,
> and apt[1] will redownload it all over again, just because of something
> changing like an internal
On Wed, 29 Nov 2000, Ben Collins wrote:
> > The pacakge file for woody/main would increase by at least 193k (16%
> > growth) and APT would consume 300k more ram on your average woody/potato
> > mix.
>
> In all likelyhood we could omit it from the Packages file. Also, apt need
> not keep it in it
On Wed, Nov 29, 2000 at 05:08:22PM -0500, Itai Zukerman wrote:
> > Sooner or later sigs will start traveling around with .deb's (that's
> > another discussion, save it for later, it is coming soon). When those sigs
> > are changed or updates by the archive maintainers or the release manager,
> > th
Brian Mays wrote:
> > If here "you" refers to Debian, then we are not violating the GPL.
> > We distribute all of the packages, including "base", which contains
> > the a copy of the GPL. We distribute the program AND we give our
> > recipients a copy of the license. If they decide to take one a
On Wed, Nov 29, 2000 at 03:48:21PM -0700, Jason Gunthorpe wrote:
>
> On Wed, 29 Nov 2000, Ben Collins wrote:
>
> > upgrading dpkg-dev, and poses little side-affects (other than a small
> > increase in the size of the Packages file and .deb's in general).
>
> The pacakge file for woody/main would
Brian Mays wrote:
> If here "you" refers to Debian, then we are not violating the GPL. We
> distribute all of the packages, including "base", which contains the a
> copy of the GPL. We distribute the program AND we give our recipients
> a copy of the license. If they decide to take one and junk
Brian Frederick Kimball <[EMAIL PROTECTED]> wrote:
> Making the GPL available in a separate file that may or may not be
> received by the recipient of the GPLed Program does not constitute
> "giving" the GPL to the recipients of such a program "along with the
> Program". Is Debian giving the Lice
On Wed, 29 Nov 2000, Ben Collins wrote:
> upgrading dpkg-dev, and poses little side-affects (other than a small
> increase in the size of the Packages file and .deb's in general).
The pacakge file for woody/main would increase by at least 193k (16%
growth) and APT would consume 300k more ram on
At 08:17 am +1100 on November 30, 2000, Anand Kumria wrote:
> 1. "You may copy and distribute verbatim copies of the Program's
> source code as you receive it ..."
>
> Applies to *source code* only. We distribute orginial tarballs
> which include the licence text. We are okay here.
keep reading:
At 04:17 pm -0500 on November 29, 2000, Brian Mays wrote:
> The GPL says that we can distribute the binaries ...
>
> : ... provided that you conspicuously and appropriately publish on each
> : copy an appropriate copyright notice and disclaimer of warranty; keep
> : intact all the notices that
On 29-Nov-2000 Ben Collins wrote:
> I'm proposing we add a new field to generated packages, and as part of
> Debian policy, make them required for Debian packages. It's all very
> simple, doesn't requuire any effort by the maintainers other than
> upgrading dpkg-dev, and poses little side-affects
On Wed, Nov 29, 2000 at 07:40:11PM +0100, Wichert Akkerman wrote:
> A more authoritive source disagrees with you.. RMS wrote the GPL
> so I'll trust his opinion above yours.
Ehm, Wichert, you wrote a [PROPOSAL] not a [DO IT NOW] message, so I
think we could discuss about it.
I'm wondering about
On Wed, Nov 29, 2000 at 10:43:40AM -0700, Edward Betts wrote:
> Lots of packages include the generic GNU install instructions, nobody uses
> them because they have installed a Debian package, but lots of packages
> include them.
In fact, I think we *should* remove them. :-)
--
Christian Surchi
> Sooner or later sigs will start traveling around with .deb's (that's
> another discussion, save it for later, it is coming soon). When those sigs
> are changed or updates by the archive maintainers or the release manager,
> the md5sum of the package will change, but the UUID will remain the same.
I'm proposing we add a new field to generated packages, and as part of
Debian policy, make them required for Debian packages. It's all very
simple, doesn't requuire any effort by the maintainers other than
upgrading dpkg-dev, and poses little side-affects (other than a small
increase in the size of
[EMAIL PROTECTED] (Anand Kumria) wrote:
> 3. [ distribution obligations for binaries ]
>
> a. [ accompany with source ]
>
> b. [ written offer of source ]
>
> c. [ provide corresponding info. received from your supplier ]
Actually, as Wichert mentioned, part 3 explicitly says
Since the dpkg maintainer is the one submitting the bug: yes, the old dpkg
needs to change rather than everyone else thing...
On Wed, 29 Nov 2000, Wichert Akkerman wrote:
> Previously Ben Collins wrote:
> > Then we need a mechanism so that the packages can include it, but not
> > install it unle
On Wed, Nov 29, 2000 at 06:21:50PM +0100, Wichert Akkerman wrote:
> Package: debian-policy
>
> RMS just asked me if it was true that all our packages don't include
> the GPL, just a reference to it, since that is a violation of the
> GPL itself. In his words:
>
> rms> I'm told that (some or all)
Previously Sean 'Shaleh' Perry wrote:
> > we do not remove the copyright. it is still in the source. I fail
> > to see why having 300 copies of the same file is needed.
[EMAIL PROTECTED] (Wichert Akkerman) writes:
> Reread my mail. Then realize that the GPL explicitly demands it.
The GPL says
On Thu, Nov 30, 2000 at 08:08:13AM +1100, Anand Kumria wrote:
> On Wed, Nov 29, 2000 at 06:50:38PM -0200, Gustavo Noronha Silva (KoV) wrote:
> >
> > I agree with Wichert... you *must* do it or you are
> > illegal.
>
> Chapter and verse of the GPL please.
Ignore that -- just read the last sentenc
On Wed, Nov 29, 2000 at 06:50:38PM -0200, Gustavo Noronha Silva (KoV) wrote:
>
> I agree with Wichert... you *must* do it or you are
> illegal.
Chapter and verse of the GPL please.
Anand
--
Linux.Conf.Au -- http://linux.conf.au/
17th - 20th January,--
On Wed, Nov 29, 2000 at 07:40:11PM +0100, Wichert Akkerman wrote:
> Previously Sean 'Shaleh' Perry wrote:
> > I read it, I just don't agree that it matters in this case.
>
> A more authoritive source disagrees with you.. RMS wrote the GPL
> so I'll trust his opinion above yours.
Okay, well RMS ca
I agree with Wichert... you *must* do it or you are
illegal.
Debian cannot be that... would it be the case of putting the license
of the package in an diretory inside the deb that would not be installed?
So we should include a option in dpkg-deb that would read that license
and display it. (woul
Previously Sean 'Shaleh' Perry wrote:
> I read it, I just don't agree that it matters in this case.
A more authoritive source disagrees with you.. RMS wrote the GPL
so I'll trust his opinion above yours.
Wichert.
--
/ Generall
On 29-Nov-2000 Wichert Akkerman wrote:
> Previously Sean 'Shaleh' Perry wrote:
>> we do not remove the copyright. it is still in the source. I fail to see
>> why
>> having 300 copies of the same file is needed.
>
> Reread my mail. Then realize that the GPL explicitly demands it.
>
I read it, I
>
> Lots of packages include the generic GNU install instructions, nobody uses
> them because they have installed a Debian package, but lots of packages
> include them.
>
I would file a bug whenever I found that to be true.
On Wed, Nov 29, 2000 at 06:49:08PM +0100, Wichert Akkerman wrote:
> Previously Ben Collins wrote:
> > Then we need a mechanism so that the packages can include it, but not
> > install it unless it isn't installed already.
>
> The famous dpkg-needs-metadata-per-file thing..
Maybe it would be easie
Sean 'Shaleh' Perry wrote:
>
> On 29-Nov-2000 Wichert Akkerman wrote:
> > Package: debian-policy
> >
> > RMS just asked me if it was true that all our packages don't include
> > the GPL, just a reference to it, since that is a violation of the
> > GPL itself. In his words:
> >
>
> we do not rem
Previously Ben Collins wrote:
> Then we need a mechanism so that the packages can include it, but not
> install it unless it isn't installed already.
The famous dpkg-needs-metadata-per-file thing..
Wichert.
--
/ Generally unin
Previously Sean 'Shaleh' Perry wrote:
> we do not remove the copyright. it is still in the source. I fail to see why
> having 300 copies of the same file is needed.
Reread my mail. Then realize that the GPL explicitly demands it.
Wichert.
>
--
__
Sean 'Shaleh' Perry <[EMAIL PROTECTED]> wrote:
> > RMS just asked me if it was true that all our packages don't include
> > the GPL, just a reference to it, since that is a violation of the
> > GPL itself. In his words:
>
> we do not remove the copyright. it is still in the source. I fail to see
On Wed, Nov 29, 2000 at 06:21:50PM +0100, Wichert Akkerman wrote:
> Package: debian-policy
>
> RMS just asked me if it was true that all our packages don't include
> the GPL, just a reference to it, since that is a violation of the
> GPL itself. In his words:
>
> rms> I'm told that (some or all)
On 29-Nov-2000 Wichert Akkerman wrote:
> Package: debian-policy
>
> RMS just asked me if it was true that all our packages don't include
> the GPL, just a reference to it, since that is a violation of the
> GPL itself. In his words:
>
we do not remove the copyright. it is still in the source.
Package: debian-policy
RMS just asked me if it was true that all our packages don't include
the GPL, just a reference to it, since that is a violation of the
GPL itself. In his words:
rms> I'm told that (some or all) Debian packages for GPL-covered programs
rms> don't contain a copy of the GPL--j
On Tue, Nov 28, 2000 at 12:42:24PM -0800, Chris Waters wrote:
> Note that *nothing* we do provides any control over manually submitted
> bugs -- those go whereever the user decides to send them.
We can, however, make recommendations.
Thanks,
--
Raul
75 matches
Mail list logo
