Well, honestly, while I was writing the first messages about packages, I did not read yet: http://wiki.freedos.org/wiki/index.php/Package but I was more thinking about what I would expect, and I still believe there is good stuff in what I propose that is missing in most packaging solutions (for Linux or others).
> Probably the reason this hasn't gotten any discussion is that I don't > see this as a "problem" that needs to be solved. There is at least one problem, but indeed maybe few people care. The main problem with actual package systems, is I do not know if the packager is redistributing the binaries as it received it from the author, or does the packager have rebuild the binaries from sources. I believe I know that in Linux community, it is custom to have rebuild from sources. I am much less convinced it is also custom in the DOS community. And if it was not practically possible to rebuild the binaries from sources, I would really like to know! I believe this is important, because it is relatively easy/useful to add accompanying spyware to the generated compiled code. I expect the packager to have tried to his best, to make sure the binaries it distribute to me, is coming only from the source code. Because frankly, I do not fully trust the author... I can study the code, but it is very hard for me to make sure the code come from the sources, and it take like too much time to compile everything from sources, so I trust the packager... because I don't want to compile source code because it is hard to get all the dependencies, and it take relatively long time to compile even when I have them. That's why I was trying to add an header, where the packager say if it rebuild all binaries from sources, and sign this header. I don't fully trust the packager either, but if he sign the header, if I found one package from him giving me binaries doing things not in the source code, I can avoid other packages coming from him in the future. > The GNU GPL v2 says: > > 3. You may copy and distribute the Program (or a work based on it, > >under Section 2) in object code or executable form under the terms of > >Sections 1 and 2 above provided that you also do one of the following: > > > > a) Accompany it with the complete corresponding machine-readable > > source code, which must be distributed under the terms of Sections > > 1 and 2 above on a medium customarily used for software interchange; > > or, Clearly the author of the GPL v2 was aware that many users want to get the binary code, and *sadly* really don't care about the source code. And I believe this is why the author ended the article 3 by: "If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code." And that's what I was suggesting to do, by making binaries and source code two different "zip" files, in the same directory for the package, on a website. This being included in an header file, signed by the packager. _______________________________________________ Freedos-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/freedos-devel
