Re: ADV: Re: Is there a way to positively, uniquely identify which Debian release a program is running on?

[Manoj Srivastava]

On Fri, 01 Jun 2007 16:54:03 -0400, Kris Deugau <[EMAIL PROTECTED]> said: 

> Frank Lichtenheld wrote:
>> On Fri, Jun 01, 2007 at 02:51:27PM -0400, Kris Deugau wrote:
>>> (Mildly amusing sidenote to this discussion: I'm finally convincing
>>> the senior systems guy that Packages Are Good, and now developers
>>> for the upstream OS seem to be telling me Packages Are Useless,
>>> because I can't even count on a critical dependency being installed
>>> via the package system.  )
>> 
>> ? I don't see that beeing said in the thread. Could you point out
>> that for me?

> Hmm.  Not explicitly stated, nor really implied, but several people
> commented that a system may have backported packages, packages from
> testing/unstable/experimental, software that's installed from source
> and which the package manager is therefore completely unaware of - in
> other words, no matter what you might find in /etc/debian_version or
> some other nominal reference, the configuration and binaries on the
> system may not resemble a stock install of that release at all.

> Taken to the extreme, that leads me to the conclusion that Packages
> Are Useless.   (Taken another couple of steps, it leads to
> "Everyone should be running Linux From Scratch".)

So, modular systems via packages that allow me to install a
 system according to my desires; in your world make packages useless?
 Upon my word, your logic seems wonderfully  unique.

manoj

-- 
"Pain is inevitable, suffering is optional." Author Unknown
Manoj Srivastava <[EMAIL PROTECTED]> 
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ldbl128 transition for alpha, powerpc, sparc, s390

[Andreas Metzler]

In gmane.linux.debian.devel.general Matthias Klose <[EMAIL PROTECTED]> wrote:
> With glibc-2.5 and gcc-4.1.2 (and gcc-4.2), the `long double' data
> type did change from a 64bit representation to a 128bit representation
> on alpha, powerpc, sparc, s390. To allow partial upgrades of packages,
> we will need to rename all packages holding libraries with the long
> double data type in their API.  Both libc and libstdc++ do not need to
> be renamed, because they support both representations. Attached you
> can find a list of packages with header files in /usr/include matching
> 'long *double'. If a library package is built from the same source as
> well, it has to be renamed, however the list may have false positives.

[...]
> gnulib
[...]

Looks like a false positive. The gnulib source package is arch-all, it
does not contain compiled source.
cu andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ldbl128 transition for alpha, powerpc, sparc, s390

[Vincent Fourmond]

Matthias Klose wrote:
> I plan to submit bug reports with severity `serious' for all source
> packages matching the above description (although if somebody wants to
> handle this transition, please go ahead).
> 
> cfortran

Probably a false positive, as it is an arch:all package (just a header
file).

  Cheers,

Vincent


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ADV: Re: Is there a way to positively, uniquely identify which Debian release a program is running on?

[Gabor Gombas]

On Fri, Jun 01, 2007 at 04:54:03PM -0400, Kris Deugau wrote:

> Hmm.  Not explicitly stated, nor really implied, but several people
> commented that a system may have backported packages, packages from
> testing/unstable/experimental, software that's installed from source and
> which the package manager is therefore completely unaware of - in other
> words, no matter what you might find in /etc/debian_version or some
> other nominal reference, the configuration and binaries on the system
> may not resemble a stock install of that release at all.

That's right.

> Taken to the extreme, that leads me to the conclusion that Packages Are
> Useless.(Taken another couple of steps, it leads to "Everyone
> should be running Linux From Scratch".)

You got it completely backwards. The individual packages (and their
versions) are what you _can_ depend on. A single release string can
never give you enough information for what you want to achieve.

And this is not specific to Debian at all; you get the same effects on
RPM-based distros when you start installing packages from 3rd party RPM
repositories.

Gabor

-- 
 -
 MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
 -


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Filing FTBFS bugs and packages in NEW

[Joerg Jaspert]

On 11037 March 1977, Martin Zobel-Helas wrote:

> This could be realized by patching helena[1], eg. to produce a RSS like
> output, so an automated parsing of PackageName and PackageVersion in NEW
> could be done. I will have a look into that during the weekend. Should
> be mostly trivial.

There are already RSS feeds for NEW.

-- 
bye Joerg
Von einem Besucher auf dem LT:

Die 3 Microsoft-Leute auf Ihrem Stand müssen sich vorkommen wie 3
Mönche im Puff.


pgpfB7RyuZdfq.pgp
Description: PGP signature

Re: Filing FTBFS bugs and packages in NEW

[Martin Zobel-Helas]

Hi, 

On Sat Jun 02, 2007 at 11:18:00 +0200, Joerg Jaspert wrote:
> On 11037 March 1977, Martin Zobel-Helas wrote:
> 
> > This could be realized by patching helena[1], eg. to produce a RSS like
> > output, so an automated parsing of PackageName and PackageVersion in NEW
> > could be done. I will have a look into that during the weekend. Should
> > be mostly trivial.
> 
> There are already RSS feeds for NEW.

where? it is not linked from new.html


-- 
[EMAIL PROTECTED] /root]# man real-life
No manual entry for real-life


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Is there a way to positively, uniquely identify which Debian release a program is running on?

[Adrian von Bidder]

On Wednesday 30 May 2007 22.46:30 Kris Deugau wrote:
> I've been writing custom utilities and libraries for various systems at
> work, and with one particular project recently it's become (more)
> important to know exactly which Debian release it's running on (at some
> stage or other between version-controlled-code and installed-"binary")
> so that I don't try to call a missing binary or create a .deb that
> requires a package that doesn't actually exist in the target dist.

In general: don't do that.  My machine has base-files from etch and thus can 
be considered to be etch, but there are a lot of packages from lenny and 
sid on it (including libc6, thanks to the dependency handling).  And if I 
don't reinstall the machine before lenny, it will even mix etch, lenny, 
lenny+1 and sid in a few years.  So what version is "installed" on the 
machine?

Version problems like you describe almost always boil down to versioned 
package dependencies.

Obviously, if you're in a controlled environment and you know that your 
target machines are "clean" etch or lenny, the problem becomes a lot 
easier.

cheers
-- vbi



-- 
featured product: GNU Privacy Guard - http://gnupg.org


signature.asc
Description: This is a digitally signed message part.

Re: Is there a way to positively, uniquely identify which Debian release a program is running on?

[Adrian von Bidder]

On Friday 01 June 2007 20.51:27 Kris Deugau wrote:
>  Instead, we try to make them work
>
> > as far as their dependencies are met.
>
> ... which means what, exactly, if my program expects
> /usr/lib/apache2/suexec but the system (stock Debian sarge) only has
> /usr/lib/apache2/suexec2?  Or vice versa for etch?

Just make sure you depend on whatever version of apache that matches where 
you expect the suexec binary to live.  Yes, you'll need to check for all 
such cases but it will get you much further than relying 
on /etc/debian_version because even people heavily mixing Debian releases 
will be happy.

cheers
-- vbi

-- 
24h Business Support:
... for example, when one of our products stops working, we'll blame
another vendor within 24 hours.
-- Scott Adams/Dilbert, 2006-06-13


signature.asc
Description: This is a digitally signed message part.

Bug#427208: ITP: libjdo-api-java -- implementation of JSR 243: JavaTM Data Objects 2.0

[Torsten Werner]

Package: wnpp
Severity: wishlist
Owner: Torsten Werner <[EMAIL PROTECTED]>

* Package name: libjdo-api-java
  Version : 2.0
  Upstream Author : The Apache Software Foundation
* URL : http://db.apache.org/jdo/
* License : Apache
  Programming Lang: Java
  Description : implementation of JSR 243: JavaTM Data Objects 2.0
 Java Data Objects (JDO) is a standard way to access persistent data in
 databases, using plain old Java objects (POJO) to represent persistent data.
 The approach separates data manipulation (done by accessing Java data members
 in the Java domain objects) from database manipulation (done by calling the
 JDO interface methods). This separation of concerns leads to a high degree of
 independence of the Java view of data from the database view of the data.
 .
 Interfaces are defined for the user's view of persistence:
  - PersistenceManager: the component responsible for the life cycle of
persistent instances, Query factory, and Transaction access
  - Query: the component responsible for querying the datastore and returning
persistent instances or values
  - Transaction: the component responsible for initiating and completing
transactions
 .
 JDO is being developed as a Java Specification Request in the Java Community
 Process. The original JDO 1.0 is JSR-12 http://www.jcp.org/en/jsr/detail?id=12
 and the current JDO 2.0 is JSR-243 http://www.jcp.org/en/jsr/detail?id=243
 .
  Homepage: http://db.apache.org/jdo/



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch-proposed-updates amd64 Release file fails checksum [Was: possible problem with ftp.us.debian.org]

[Anthony Towns]

On Sun, May 27, 2007 at 04:57:46PM -0400, Yaroslav Halchenko wrote:
> More than a month ago I filed a bug report
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418956

Sorry about that, fixed now.

(The daily regeneration of the Release files wasn't working because
the dak script wasn't noticing that the stable-proposed-updates and
testing-proposed-updates Release files were hardlinked...)

Cheers,
aj



signature.asc
Description: Digital signature

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Anthony Towns]

On Tue, May 22, 2007 at 02:53:43PM +0300, Lars Wirzenius wrote:
> On ti, 2007-05-22 at 13:30 +0200, Sam Hocevar wrote:
> > 1. The GPLv3: the latest draft did not raise major objections from
> >  -legal and despite its concerns with the strategies developed in some
> >  sections, Debian does consider it DFSG-free. Debian will however not
> >  push for its adoption, mainly because we still have much software that
> >  is GPLv2-only in the distribution.
> Why it that a valid, or even relevant reason to avoid pushing GPLv3?

That's been answered already, but, IMO, a sufficient and better reason
to avoid pushing GPLv3 is just that there's no need for Debian to push
*any* particular free license. As long as its DFSG-free, we don't really
need to care -- we might still offer opinions, but we don't have to go
any further.

Cheers,
aj


signature.asc
Description: Digital signature

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Anthony Towns]

On Thu, May 24, 2007 at 10:54:36AM -0700, Don Armstrong wrote:
> and to the best of my knowledge, works licensed solely under the CDDL
> have never been accepted in main.[1]

star | 1.5a57-1 | oldstable | source, alpha, arm, [...]
star | 1.5a67-1 | stable | source, alpha, amd64, [...]

http://packages.debian.org/changelogs/pool/main/s/star/star_1.5a57-1/star.copyright
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350624

HTH.

Cheers,
aj



signature.asc
Description: Digital signature

Re: Filing FTBFS bugs and packages in NEW

[gregor herrmann]

On Sat, 02 Jun 2007 12:31:48 +0200, Martin Zobel-Helas wrote:

> > There are already RSS feeds for NEW.
> where? it is not linked from new.html

I know at least:

Packages entering NEW:
http://people.debian.org/~filippo/NEWrss/new_in.rss

Packages leaving NEW:
http://people.debian.org/~filippo/NEWrss/new_out.rss

gregor 
-- 
 .''`.   http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4
 : :' :  debian: the universal operating system - http://www.debian.org/
 `. `'   member of https://www.vibe.at/ | how to reply: http://got.to/quote/
   `-NP: Element Of Crime: Narzissen Und Kakteen


signature.asc
Description: Digital signature

steeple milan--cuny

[Makayla]

all of the products you were searching
for last week...

you asked us where to find them, and we
have searched to bring you the results

terewte.info

trust us, it's the only place you will
be able to get these items

Bug#427216: ITP: gtkol-ldap -- GtkOL-LDAP is a LDAP client based on GtkOL.

[Francesco Namuri]

Package: wnpp
Severity: wishlist
Owner: Francesco Namuri <[EMAIL PROTECTED]>


  Package name: gtkol-ldap
  Version : 1.1
  Upstream Author : Name <[EMAIL PROTECTED]>
  URL : http://www.example.org/
  License : GPL
  Programming Lang: C++
  Description : GtkOL-LDAP is a LDAP client based on GtkOL.

GtkOL is designed to help you administer OpenLDAP directories, it is
developed in modular way to enable template handling such posix account
or samba entries. It implements TLS/SASL bindigs, DN drag & drop, DN
recursive deletion, LDIF import/export, password attributes automatic
hashing, DN integrity rules setup, and more.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (850, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-custom.5
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Plugin API/ABI versions

[Ben Hutchings]

On Fri, 2007-06-01 at 18:03 +0200, Magnus Holmgren wrote:
> Many applications allow their functionality to be extended by means of 
> plugins, often in the form of libraries that the application dlopen()s. 
> Usually the application provides an API, and like other APIs these APIs (and 
> ABIs) can evolve, calling for versioned dependencies. But executables aren't 
> shared libraries, so there are no SONAME/NEEDED tags (typically, AFAIK, the 
> API headers define some version constants that the application queries the 
> plugin for to detect incompatibilities) and using dpkg-shlibdeps doesn't 
> work. So how should the -dev package provide correct dependency information 
> in these cases?


The ion3 package provides "ion3-api-" + an API identifier, and
separately-packaged modules depend on this.  The API identifier is in
one of the headers in the -dev package.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption] would be
development of an easy way to factor large prime numbers. - Bill Gates


signature.asc
Description: This is a digitally signed message part

Re: BoF: Supporting 15,000 packages - How much support do we mean?

[Julien Cristau]

On Sat, Jun  2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:

> #382607 (CVE-2006-4041) has apparently not been touched in 9 months.
> This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
> this was never confirmed.
> 
The security tracker lists this as "unimportant", with a note that no
applications in sarge use pike+postgres.

Cheers,
Julien


signature.asc
Description: Digital signature

Re: BoF: Supporting 15,000 packages - How much support do we mean?

[Ben Hutchings]

On Wed, 2007-05-30 at 18:22 -0700, Steve Langasek wrote:
> On Thu, May 31, 2007 at 01:58:02AM +0100, Ben Hutchings wrote:
> > > > > What evidence do you have that serious security bugs "won't get 
> > > > > fixed" in a
> > > > > stable release because of MIA developers?
> 
> > > > Search for "years" in
> > > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag&data=security&archive=no&version=&dist=stable&pend-exc=fixed&pend-exc=done&include=security
> 
> > > If I search on
> > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=tag;data=security;archive=no;dist=stable;pend-exc=fixed;pend-exc=done;include=security;severity=critical,grave,serious
> > > (since the question was about "serious security bugs"), the only matches 
> > > are
> > > listed as "From other Branch", meaning that the versions listed as 
> > > affected
> > > in the BTS are not versions present in stable.
> > 
> 
> > I'm sorry, I did not use "serious" in the precise sense of the BTS.  I
> > meant that there were bugs that could have serious consequences for some
> > users, which is true of many bugs with severity = important.
> 
> But if that's the criterion, I don't see why anything more is needed than to
> more visibly document to our users what classes of bugs are considered
> release-critical.  Maintainer activity is not going to be strongly
> correlated with frequency of non-RC security bugs in a package in stable.

I expect there is some correlation between maintainer activity and
competence, and the speed at which security bugs get fixed.  That said,
the numbers are small and the correlation probably quite weak.  So I
don't propose to use some sort of karma system to rate maintainers and
their packages.

> > Also, this release is relatively new and has had less time to accumulate
> > bug reports.  sarge is in a worse state.
> 
> Ok, can you provide an example to support this claim that sarge is worse?
> If I sub 'oldstable' for 'stable' in the URL, I get a much *smaller* number
> of outstanding RC security bugs for sarge, and only two of them are open for
> longer than a year[1] (and less than two), which is of course not good, but
> also not what you appeared to be claiming above.

I would expect serious security bugs to be fixed in a *lot* less than a
year!  There are 6 of them older than 3 months.  I fear we'll see the
same in etch once it's been out longer.

> I'm not saying that what the BTS shows in this view is at all accurate; I
> think it's entirely possible that there are bugs missing here, since sarge's
> release predates the advent of version tracking in the BTS, and even now
> there's a good chance of new security bugs being filed with incomplete
> v-t info.  I'm just asking that you support this claim with a concrete
> pointer, because if there are known security bugs going unaddressed I'd like
> to know what they are to try to understand why they've fallen through the
> cracks and try to figure out if there's something we can be doing better to
> catch such bugs as a class.

Let me go through those 6:

#382607 (CVE-2006-4041) has apparently not been touched in 9 months.
This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
this was never confirmed.

#392016 should have been closed by version 2.5.7+r1558-4+sarge3, if I'm
not mistaken.

#396360 (CVE-2006-4513) has been waiting 3 months for someone to apply a
patch.
#334054 (CVE-2005-3323) has been waiting 19 months for someone to apply
a patch (the bug was fixed in zope2.7 but not zope 2.6).

#352188 is, as you said, mitigated by the library not having reverse
dependencies. And it's a DoS, so is probably only "important".

#408300 (CVE-2007-0461) is also a DoS.

So at least 2 have apparently fallen through the cracks.  There may be
more in the security-tracker that aren't in the BTS.

> Roberto's point that low maintainer activity tends to correlate with
> *unknown* security bugs is well taken, but you seem to be making the much
> stronger claim that we *know* our stable releases have security holes that
> will go unfixed, and this isn't something that I know at all.

We know that they *will* have security holes found in them.  Some of
these evidently go unfixed for some time.  Maybe this is merely a matter
of poor tracking.  I think there's a real resource limitation.

> [1] and one of these bugs is in libtasn1-0, a version of libtasn that
> appears to have no reverse-dependencies in the archive (I think because the
> security fix was ABI-breaking and therefore transitioned the reverse-deps
> away from it), so the impact on end users is roughly nil.

Noted.

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption] would be
development of an easy way to factor large prime numbers. - Bill Gates


signature.asc
Description: This is a digitally signed message part

Re: BoF: Supporting 15,000 packages - How much support do we mean?

[Ben Hutchings]

On Sat, 2007-06-02 at 16:22 +0200, Julien Cristau wrote:
> On Sat, Jun  2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:
> 
> > #382607 (CVE-2006-4041) has apparently not been touched in 9 months.
> > This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
> > this was never confirmed.
> > 
> The security tracker lists this as "unimportant", with a note that no
> applications in sarge use pike+postgres.

So applications outside of the Debian system are "unimportant" and not
supported?  Then let's rip out all the libraries without reverse-
dependencies, and the static libraries while we're at it.  The mirror
maintainers will thank us for it!

Ben.

-- 
Ben Hutchings
The obvious mathematical breakthrough [to break modern encryption] would be
development of an easy way to factor large prime numbers. - Bill Gates


signature.asc
Description: This is a digitally signed message part

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Anthony Towns]

debian-devel re-added.

On Sat, Jun 02, 2007 at 03:40:36PM +0200, Francesco Poli wrote:
> On Sat, 2 Jun 2007 21:50:15 +1000 Anthony Towns wrote:
> > On Thu, May 24, 2007 at 10:54:36AM -0700, Don Armstrong wrote:
> > > and to the best of my knowledge, works licensed solely under the
> > > CDDL have never been accepted in main.[1]
> > star | 1.5a57-1 | oldstable | source, alpha, arm, [...]
> > star | 1.5a67-1 | stable | source, alpha, amd64, [...]
> > http://packages.debian.org/changelogs/pool/main/s/star/star_1.5a57-1/star.copyright
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350624
> Quoting from the bug log, Anthony Towns wrote:
> | The CDDL mightn't be the best license in the world, and isn't GPL
> | compatible, but it's still DFSG-free. Closing this bug with this
> | message.
> I do *not* agree that the CDDL meets the DFSG, especially when a choice
> of venue is in place.

That a poster to debian-legal doesn't think a license meets the DFSG
isn't particularly useful information, and is even less so when that
poster isn't a DD, a maintainer or someone in the n-m queue.

Cheers,
aj



signature.asc
Description: Digital signature

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Michael Poole]

Anthony Towns writes:

> debian-devel re-added.
>
> On Sat, Jun 02, 2007 at 03:40:36PM +0200, Francesco Poli wrote:
>> On Sat, 2 Jun 2007 21:50:15 +1000 Anthony Towns wrote:
>> > On Thu, May 24, 2007 at 10:54:36AM -0700, Don Armstrong wrote:
>> > > and to the best of my knowledge, works licensed solely under the
>> > > CDDL have never been accepted in main.[1]
>> > star | 1.5a57-1 | oldstable | source, alpha, arm, [...]
>> > star | 1.5a67-1 | stable | source, alpha, amd64, [...]
>> > http://packages.debian.org/changelogs/pool/main/s/star/star_1.5a57-1/star.copyright
>> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350624
>> Quoting from the bug log, Anthony Towns wrote:
>> | The CDDL mightn't be the best license in the world, and isn't GPL
>> | compatible, but it's still DFSG-free. Closing this bug with this
>> | message.
>> I do *not* agree that the CDDL meets the DFSG, especially when a choice
>> of venue is in place.
>
> That a poster to debian-legal doesn't think a license meets the DFSG
> isn't particularly useful information, and is even less so when that
> poster isn't a DD, a maintainer or someone in the n-m queue.

A blatant appeal to authority in place of facts or analysis isn't
particularly useful information, and is even less so when arguments
for the contrary position have been made but not answered.

Michael Poole


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#427216: ITP: gtkol-ldap -- GtkOL-LDAP is a LDAP client based on GtkOL.

[Christian Surchi]

On Sat, Jun 02, 2007 at 02:34:28PM +0200, Francesco Namuri wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Francesco Namuri <[EMAIL PROTECTED]>
> 
> 
>   Package name: gtkol-ldap
>   Version : 1.1
>   Upstream Author : Name <[EMAIL PROTECTED]>
>   URL : http://www.example.org/
>   License : GPL
>   Programming Lang: C++
>   Description : GtkOL-LDAP is a LDAP client based on GtkOL.

What about author and url? :)

bye
Christian


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#427216: ITP: gtkol-ldap -- GtkOL-LDAP is a LDAP client based on GtkOL.

[Roberto C . Sánchez]

On Sat, Jun 02, 2007 at 05:30:48PM +0200, Christian Surchi wrote:
> On Sat, Jun 02, 2007 at 02:34:28PM +0200, Francesco Namuri wrote:
> > Package: wnpp
> > Severity: wishlist
> > Owner: Francesco Namuri <[EMAIL PROTECTED]>
> > 
> > 
> >   Package name: gtkol-ldap
> >   Version : 1.1
> >   Upstream Author : Name <[EMAIL PROTECTED]>
> >   URL : http://www.example.org/
> >   License : GPL
> >   Programming Lang: C++
> >   Description : GtkOL-LDAP is a LDAP client based on GtkOL.
> 
> What about author and url? :)
> 
Also, a more descriptive short description.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


signature.asc
Description: Digital signature

Bug#427238: ITP: dbi-link -- A partial implementation of SQL/MED to PostgreSQL

[Fernando Ike de Oliveira]

Package: wnpp
Severity: wishlist
Owner: Fernando Ike de Oliveira <[EMAIL PROTECTED]>



* Package name: dbi-link
  Version : 2.0.0
  Upstream Author : David Fetter <[EMAIL PROTECTED]>
* URL : http://pgfoundry.org/projects/dbi-link/
* License : (BSD)
  Programming Lang: (Perl)
  Description : A partial implementation of SQL/MED to PostgreSQL

 DBI-Link is a partial implementation of the SQL/MED (Management of
 External Data) portion of the SQL:2003 specification to PostgreSQL.
 . 
 It's possible connect in others DBMS as MySQL, Oracle, Firebird, 
 Sqlite, since that it is supported by Perl/DBI.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.20-1-k7 (SMP w/2 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Marco d'Itri]

On Jun 02, Michael Poole <[EMAIL PROTECTED]> wrote:

> A blatant appeal to authority in place of facts or analysis isn't
> particularly useful information, and is even less so when arguments
> for the contrary position have been made but not answered.
s/arguments/opinions/

-- 
ciao,
Marco


signature.asc
Description: Digital signature

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Don Armstrong]

On Sun, 03 Jun 2007, Anthony Towns wrote:
> debian-devel re-added. 
> On Sat, Jun 02, 2007 at 03:40:36PM +0200, Francesco Poli wrote:
> > On Sat, 2 Jun 2007 21:50:15 +1000 Anthony Towns wrote:
> > > On Thu, May 24, 2007 at 10:54:36AM -0700, Don Armstrong wrote:
> > > > and to the best of my knowledge, works licensed solely under the
> > > > CDDL have never been accepted in main.[1]
> > > star | 1.5a57-1 | oldstable | source, alpha, arm, [...]
> > > star | 1.5a67-1 | stable | source, alpha, amd64, [...]
> > > http://packages.debian.org/changelogs/pool/main/s/star/star_1.5a57-1/star.copyright
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350624
> > Quoting from the bug log, Anthony Towns wrote:
> > | The CDDL mightn't be the best license in the world, and isn't GPL
> > | compatible, but it's still DFSG-free. Closing this bug with this
> > | message.
> > I do *not* agree that the CDDL meets the DFSG, especially when a choice
> > of venue is in place.
> 
> That a poster to debian-legal doesn't think a license meets the DFSG
> isn't particularly useful information, and is even less so when that
> poster isn't a DD, a maintainer or someone in the n-m queue.

It's not like there aren't DDs who feel that it isn't DFSG free; Steve
Langasek and myself have consistently argued against it, and I doubt
we're the only two.

That said, can the ftpmaster who approved the inclusion of star in
main speak up and give their rationale?


Don Armstrong

-- 
Nearly all men can stand adversity, but if you really want to test his
character, give him power.
 -- Abraham Lincoln

http://www.donarmstrong.com  http://rzlab.ucr.edu


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427248: ITP: promethee -- a productive numeric working space

[lambda (sbrice)]

Package: wnpp
Severity: wishlist
Owner: "lambda (sbrice)" <[EMAIL PROTECTED]>


* Package name: promethee
  Version : 5.7rc1
  Upstream Author : Dominique Laporte & his team
* URL : http://www.promethee.eu.org/
* License : (GPL)
  Programming Lang: (PHP, JS)
  Description : A productive numeric working space

promethee is an all-inclusive education project (called numeric working space) 
which support school managing and is exclusively built 
with free software  (need apache2 mysql-server-4.1 apache2-doc 
libapache2-mod-php4 php4-mysql php4-gd php4-cli phpmyadmin dependencies)


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: BoF: Supporting 15,000 packages - How much support do we mean?

[Steve Langasek]

On Sat, Jun 02, 2007 at 03:38:46PM +0100, Ben Hutchings wrote:
> On Sat, 2007-06-02 at 16:22 +0200, Julien Cristau wrote:
> > On Sat, Jun  2, 2007 at 15:15:40 +0100, Ben Hutchings wrote:

> > > #382607 (CVE-2006-4041) has apparently not been touched in 9 months.
> > > This is probably mitigated by the fix for #368645 (CVE-2006-2314), but
> > > this was never confirmed.

> > The security tracker lists this as "unimportant", with a note that no
> > applications in sarge use pike+postgres.

> So applications outside of the Debian system are "unimportant" and not
> supported?  Then let's rip out all the libraries without reverse-
> dependencies,

The release team generally proposes doing that. :)

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#427248: ITP: promethee -- a productive numeric working space

[Ben Pfaff]

"lambda (sbrice)" <[EMAIL PROTECTED]> writes:

>   Description : A productive numeric working space
>
> promethee is an all-inclusive education project (called numeric
> working space) which support school managing and 

What is a numeric working space?  You don't say, and the URL that
you pointed to doesn't make it obvious to me.

> is exclusively built with free software (need apache2
> mysql-server-4.1 apache2-doc libapache2-mod-php4 php4-mysql
> php4-gd php4-cli phpmyadmin dependencies)

This seems redundant.  There's a Dependencies field in the
packaging system for listing dependencies.  There's no need to
mention that a program in Debian is free software and built only
with free software--that's the only kind of program we accept
anyway.
-- 
"doe not call up Any that you can not put downe."
--H. P. Lovecraft


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Don Armstrong]

reopen 350624
thanks

On Sat, 02 Jun 2007, Don Armstrong wrote:
> That said, can the ftpmaster who approved the inclusion of star in
> main speak up and give their rationale?

Actually, I must take this back; it's almost certain that ftpmaster
did not approve this, because the work when originally included in
Debian (S tar 1.4.3) was only licensed under the GPL [From star.c]:

/*
 *  Copyright (c) 1985, 88-90, 92-96, 98, 99, 2000-2002 J. Schilling
 */
/*
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2, or (at your option)
 * any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; see the file COPYING.  If not, write to the Free Software
 * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

I'm not entirely sure that it would have been found acceptable had it
gone through NEW with its current license.


Don Armstrong

-- 
Democracy means simply the bludgeoning of the people by the people for
the people.
 -- Oscar Wilde

http://www.donarmstrong.com  http://rzlab.ucr.edu


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427255: ITP: libfreemarker-java -- a template engine written in Java

[Torsten Werner]

Package: wnpp
Severity: wishlist
Owner: Torsten Werner <[EMAIL PROTECTED]>

* Package name: libfreemarker-java
  Version : 2.3.10
  Upstream Author : The Visigoth Software Society
* URL : http://www.freemarker.org/
* License : BSD
  Programming Lang: Java
  Description : a template engine written in Java
 FreeMarker is a "template engine"; a generic tool to generate text output
 (anything from HTML to autogenerated source code) based on templates. It's a
 Java package, a class library for Java programmers. It's not an application
 for end-users in itself, but something that programmers can embed into their
 products.
 .
 FreeMarker is designed to be practical for the generation of HTML Web pages,
 particularly by servlet-based applications following the MVC (Model View
 Controller) pattern. The idea behind using the MVC pattern for dynamic Web
 pages is that you separate the designers (HTML authors) from the programmers.
 Everybody works on what they are good at. Designers can change the appearance
 of a page without programmers having to change or recompile code, because the
 application logic (Java programs) and page design (FreeMarker templates) are
 separated. Templates do not become polluted with complex program fragments.
 This separation is useful even for projects where the programmer and the HMTL
 page author is the same person, since it helps to keep the application clear
 and easily maintainable.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427258: ITP: gaphas -- diagramming canvas

[Cedric Delfosse]

Package: wnpp
Severity: wishlist
Owner: Cedric Delfosse <[EMAIL PROTECTED]>

* Package name: gaphas
  Version : 0.1.4
  Upstream Author : Arjan Molenaar <[EMAIL PROTECTED]>
* URL : http://cheeseshop.python.org/pypi/gaphas
* License : LGPL
  Programming Lang: Python
  Description : diagramming widget

 Gaphas is a GTK+ based diagramming widget.



Gaphas must be packaged to package newest version of gaphor.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-3-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bug#427248: ITP: promethee -- a productive numeric working space

[Julien Cristau]

On Sat, Jun  2, 2007 at 11:50:45 -0700, Ben Pfaff wrote:

> "lambda (sbrice)" <[EMAIL PROTECTED]> writes:
> 
> >   Description : A productive numeric working space
> >
> > promethee is an all-inclusive education project (called numeric
> > working space) which support school managing and 
> > is exclusively built with free software (need apache2
> > mysql-server-4.1 apache2-doc libapache2-mod-php4 php4-mysql
> > php4-gd php4-cli phpmyadmin dependencies)
> 
> This seems redundant.  There's a Dependencies field in the
> packaging system for listing dependencies.  There's no need to
> mention that a program in Debian is free software and built only
> with free software--that's the only kind of program we accept
> anyway.

Also, since php4 is going away, stating that your package works with it
seems kind of useless.

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Steve Langasek]

On Sat, Jun 02, 2007 at 12:12:14PM -0700, Don Armstrong wrote:
> On Sat, 02 Jun 2007, Don Armstrong wrote:
> > That said, can the ftpmaster who approved the inclusion of star in
> > main speak up and give their rationale?

> Actually, I must take this back; it's almost certain that ftpmaster
> did not approve this,

Er, isn't that what AJ's closure message *is*?

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Michael Poole]

[EMAIL PROTECTED] writes:

> On Jun 02, Michael Poole <[EMAIL PROTECTED]> wrote:
>
>> A blatant appeal to authority in place of facts or analysis isn't
>> particularly useful information, and is even less so when arguments
>> for the contrary position have been made but not answered.
> s/arguments/opinions/

Yes, there were a number of court opinions cited to illustrate that
choice of venue (aka forum selection) clauses are quite often binding.
This was in contrast to claims from the "CDDL is DFSG compliant" crowd
that the clause had no effect.  That was one of the unanswered facts
that I had in mind -- although I suspect your shorthand was not
actually in reference to that.

Michael Poole


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Don Armstrong]

On Sat, 02 Jun 2007, Steve Langasek wrote:
> On Sat, Jun 02, 2007 at 12:12:14PM -0700, Don Armstrong wrote:
> > On Sat, 02 Jun 2007, Don Armstrong wrote:
> > > That said, can the ftpmaster who approved the inclusion of star in
> > > main speak up and give their rationale?
> 
> > Actually, I must take this back; it's almost certain that ftpmaster
> > did not approve this,
> 
> Er, isn't that what AJ's closure message *is*?

It could be. Of course, last time I checked, AJ wasn't primarily doing
NEW processing, which is the area of responsibility that my original
message was (incorrectly) aimed at.


Don Armstrong

-- 
DIE!
 -- Maritza Campos http://www.crfh.net/d/20020601.html

http://www.donarmstrong.com  http://rzlab.ucr.edu


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: libpkg / libupt / libept gets popcon support

[Erich Schubert]

Hi Enrico,
Keep up the good work. :-)


the name of the new library is still in flux, and maybe it'll end up
with the name 'libept' and replacing the libept we have now.


I have to admit, that with "libpkg" I'd expect to find something
working on the actual packages, whereas your library is working with
metadata on the packages, mostly for finding them.

Maybe something along libipkg or libinfopkg is more appropriate?

best regards,
Erich Schubert
--
   erich@(mucl.de|debian.org)  --  GPG Key ID: 4B3A135C(o_
 To understand recursion you first need to understand recursion.   //\
 Wo befreundete Wege zusammenlaufen, da sieht die ganze Welt für   V_/_
   eine Stunde wie eine Heimat aus. --- Herrmann Hesse

Bug#427288: ITP: ntfs-config -- enable/disable write support for any NTFS devices

[Francesco Namuri]

Package: wnpp
Severity: wishlist
Owner: Francesco Namuri <[EMAIL PROTECTED]>


  Package name: ntfs-config
  Version : 1.0-RC2
  Upstream Author : Florent Mertens <[EMAIL PROTECTED]>
  URL : http://givre.cabspace.com/ntfs-config
  License : GPL
  Programming Lang: Python
  Description : enable/disable write support for any NTFS devices

This program allow you to easily configure all of your NTFS devices
to allow write support via a friendly gui.
For that use, it will configure them to use the open source ntfs-3g
driver. You'll also be able to easily disable this feature.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (850, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-custom.5
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427293: ITP: plproxy -- PL/Proxy is a proxy language used for remote database

[Fernando Ike de Oliveira]

Package: wnpp
Severity: wishlist
Owner: Fernando Ike de Oliveira <[EMAIL PROTECTED]>


* Package name: plproxy
  Version : 2.0.2
  Upstream Author : Sven Suursoho, Marko Kreen
* URL : http://pgfoundry.org/projects/plproxy/
* License : BSD
  Programming Lang: C
  Description : PL/Proxy is a proxy language used for remote database

 PL/Proxy is a proxy language used for remote database procedure calls
 and data partitioning between databases based on hashing field values.
 .
 It's will be to create with same signature as remote function to be
 called, so only destination info needs to be specify inside proxy
 function body. 


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.20-1-k7 (SMP w/2 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427295: ITP: pgbouncer -- Lightweight connection pooler for PostgreSQL

[Fernando Ike de Oliveira]

Package: wnpp
Severity: wishlist
Owner: Fernando Ike de Oliveira <[EMAIL PROTECTED]>


* Package name: pgbouncer
  Version : 1.0.7
  Upstream Author : Sven Suursoho, Marko Kreen
* URL : http://pgfoundry.org/projects/pgbouncer
* License : BSD
  Programming Lang: C
  Description : Lightweight connection pooler for PostgreSQL

 PgBouncer has as features:
 .
 * Several levels of brutality when rotating connections.
 * Low memory requirements.
 * It is not tied to one backend server, the destination databases can
   reside on differet hosts.
 * Supports online reconfiguration for most of the settings.
 * Supports online restart/upgrade.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.20-1-k7 (SMP w/2 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Promethee a Virtual Learning Environement (VLE)

[lambda]

>Is this software only in French or also in English ?
The entire project will be internationalyzed in five languages at the end of 
the month ;-)

>Does this software need php4 or does the software also work with php5 ?
>php4 is going away, stating that your package works with it seems kind of 
>useless.
This software works efficiently on a K8_2800+ x86_64 GNU/Linux unstable (apache 
2.2.3-4 ; libapache2-mod-php5.2.2-2 ; mysql-server-5.0.41-2 phpmyadmin 
4:2.10.1-3)

>There's no need to mention that a program in Debian is free software and built 
>only with 
>free software that's the only kind of program we accept anyway.
Why do my /etc/apt/sources.list mention a non-free depository ? additionally 
http://www.debian.org/vote/2006/vote_007 specify that Etch has been released 
with kernel firmware issues (point 4)

>>   Description : A productive numeric working space
We prefer `Virtual Learning Environement (VLE)` as it will be mentioned in the 
coming soon english version of promethee 5.7

Regards,

sébastien Brice


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#427297: ITP: sturmbahnfahrer -- simulated obstacle course for automobiles

[Miriam Ruiz]

Package: wnpp
Severity: wishlist
Owner: Miriam Ruiz <[EMAIL PROTECTED]>


* Package name: sturmbahnfahrer
  Version : 1.3
  Upstream Author : Bram Stolk <[EMAIL PROTECTED]>
* URL : http://www.sturmbahnfahrer.com/
* License : GPL
  Programming Lang: C++
  Description : simulated obstacle course for automobiles

 Your objective is to drive your car along an obstacle course. Success
 depends on total control of the car. If you want to master it, try to
 have the laws of physics work with you, not against you.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Steve Langasek]

On Sat, Jun 02, 2007 at 10:13:56AM -0700, Don Armstrong wrote:
> On Sun, 03 Jun 2007, Anthony Towns wrote:
> > debian-devel re-added. 
> > On Sat, Jun 02, 2007 at 03:40:36PM +0200, Francesco Poli wrote:
> > > On Sat, 2 Jun 2007 21:50:15 +1000 Anthony Towns wrote:
> > > > On Thu, May 24, 2007 at 10:54:36AM -0700, Don Armstrong wrote:
> > > > > and to the best of my knowledge, works licensed solely under the
> > > > > CDDL have never been accepted in main.[1]
> > > > star | 1.5a57-1 | oldstable | source, alpha, arm, [...]
> > > > star | 1.5a67-1 | stable | source, alpha, amd64, [...]
> > > > http://packages.debian.org/changelogs/pool/main/s/star/star_1.5a57-1/star.copyright
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350624
> > > Quoting from the bug log, Anthony Towns wrote:
> > > | The CDDL mightn't be the best license in the world, and isn't GPL
> > > | compatible, but it's still DFSG-free. Closing this bug with this
> > > | message.
> > > I do *not* agree that the CDDL meets the DFSG, especially when a choice
> > > of venue is in place.

> > That a poster to debian-legal doesn't think a license meets the DFSG
> > isn't particularly useful information, and is even less so when that
> > poster isn't a DD, a maintainer or someone in the n-m queue.

> It's not like there aren't DDs who feel that it isn't DFSG free; Steve
> Langasek and myself have consistently argued against it, and I doubt
> we're the only two.

Yes, I think that licensor-oriented choice of venue clauses in free software
licenses are at best a bug, and at worst make the license fail the intent of
the DFSG.

However, the ftpmasters appear to disagree, and the practical consequences
of these clauses do not appear so great (nor so persuasive) that I feel the
need to insist there's been an error.

Cheers,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

start-stop-daemon for user processes

[Warren Turkal]

Hello,

Is there anything like daemontools in main? I would like it to work with user 
processes. I would like to use it to make sure a user process stays running 
while I am logged in. Does anyone have any suggestions?

wt
-- 
Warren Turkal


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: start-stop-daemon for user processes

[Russ Allbery]

Warren Turkal <[EMAIL PROTECTED]> writes:

> Is there anything like daemontools in main? I would like it to work with
> user processes. I would like to use it to make sure a user process stays
> running while I am logged in. Does anyone have any suggestions?

Take a look at runit.  It's quite a bit like daemontools without the weird
licensing.

-- 
Russ Allbery ([EMAIL PROTECTED])   


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Anthony Towns]

On Sat, Jun 02, 2007 at 11:10:19AM -0400, Michael Poole wrote:
> Anthony Towns writes:
> > On Sat, Jun 02, 2007 at 03:40:36PM +0200, Francesco Poli wrote:
> >> I do *not* agree that the CDDL meets the DFSG, especially when a choice
> >> of venue is in place.
> > That a poster to debian-legal doesn't think a license meets the DFSG
> > isn't particularly useful information, and is even less so when that
> > poster isn't a DD, a maintainer or someone in the n-m queue.
> A blatant appeal to authority in place of facts or analysis isn't
> particularly useful information, and is even less so when arguments
> for the contrary position have been made but not answered.

On Sat, Jun 02, 2007 at 10:13:56AM -0700, Don Armstrong wrote:
> It's not like there aren't DDs who feel that it isn't DFSG free; Steve
> Langasek and myself have consistently argued against it, and I doubt
> we're the only two.
> 
> That said, can the ftpmaster who approved the inclusion of star in
> main speak up and give their rationale?

On Sat, Jun 02, 2007 at 08:30:56PM +0200, Bernhard R. Link wrote:
> Count me in. I don't feel comfortable with choose-of-venue at all.

This attitude is exactly why there's a disconnect between regular posters
and subscribers to debian-legal and other members of the project.
How you feel about a license isn't any more important than the other
people's feelings that happen to be opposite to you. The above isn't
analysis, it's grandstanding.

And if you really want to have licenses determined by how people "feel"
rather than analysing the effects of the license in real world situations
as compared to what's actually written in the DFSG, I expect you'll find
we just end up with more GRs like the the GFDL GR that doesn't match
commonly held opinions on debian-legal at all.

If you're a non-DD, non-maintainer, or whatever, and you have new insight
to add to license/DFSG analysis, that's great! That's exactly what the
list is for.

If you just want to post about your opinion on whether we should consider
something DFSG-free or not, do it in a way that respects the fact that
there are plenty of other contributors to Debian who might happen to
hold opinions different to yours. And also realise that the only place
your opinion is actually going to have some effect is in packages you
maintain, or if we hold a poll or a vote, and posting to -legal isn't
participating in either of those.

Cheers,
aj



signature.asc
Description: Digital signature

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Don Armstrong]

On Sun, 03 Jun 2007, Anthony Towns wrote:
> How you feel about a license isn't any more important than the other
> people's feelings that happen to be opposite to you. The above isn't
> analysis, it's grandstanding.

My mistake; I assumed the references I provided earlier to the
analysis done in 2005 and 2006 were sufficent. Allow me to summarize
and repeat the problems with choice of venue clauses for the benifit
of those who have not read the threads which I referenced earlier:

Choice of venue clauses can short circuit the normal determination of
jurisdiction in civil cases in some jurisdictions in some cases. In
order to return to a sane jurisdiction, you generally must first get
the choice of venue clause vacated, and only then do you start the
normal change of venue process. Since there is no compulsion to agree
to a license and the work is not being sold, it's less likely that
such a clause will be vacated in comparison to the equivalent clause
in shrinkwrap licenses.[1]

Since this is giving up a right normally enjoyed in exchange for the
ability to use or modify a work, it appears be a fee, and as such
fails DFSG 1.

Finally, by placing works under licenses with such clauses into
non-free, we advise people that they should be examining the license
more closely before deciding whether or not they should (or can) use
the software.

> And if you really want to have licenses determined by how people
> "feel" rather than analysing the effects of the license in real
> world situations as compared to what's actually written in the DFSG,
> I expect you'll find we just end up with more GRs like the the GFDL
> GR that doesn't match commonly held opinions on debian-legal at all.

I'm personally using "feel" as shorthand for "my understanding of the
legal situtation regarding this clause and its relation to the DFSG"
not the way the clause effects me emotionally or what my DFSG
dartboard said when I threw my official -legal flaming darts at it.

I'm well aware that I'm personally more concerned about licensing
matters than the average developer, but then again, that's also why I
(perhaps naïvely) expect people who disagree with my analysis to
actually engage the analysis with counter arguments, come to a
complete understanding of the problem, and then make a determination.

> And also realise that the only place your opinion is actually going
> to have some effect is in packages you maintain, or if we hold a
> poll or a vote, and posting to -legal isn't participating in either
> of those.

My goal is to convince ftpmasters and developers that my analysis is
reasonable, and that these works with licenses containing these kinds
of clauses have no place in main. Failing that, I can only educate
users and not install those packages myself, hoping that unsuspecting
users do not get caught out by upstreams which have decided to become
litigious.[2]


Don Armstrong

1: I have no idea of the odds of such things happening, though. It
definetly varies from district to district in the US, not to mention
other countries.
2: Which, unfortunatly enough, is a legitimate concern considering the
upstream of this particular package.
-- 
If you find it impossible to believe that the universe didn't have a
creator, why don't you find it impossible that your creator didn't
have one either?
 -- Anonymous Coward http://slashdot.org/comments.pl?sid=167556&cid=13970629

http://www.donarmstrong.com  http://rzlab.ucr.edu

Re: start-stop-daemon for user processes

[Warren Turkal]

On Saturday 02 June 2007 21:45, Russ Allbery wrote:
> Take a look at runit.  It's quite a bit like daemontools without the weird
> licensing.

Runit doesn't appear to be useful for non-system tasks, like starting jackd 
and restarting it if it dies (i.e. on suspend/resume).

wt
-- 
Warren Turkal

Re: start-stop-daemon for user processes

[Russ Allbery]

Warren Turkal <[EMAIL PROTECTED]> writes:
> On Saturday 02 June 2007 21:45, Russ Allbery wrote:

>> Take a look at runit.  It's quite a bit like daemontools without the
>> weird licensing.

> Runit doesn't appear to be useful for non-system tasks, like starting
> jackd and restarting it if it dies (i.e. on suspend/resume).

Could you say more about why not?  It looked to me like you could use its
supervise equivalent without the whole init replacement stuff.

-- 
Russ Allbery ([EMAIL PROTECTED])   

Re: start-stop-daemon for user processes

[Warren Turkal]

On Saturday 02 June 2007 23:03, Russ Allbery wrote:
> Could you say more about why not?  It looked to me like you could use its
> supervise equivalent without the whole init replacement stuff.

I took a closer look. It looked like the runit wanted to replace init 
entirely. I don't see how to separate the functionality for running and 
keeping a service started upon user login and stopping it on logout. Do you 
have any suggestions?

BTW, is Debian planning on using something other than init in future versions?

wt
-- 
Warren Turkal

Re: start-stop-daemon for user processes

[Russ Allbery]

Warren Turkal <[EMAIL PROTECTED]> writes:
> On Saturday 02 June 2007 23:03, Russ Allbery wrote:

>> Could you say more about why not?  It looked to me like you could use
>> its supervise equivalent without the whole init replacement stuff.

> I took a closer look. It looked like the runit wanted to replace init
> entirely.  I don't see how to separate the functionality for running and
> keeping a service started upon user login and stopping it on logout. Do
> you have any suggestions?

The package description says:

 This package does not replace the /sbin/init binary.  To do so you need
 to follow the documentation or install the runit-run package.

and I can install it without any change to the general functionality of
the system other than having runsvdir-start started from init, which is
harmless when your system-wide runit directory is empty.  You can then use
runsvdir to start the programs in any random directory you want, as any
user you want, and use the regular sv command to start and stop them.

-- 
Russ Allbery ([EMAIL PROTECTED])   

Re: discussion with the FSF: GPLv3, GFDL, Nexenta

[Anthony Towns]

On Sat, Jun 02, 2007 at 09:29:08PM -0700, Don Armstrong wrote:
> Choice of venue clauses can short circuit the normal determination of
> jurisdiction in civil cases in some jurisdictions in some cases.

Contracts and licenses in general short-circuit the normal determination
of rights under common or legislated law in some jurisdictions in some
cases too.

> Since this is giving up a right normally enjoyed in exchange for the
> ability to use or modify a work, it appears be a fee, and as such
> fails DFSG 1.

You're not giving up any rights, you're gaining the right to modify and
distribute the software under certain conditions, just as you are under
the GPL. There's no "fee" involved, any more than there is under the GPL's
requirement to release your modifications under the GPL or to provide
source when you distribute binaries. You're required to give up something
you might value and otherwise demand compensation for, certainly, but
there needs to be something more than that to violate the DFSG.

It's possible that there's actually something bad about choice of venue,
but analogising it to a "fee" just makes the discussion completely opaque
to anyone who's not interested in theoretical DFSG analysis. If the DFSG
doesn't have a clause that covers why it's bad, we can change the DFSG;
but if we don't have a good, simple explanation why it's bad for actual
free software users and developers, there's no need to be claiming
it's non-free.

The DFSG are a set of *guidelines*, if you can't explain violations
in simple, understandable terms, they're not violations. Equally, just
because something doesn't directly and clearly contradict some specific
text in the DFSG, it may still be a real violation.

> > And if you really want to have licenses determined by how people
> > "feel" rather than analysing the effects of the license in real
> > world situations as compared to what's actually written in the DFSG,
> > I expect you'll find we just end up with more GRs like the the GFDL
> > GR that doesn't match commonly held opinions on debian-legal at all.
> I'm personally using "feel" as shorthand for "my understanding of the
> legal situtation regarding this clause and its relation to the DFSG"

That's great, but *your understanding* isn't any more important than
anyone else's. Nor is Francesco's, nor is Bernhard's. There's something
fundamentally wrong with the way discussions work on debian-legal that
people think that simply posting their understanding is a valuable
contribution.

The reason why it's not is that it doesn't provide any good way of
resolving disagreements: you can either revert to authority (such as
ftpmaster's), you can resort to polls (such as a GR or an informal one on
forums.debian.net), or you can attack people who hold different opinions
in the hopes that they'll stop speaking and thus not be heard in future.

> I'm well aware that I'm personally more concerned about licensing
> matters than the average developer, but then again, that's also why I
> (perhaps na?vely) expect people who disagree with my analysis to
> actually engage the analysis with counter arguments, come to a
> complete understanding of the problem, and then make a determination.

And implying that other people aren't sufficiently "concerned about
licensing matters", aren't "actually engag[ing] the analysis with counter
arguments", don't have a "complete understanding of the problem" in order
to stop them "mak[ing] a determination" sounds like a pretty good match
for the last case.

Ultimately Debian's policy isn't going to be decided by whoever
understands legal issues the best, it's going to be decided by the
developers who contribute to Debian, whether they fully understand things
or not. Trying to limit the discussion to experts is all very well, but
it'll just leave non-experts ignoring the discussions when they end up
making the ultimate decision.

> My goal is to convince ftpmasters and developers that my analysis is
> reasonable, and that these works with licenses containing these kinds
> of clauses have no place in main. Failing that, I can only educate
> users and [...]

If the project doesn't adopt your views, then promoting them to users
as though they're an official consensus isn't "educat[ing] users", it's
misleading them. That shouldn't stop you from promoting your opinion
*as your opinion*, but honesty demands that you at least make it clear
where official policy ends and your opinion begins.

FWIW, I don't think "ftpmaster's opinion is final, discussion on -legal
is nice but ultimately irrelevant" is a satisfactory way of deciding
official policy on this. But while discussion on debian-legal of
views such as "non-DDs opinions aren't official Debian policy", "the
GFDL without invariant sections is a free license", "choice of venue
doesn't stop a license (eg the MPL or CDDL) from being a free license",
"the dissident test doesn't need to be passed by all DFSG-free licenses",
"RFCs don't need to be free" is more