Enabling and installing of "risky" ("patented") codecs - made easy

[Fabian Greffrath]

[This is a thread that I posted to 
[EMAIL PROTECTED] this morning and that 
led to a small discussion between Loic Minier and myself, see 
http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/2007-October/000506.html 
. I have attached Loic's first answer to this post, making it a rather 
long but hopefully interesting reading. However, I think it's better to 
discuss this topic with a broader audience.]


Dear Debian developers (and interested readers),

I'd like to discuss an issue with you that concerns me for a while now. 
I will be happy to read all of your opinions and suggestions!


You all know about the unsatisfying situation of some codec libraries 
that are commonly called 'risky' or 'patented'; namely lame, xvid and 
friends. While being perfectly free software on the one hand, licensed 
under the GPL or LGPL, they are surrounded by a cloud of patent FUD or 
even actual threat, which makes them unsuitable for Debian's main 
section [0]. Nevertheless on the user's side there is a demand for those 
codecs which can be whitnessed by the broad acceptance of unofficial 
repositories [see: http://popcon.debian.org/unknown/by_inst ]. 
Furthermore, there is nothing that might hold users back from using this 
software in Europe, because IIRC software patents do not exist on this 
continent.


With a basic set of libraries (e.g. lame, faac, xvid, x264) at least the 
following packages in Debian (I guess there are lots more) could be 
extended in their features: ffmpeg, gstreamer0.10-plugins-{bad,ugly}, 
libquicktime, etc. Some of these packages are already prepared for 
inclusion of those codecs, e.g. if you compile ffmpeg with 
'DEB_BUILD_OPTIONS=risky' set or set some 'EXTRA_PLUGINS' in the 
gstreamer packages, you'll be awarded with enhanced features. While on 
the one hand it's nice to find such preparations in existing packages, 
there are still at least two defiencies left: (1) There is no 
consistency among these methods. (2) We do not make the needed codec 
libraries available, we do not even explain why we don't.


My suggestions:

(@2) We are already maintaining libdvdcss2 and x264 (which are definite 
candidates for maybe-illegal-in-some-countries) in our SVN and I think 
we should consider maintaining the other mentioned libraries (at least 
lame, faac and xvid), too [1]. I am not talking about uploading them to 
Debian, but at least making them available for compilation and packaging 
on the user's own computer [2]. Of course, Debian will not officially 
support this and it should be made clear to the user that what she is 
doing might be illegal in her country, etc.


(@1) We should try to introduce a Debian-wide standard for the affected 
packages and maybe even mark them e.g. in the package description, so 
the user knows: "If I compile this package with [e.g.] 
'DEB_BUILD_OPTIONS=risky' set, I will get a feature-enhanced version of 
the software. I will need additional library packages, but I can compile 
them myself from the sources and the Debian packaging found at the 
pkg-multimedia SVN." Packages built this way will have the smallest 
possible interdiff with their 'official' counterparts [3]. Again, it 
should be made clear to the user that what she is doing is absolutely 
unsupported by Debian and not recommended by the maintainers and may be 
illegal in her country, etc.


What do you think? Is it worth the effort?
Please share your thoughts with me!

Cheers,
Fabian

[0] Of course we should motivate people to use free and open formats for 
their media, e.g. OGG Vorbis, and I am strictly for it. But sadly the 
world isn't that perfect and your $20 MP3-player supports nothing but 
MP3 and your DVD-Player will play XVID but not Theora, etc...


[1] Similar effort has been put into the debian-unofficial.org project 
which has been founded by Daniel Baumann in 2005 but has recently lost 
priority (well, it died) because of his involvement in the Debian Live 
project (Well, I guess. Don't get me wrong, I consider Debian Live a 
great project, it's just a pity for d-u.o). Debian packaging can be 
found at http://svn.debian.org/wsvn/restricted/dists/trunk/ and may give 
a good starting point.


[2] I know there is already Chrstian Marillat's unofficial repository at 
www.debian-multimedia.org, where you can download binary packages for 
those codecs, but this situation is also suboptimal and I have some 
personal objections with it: First of all it is not a team-maintained 
project, but a one-man-show (well, maybe two-man). The packaging style 
differs very much from the 'official' counterparts in Debian; take 
ffmpeg or the gstreamer packages as examples. Also many of the packages 
are not up to the quality standards that Debian imposes (e.g. have a 
look at some of the debian/copyright files). Last but not least there is 
this 'unofficial', nearly 'amateurish' taste of this repository; e.g. 
the homepage does not even look remotely Debian-related. [Christian, if 
you rea

Re: libdb4.* madness in unstable

[Francesco P. Lovergine]

On Wed, Oct 17, 2007 at 10:43:06AM -0400, Clint Adams wrote:
> Michael Biebl <[EMAIL PROTECTED]> sez:
> > Having 5 different versions of one library is just insane imho. What are
> 
> Maybe you could help out with the bugs here:
> 
> http://bugs.debian.org/cgi-bin/[EMAIL PROTECTED];tag=oldbdb;dist=unstable
> 
> 

It appears to me that essentially it is a problem moving from 4.2 to
4.6, but I see nothing about the intermediate versions. Having 2
releases is largely better than having 5 versions around, isn't it?

-- 
Francesco P. Lovergine


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Testing Security team

[Ian Jackson]

Roland Mas writes ("Re: Bits from the Testing Security team"):
> I thought the ability to just copy one binary (/usr/bin/dpkg) from one
> box to another and be able to use it right away was precisely the goal
> of static linking in that case.

You still get that, unless the point was to play with new
decompressors.

Ian.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#447269: ITP: ustr -- Micro string library

[Vaclav Ovsik]

Package: wnpp
Severity: wishlist
Owner: Vaclav Ovsik <[EMAIL PROTECTED]>


* Package name: ustr
  Version : 1.0.1
  Upstream Author : James Antill <[EMAIL PROTECTED]>
* URL : http://www.and.org/ustr/
* License : LGPL, BSD, MIT
  Programming Lang: C
  Description : Micro string library

ustr (Micro string library) is a string API for C. It has tiny overhead
over just plain strdup(), is much safer, is easier to use, is faster for
many operations, can be used with read-only or automatically allocated
data. You don't even need to link to the library to use it (so there are
no dependencies).


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

[Clint Adams]

On Fri, Oct 19, 2007 at 08:11:13PM +0200, Reinhard Tartler wrote:
> How about just using non-free for that? In the past, patented packages
> like gif encoders have been hosted there, so why can't we just use them
> for mpeg encoders as well?

I think you're thinking of non-us.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Out-of-tree kernel module popularity

[Ben Hutchings]

On Fri, 2007-10-19 at 13:02 +0200, Fabian Greffrath wrote:

> Nevertheless on the user's side there is a demand for those 
> codecs which can be whitnessed by the broad acceptance of unofficial 
> repositories [see: http://popcon.debian.org/unknown/by_inst ]. 


I didn't know that table existed!  It seems like it would be useful to
aggregate statistics for out-of-tree kernel module packages by stripping
off the kernel version suffix.  Here's what I came up with:

rank name  inst

  1 madwifi1666
  2 ndiswrapper1484
  3 kqemu   898
  4 ipw3945 897
  5 alsa715
  6 openafs 614
  7 rt2500  590
  8 lirc475
  9 gspca   461
 10 spca5xx 397
 11 linux   391
 12 kvm 337
 13 loop-aes305
 14 zaptel  295
 15 qc-usb  293
 16 linux-uvc   279
 17 virtualbox-ose  258
 18 ipw2200 169
 19 rt2x00  154
 20 ivtv149
 21 squashfs129
 22 unionfs 124
 23 linux-wlan-ng   123
 24 sl-modem119
 25 ieee80211   109
 26 rt2570  100
 27 pwc  84
 28 fuse 82
 29 vmware-kernel79
 30 kernel-pcmcia79
 31 ipw2100  71
 32 exmap60
 33 ov51159
 34 thinkpad 54
 35 ov51x-jpeg   54
 36 hostap   51
 37 ivtv0.10 49
 38 nozomi   49
 39 rt2400   46
 40 at76c503a45
 41 virtualbox   45
 42 vmware   39
 43 vmware-server-kernel 37
 44 acerhk   29
 45 aufs 29
 46 mol  28
 47 vmware-any-any-kernel26
 48 tidev22
 49 ltsp 20
 50 misdn20
 51 madwifi-ng   18
 52 openswan 17
 53 pcmcia   17
 54 redhat-cluster   17
 55 ivtv0.7  16
 56 em8300   15
 57 wacom-kernel 15
 58 oprofile 15
 59 ivtv0.8  15
 60 ivtv0.4  14
 61 ieee80211softmac 14
 62 linux-ubuntu 12
 63 kernel   12
 64 dazuko   12
 65 linux-restricted 12
 66 ivtv0.6  12
 67 eagle-usb11
 68 qla2x00  10
 69 sony-acpi 9
 70 ndas  9
 71 gpib  8
 72 freeswan  8
 73 rt61  8
 74 rtai  7
 75 drbd  7
 76 btsco 7
 77 netfilter-extensions  6
 78 bcm43xx   6
 79 unicorn   6
 80 mactel-drivers6
 81 zr364xx   5
 82 zydas 5
 83 et131x5
 84 ipp2p 5
 85 kernel-nonfree5
 86 acer-acpi 5
 87 linux-iscsi   4
 88 rtsp-conntrack4
 89 userlink  4
 90 lustre4
 91 unionfs-knoppix   4
 92 ipset 4
 93 fritz-classic 3
 94 ivtv0.3   3
 95 linux-backports   3
 96 vmware-any-any-player-1.0.2   3
 97 adm8211   3
 98 fritz-pci 3
 99 qcm-usb   3
100 fritz-pnp 3
101 acx   3
102 ivtv0.9   3
103 btrfs 3
104 kkcore3
105 patchfinder   3
106 qce   3
107 cisco-vpnc3
108 tp-smapi  3
109 fritz-xusb3
110 cowloop   2
111 vmware4   2
112 usbvision 2
113 vt1211

Re: Giving away most of my packages

[Amaya]

A brief update:

Amaya wrote:
> - xdigger: http://packages.qa.debian.org/x/xdigger.html
>   No upstream, but easy to maintain.
>   Games team candidate?

Taken by the games team.

> - jail: http://packages.qa.debian.org/j/jail.html
>   There are much better tools out there, maybe RFRemoval?

I will RFR.

> - imsniff: http://packages.qa.debian.org/i/imsniff.html
>   Upstream is a bit unresponsive, otherwise easy to maintain.

Will be orphaned.

> I will still keep subtitleeditor,
> http://packages.qa.debian.org/s/subtitleeditor.html as I still care
> enough for it, but a Co-maintainer would be *very* wellcome. Heck, if
> you really fancy it, I will give it to you

Taken.

-- 
  ·''`. If I can't dance to it, it's not my revolution
 : :' :-- Emma Goldman
 `. `'   Proudly running Debian GNU/Linux (unstable)
   `- www.amayita.com  www.malapecora.com  www.chicasduras.com


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - madeeasy

[Joe Smith]

"Clint Adams" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]

On Fri, Oct 19, 2007 at 08:11:13PM +0200, Reinhard Tartler wrote:

How about just using non-free for that? In the past, patented packages
like gif encoders have been hosted there, so why can't we just use them
for mpeg encoders as well?


I think you're thinking of non-us.


Please note though that non-us was hosted outside of the US, but was 
supposed to contain packages that were legal in the US, but simply could not 
be exported from the US (cypto software). Because of its name, people 
started putting other things there were not legal in the US, but that is 
very different than its original purpose.




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

[Reinhard Tartler]

Moritz Muehlenhoff <[EMAIL PROTECTED]> writes:

> Fabian Greffrath wrote:
>> You all know about the unsatisfying situation of some codec libraries 
>> that are commonly called 'risky' or 'patented'; namely lame, xvid and 
>> friends. While being perfectly free software on the one hand, licensed 
>> under the GPL or LGPL, they are surrounded by a cloud of patent FUD or 
>> even actual threat, which makes them unsuitable for Debian's main 
>> section [0]. [...]
>
> We should just create a separate archive like non-us, e.g. non-pat,
> which's primary host would reside somewhere where multimedia software
> patents are moot. (I suppose france would be alright, since debian-
> multimedia is hosted there). d-i should offer to add these sources.

How about just using non-free for that? In the past, patented packages
like gif encoders have been hosted there, so why can't we just use them
for mpeg encoders as well?

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

[Moritz Muehlenhoff]

Fabian Greffrath wrote:
> You all know about the unsatisfying situation of some codec libraries 
> that are commonly called 'risky' or 'patented'; namely lame, xvid and 
> friends. While being perfectly free software on the one hand, licensed 
> under the GPL or LGPL, they are surrounded by a cloud of patent FUD or 
> even actual threat, which makes them unsuitable for Debian's main 
> section [0]. Nevertheless on the user's side there is a demand for those 
> codecs which can be whitnessed by the broad acceptance of unofficial 
> repositories [see: http://popcon.debian.org/unknown/by_inst ]. 
> Furthermore, there is nothing that might hold users back from using this 
> software in Europe, because IIRC software patents do not exist on this 
> continent.

We should just create a separate archive like non-us, e.g. non-pat,
which's primary host would reside somewhere where multimedia software
patents are moot. (I suppose france would be alright, since debian-
multimedia is hosted there). d-i should offer to add these sources.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Security Team

[Adrian von Bidder]

On Friday 19 October 2007 17.52:29 Steve Kemp wrote:

>   I don't believe that post contains significant new information,
>  (except that I like pies!), and as such I didn't believe it deserved
>  massive visibility.

That you like pies is important.

Seriously:  I think exactly this kind of "not really much new stuff going 
on, but here's what we're continuing to do" kind of information should be 
more visible, because it, too, is valuable information to somebody who is 
not involved tightly in the Debian teams.  To the insider, it's obviously 
not important as they key people keep in touch anyway.  Though in the 
specific case of the security team, the flow of security updates is an 
indication that the team is working (and I didn't want to imply that I felt 
the team was not working anyway!), so maybe your judgement was better than 
mine - it's not a case of wrong vs. right anyway.

>   To be honest I'm a little disappointed that you chose to complain
>  here about that, rather than commenting/mailing me personally.

Could've cc:ed you at least.  Apologies.


cheers
-- vbi

-- 
featured link: http://www.pool.ntp.org


signature.asc
Description: This is a digitally signed message part.

Re: Bits from the Security Team

[Moritz Muehlenhoff]

Adrian von Bidder wrote:
>>=20
> which is really a Bits from the Security Team.

Full "Bits" will appear soon.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

[Giel van Schijndel]

Fabian Greffrath schreef:
> ...
>
> Furthermore, there is nothing that might hold users back from using
> this software in Europe, because IIRC software patents do not exist on
> this continent.
>
> ...
This is not entirely true.

Software patents do exist in Europe, though unlike in the U.S. they're
not centrally regulated for all member states. Meaning while some piece
of software might be patentable in one member state it doesn't have to
be so in another.

Then secondly there is another case where software "solves a technical
problem as opposed to just a business problem" which *is* regulated
centrally in Europe. This latter case is described quite thoroughly in
these Wikipedia articles:
http://en.wikipedia.org/wiki/Software_patent#Europe and
http://en.wikipedia.org/wiki/Software_patents_under_the_European_Patent_Convention
(the first being the shortest and least elaborate version).

-- 
Giel



signature.asc
Description: OpenPGP digital signature

Bug#447273: ITP: python-scipres -- system for creating animated presentations in Python

[Yaroslav Halchenko]

Package: wnpp
Severity: wishlist
Owner: Yaroslav Halchenko <[EMAIL PROTECTED]>


* Package name: python-scipres
  Version : 1.0.0rc1
  Upstream Author : Xavier Décoret <[EMAIL PROTECTED]>
* URL : 
http://artis.inrialpes.fr/Membres/Xavier.Decoret/resources/scipres/wiki/index.php/SciPres
* License : ?
  Programming Lang: Python
  Description : system for creating animated presentations in Python

yet to come.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (900, 'testing'), (300, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bits from the Security Team

[Adrian von Bidder]

Hi everybody,

Allow me to point out the message at 
 
which is really a Bits from the Security Team.

Why is - once again - a message that I'd consider appropriate for d-d, or 
perhaps even d-d-a (though I admit that the real information content is not 
extremely high.  But still, it is information that Steve is active and 
outlines some of the problems and ways how people can help) hidden on a 
blog?  Ok, not that hidden, it's on planet, but still.  Fragmentation of 
Debian's communication infrastructure is something that seriously disturbs 
me because people being aware what the other people are doing is a big part 
of what defines a community.  Next we're supposed to read, in addition to 
mailing lists, planet and IRC twitter, have an account on Debian's (yet to 
be created) open source xing clone and tune in to our SAT network radio 
channel which will be relayed through open source firmware modification in 
Iridium satellites, creating screams of anguish from the single but 
important developer living at the south pole where Iridium has no coverage.

You get the picture, I'm sure :-)

(Apologies if I'm just too quick and Steve posted his Bits to d-d or d-d-a 
but the mail just hasn't reached me or the mail archives yet.)

cheers
-- vbi

[cc:s appreciated, eve though replies may not strictly be necessary]


-- 
Oh, so you mean that we can both get a more secure system, *and* make
emacs stop working?  A win-win situation! =)
-- David Weinehall on lkml


signature.asc
Description: This is a digitally signed message part.

Re: libdb4.* madness in unstable

[Clint Adams]

On Fri, Oct 19, 2007 at 12:44:56PM +0200, Francesco P. Lovergine wrote:
> It appears to me that essentially it is a problem moving from 4.2 to
> 4.6, but I see nothing about the intermediate versions. Having 2
> releases is largely better than having 5 versions around, isn't it?

I was waiting for the 4.2 and 4.3 bugs to be closed before moving on.
Given how long it took for db3, this could be quite a while.

If you're going to file bugs against packages build-depending on
4.4 or 4.5, please set the usertags accordingly.

I recommend a build dependency on libdb-dev (>= 4.6.19-1), though
obviously some people disagree with this.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Enabling and installing of "risky" ("patented") codecs - made easy

[Daniel Baumann]

Fabian Greffrath wrote:
> Similar effort has been put into the debian-unofficial.org project
> which has been founded by Daniel Baumann in 2005 but has recently lost
> priority (well, it died) because of his involvement in the Debian Live
> project (Well, I guess. Don't get me wrong, I consider Debian Live a
> great project, it's just a pity for d-u.o). Debian packaging can be
> found at http://svn.debian.org/wsvn/restricted/dists/trunk/ and may give
> a good starting point.

It's not actually dead, but in a kryogenic freeze. I'll still do some
packages unofficially, at some later point (but don't count on me right
now as in man-power; if you'd like to host something there, that
shouldn't be a problem though).

-- 
Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:  [EMAIL PROTECTED]
Internet:   http://people.panthera-systems.net/~daniel-baumann/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Bits from the Security Team

[Steve Kemp]

On Fri Oct 19, 2007 at 17:36:21 +0200, Adrian von Bidder wrote:

> Allow me to point out the message at 
>  
> which is really a Bits from the Security Team.
> 
> Why is - once again - a message that I'd consider appropriate for d-d, or 
> perhaps even d-d-a (though I admit that the real information content is not 
> extremely high.  But still, it is information that Steve is active and 
> outlines some of the problems and ways how people can help) hidden on a 
> blog? 

  I don't believe that post contains significant new information,
 (except that I like pies!), and as such I didn't believe it deserved
 massive visibility.
 
  To be honest I'm a little disappointed that you chose to complain
 here about that, rather than commenting/mailing me personally.

> (Apologies if I'm just too quick and Steve posted his Bits to d-d or d-d-a 
> but the mail just hasn't reached me or the mail archives yet.)

  It hasn't been posted elsewhere.

  I'm happy to write more, later, and post to the devel-announc list,
 once I've got a chance to do so.  But even so the content would be
 largely known, and largely un-newsworthy.

  And to reiterate things slightly; If there were something that
 users/developers are supposed to know then it shouldn't be posted to just
 a random blog.  
  It should go to the development/announcement lists.  I don't believe I'm
 guilty of that here, and I don't believe anybody else has been guilty of
 that recently.
 
  (ie. I agree.  Fragmentation is something to be avoided).

Steve
-- 
http://www.steve.org.uk/


pgpUaUrLFx3t7.pgp
Description: PGP signature

Re: SE Linux packages

[Steve Langasek]

On Thu, Oct 18, 2007 at 10:49:10PM -0300, Felipe Sateler wrote:
> Steve Langasek wrote:

> > What I'm missing from your mail and blog entry is an explanation of why
> > the existing packages in etch don't do the job for letting users run with
> > strict
> > policy.  Is the "semanage user -m" bug the only problem, or are there
> > others?

> Apparently there's at least the executable stack problem:

> http://etbe.coker.com.au/2007/10/10/lintian-and-executable-stacks/
> http://etbe.coker.com.au/2007/10/07/executable-stack-and-shared-objects/

Well, the number of shared libs with this problem is fairly small; indeed,
SELinux is not the first kernel security patch to object to them.  So that
doesn't prevent running an etch system with strict policy, it just prevents
a fairly small number of apps from working under strict policy.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]