Re: Licenses for DebConf6
On 11/14/05, Henning Makholm <[EMAIL PROTECTED]> wrote: > I case you hadn't noticed, there was a major _difference_ in opionons > about how "software" was to be interpreted. The editorial > clarification in 2004-003 removed the confusion by avoiding the > ambiguous word "software" Unfortunately not. :-( The GR's author explained[1] that both the DFSG and the SC required clarifying, but that in the interests of simplicity the necessary changes would be dealt with in separate GRs. Thus, 2004-003 clarified only the SC. Until his follow-up GR amending the DFSG is proposed and passed, the ambiguity will remain. [1] http://lists.debian.org/debian-legal/2005/07/msg00435.html -- Andrew Saunders
Re: congratulations to our ftp-master team
On 12/15/05, Thomas Bushnell BSG <[EMAIL PROTECTED]> wrote: > If there is a serious risk that these people would so blatantly > disregard our constitution That certainly seems to be the case, judging from the discussion that followed Bdale's "Structural Evolution" Debconf5 talk[1] - here's a transcript of the relevant portion: : One of the concerns that we've seen crop up periodically over the years is that we can refactor the project leadership as much as we like but it's not going to do a lot of good if not everybody feels like they are part of the governed. And there are areas in the Debian Project that are vested with authority that predates the constitution. I've spoken with some of these people (and they've made postings over the years) - and they're not comfortable exactly with the idea of, say, the possibility of a madman DPL, for example. And I'm not sure that these same historical roles will be any more comfortable with a different thing. You know: "We've been doing this for ten years now. You can change the constitution, you can put a board in there, you can put a person in there... Do what you want, but in the end this work's still got to be done." There's no benefit to them in recognising... : So there're a couple of fundamental things that come to mind when we start talking about this. One is that I think organisational structure - good organisational structure - very rarely does anything to guarantee success, but if you get the wrong struture it really can impede progress and success. That's sort of one idea. And the other one is that - it's been my observation that, every time I personally have ended up in the situation where I've started to think I was indispensable (and believe me, it's happened at various times in my history) - when something finally forced me to realise that that wasn't true, things in general sort of picked up pace and moved better as a result. And so there is this sort of trade-off, I think, between motivating participation and how you actually sort of keep from getting stuck in a rut or something. So... I don't know that I have any more brilliant ideas than that. [1] http://meetings-archive.debian.net/pub/debian-meetings/2005/debconf5/mpeg/2005-07-16/08-Structural_Evolution-Bdale_Garbee.mpeg -- Andrew Saunders
Re: looking for the article with a graph of the relations between maintainer scripts
On 9/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Can any one point me to the article with a graph of the relations of the various maintainer scripts? Sounds like you're after http://women.debian.org/wiki/English/MaintainerScripts - the page was mentioned in http://www.debian.org/News/weekly/2005/07/ and Margarita Manterola's the author. Cheers, -- Andrew Saunders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FSG Packaging Summit in Berlin
On 1/4/07, Joey Hess <[EMAIL PROTECTED]> wrote: Ottavio Caruso wrote: > There is a wide spread feeling (if you read LWN.net) that a lot that > happens in Debian today isn't made public. I'm boycotting feeding any useful information to LWN anymore until they retract their latest blanket insult of all DD's and stop being so biased. YMMV. Could you pretty please elaborate on this a little bit? It'd be most interesting to hear your views on LWN's Debian-related coverage in detail. Perhaps a blog post, should you consider it too off-topic for -devel? Cheers, -- Andrew Saunders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: glibc and PaX issue
On 9/6/05, Grzegorz Bizon <[EMAIL PROTECTED]> wrote: > Anyway, I just wonder what is wrong about grsecurity For starters, the upstream developer claims [1, 2] to engage in the morally reprehensible practice of selling 0-day exploits he finds in competing products to blackhats. This also casts doubt on the trustworthiness of his *own* code, since any undiscovered (read: not publicly disclosed) vulnerabilities/holes/etc in Grsecurity are a potential revenue stream for him. Not that my opinion carries much weight, but I personally feel that this massive conflict of interest means that Grsecurity should never be supported by Debian in any way whatsoever. [1] http://lwn.net/Articles/111437/ - "Does RedHat buy exploits for their own code? If so, how much would RedHat pay for information on an information leaking vulnerability in SELinux for a physical, local user? I've sold all my Exec-Shield exploits (that still work!), otherwise I'd offer those as well ;\" [2] http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1315.html -- Andrew Saunders
Re: iso2mirror
On 11/3/05, Blars Blarson <[EMAIL PROTECTED]> wrote: > I submitted a patch to apt-move to do this to the Debian BTS. Does it also provide the "symbolic links only" functionality the parent poster mentioned? -- Andrew Saunders
re: Grsec/PaX and Exec-shield
On Tue 4 November, spender wrote:
> I've spared you your precious time and gone ahead and done this for
> you.
You might have a better reception if you dropped the attitude.
Anyone reading the thread will quickly form the opinion that maintaining
PaX within Debian would likely require frequent interaction with people
like yourself{1}, Tiago Assumpcao{2} and Peter Busser{3}. On the other
hand, maintaining exec-shield would involve collaborating with people
like Ingo Molnar. From reading your respective posts, I know which I'd prefer...
{1}
http://lists.debian.org/debian-devel/2003/debian-devel-200311/msg00076.html
- Arrogant arsehole. Professes not to care if users get rooted, and
would apparently withhold security vulnerabilities he discovers in
competing projects in order to further the ends of the one he himself
prefers.
{2}
http://lists.debian.org/debian-devel/2003/debian-devel-200311/msg00090.html
- Paranoid loon who believes the exec-shield ITP is part of some
sinister RedHat conspiracy to take away our freedoms.
{3}
http://lists.debian.org/debian-devel/2003/debian-devel-200311/msg00158.html
- Wants to ensure that Adamantix will have an edge in security over
Debian in the future. Claims he "would very much like to see that this
project [Adamantix] serves no purpose anymore, because some or all of
its ideas ended up in other (more mainstream) distributions"
(http://www.adamantix.org/motivation.html), but started the distro
before even looking into the possibility of working within Debian. Later
opted *not* to become a Debian subproject when approached by the DPL.
Yet still has the audacity to berate others for not doing enough to get
PaX into Debian!
Re: If Debian decides that the Gnu Free Doc License is not free then I will be honored to join Stallman and the FSF in the not free section of your distro
On Wed, 23 Apr 2003 22:46:24 +0400 Hans Reiser <[EMAIL PROTECTED]> wrote: > persons like me > are concerned that vendors will strip all information about who wrote > ReiserFS out except for copyright notices that none of their users > will see, slap their brand identity onto it, and ship, depriving me of > all credit for my work on their product. We seem to have slalomed across from talking about documentation to about code, again. Ok. Whilst I'm not personally advocating taking and re-branding code (especially if its against upstream's wishes) the "ripping off" that you speak so vehemently against isn't quite so bad as it may appear. In fact, it can often be very advantageous to a project. One could argue that if the "thief" had been unable to re-brand the code, they never would have used it. If they had to have a prominent notice advertising "We did not write this, Hans Reiser did" (only 24 times as long) every time their application started, they wouldn't touch the code with a barge pole. Thus, the code is now in places where it wouldn't have been before. This means greater penetration, albeit by the back door. "Depriving you of all credit" is an exaggeration. There's always going to be some recognition gained. They cannot remove the copyright notice, as you say. And again, since the code would not have been used at all if large, blatant credits were a requirement, the alternative is zero recognition because they would have done something else instead. They might gain _more_ reputation from their immediate user-base than you, but you still gain. And the more clueful hacker types will be the ones who will read the copyright notices, anyway, and most probably come and seek you out on their own. Additionally, having taken the code and rebranded it, a prudent person is highly unlikely to want to go to the trouble of maintaining the codebase on their own. Even if they're being especially selfish and don't want to contribute anything back, they'll definitely file bug reports on any problems that they or their users find, because they'll want them to be fixed. Again, net gain through increased testing. Please note, I don't say that your view is invalid, merely that there is an alternative view that seems to be quite widely spread. The above involves sacrificing some very prominent visibility to the users of those that do accept the more onerous licensing terms, in the hope of garnering greater penetration, utilisation and development of the code in the long term. > Look at how many companies ripped off squid. And yet, to the best of my knowledge, Squid have not changed their license to prevent this recurring in the future. I wonder why?
