Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
> Patrick Schoenfeld wrote:
> > In my humble opinion they should be allowed to be packaged as if they
> > are normal packages. Don't get me wrong, but Debian is a distribution,
> > so what we basically do is pack up things that are worth distributing
> > and distribute them. This way Debian users can benefit from our work and
> AFAIK, we do not distribute "things", we distribute *software*. Some
to be honest: this definition is just plain wrong. Actually you name the
arguments against your definition by yourself. You are right that this
is the main goal of a distribution, but its ofcourse not limited to it.
I wanted to keep my definition a bit more generic, because thats
actually a case.
> packages are just composed of data though, but other packages depend on
> it. Some is just data that is very useful in the *Debian* project. This
> includes the keyring.
It also includes documentation packages and alike. Some aren't directly
related to packages in the archive and so nothing depends on them. For
example our project documentation, like debian-policy, developers-reference
but also debian-faq etc.
> Certainly, the backports.org keyring is useful to some people, *but* it is,
> 1. not free software
Good point, while I need to nitpick a bit: Its about complying with our
social contract and therefore the Debian Free Software Guidelines.
Its all about the availability of source and yeah, this really seems
to be somewhat problematic by the nature of a public-key pair.
Probably it would make sense to clarify that a bit more,
because that basically applies to a lot of things we already
distribute. For example: Whats the source of a wave file or of a bitmap?
I would argue that the source of a keypair is either the algorithm used
to create it (combined with some "random" factors, but thats true for a
bitmap as well) or the key pair itself. Probably not the most accurate
definition, I know.
> 2. free software does not depend on it
Which is not a requirement for something to be in the archive.
> 3. not part of Debian's important data stuff
Which is also not a requirement for something to be in the archive.
Consider debian-faq for example. I agree, that its useful for a greater
majority of users, but disagree that this qualifies to be "important
> If backports.org keyring get distributed, then I would argue it allows
> others, non-software data to be packaged as well. For example, some free
> anime movies, or the Gutenberg project packages.
Probably. If they are as useful to a greater majority of Debian users.
If it doesn't explode archive size (because thats a concern that needs
to be thought about, too), if source *can not* be available for
technical reasons but all other rights are granted. Then it should still
be something to think about shared like we do for the bpo keyring, now.
> Debian is for *free software* (and some non-free) and stuff that related
> to Debian. It is not for backports.org, or Ubuntu, or some other stuff.
Hah, thats a good point. But you seem to forgot that backports.org
*does* relate to Debian. Its a great enhancement for Debian stable
users, a good workaround to the "we have old and sometimes
buggy software in our stable release, but cannot fix it, because it does
not qualify for SRU"-problem. Its beeing run by Debian developers.
Quality aspects are therefore very similar. All these points are not
true for Ubuntu, which you mentioned in the same sentence.
Please also consider #4 of our social contract. It says that our
priorities are our users _and_ free software. But yes, its questionable if
a keypair really qualifies for main.