[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Status on Proposal for restricted packages

Ok, here's the first order of business in the status on this proposal
which is based mostly on the ideas I have seen come across the list. This
_only_ includes a description of what the package will contain to let dpkg
know about it's restrictions. This does not require any policy on how the
dependencies need to be handled nor how it is distributed on the mirrors
etc., just the package format.

Basically it has been others opinions that the idea for a seperate control
file named 'restrictions' needs to be used for any package which may fall
under import/export restrictions due to whatever reason. This seems like
the best way to handle this.

The format would probably look something like this:

	Type: crypto-rsa
	Files: /usr/bin/ssh /usr/sbin/sshd
	Type: crypto-newtype
	Files: /usr/bin/ssh /usr/bin/sshd
	Restrictions: US-any any-DE
	Description: This package contains files which contain the 'newtype'
	 encryption mechanism. It may be illegal for you to import and or export
	 this package to or from certain countries blah blah blah

	Type: patent-rsa
	Files /usr/bin/ssh /usr/bin/sshd

There are a few things to note with this format. You will notice that out
of the 3 entries for restrictions only 1 was formatted completely. This
relies on a few things, 1) That we have a set standard of some common
restrictions (ie. des, rsa, etc) 2) dpkg/apt, or some other essential
packages, contains a database of these agreed upon common restrictions.

This way most maintainers will only have to list the type and which files
in the package it affects, and the restrictions can be centrally
maintained by all of the developers. This avoids 2 different developers
having completely different descriptions and/or restriction definitions
(the 'where-to' entries). If there is a package with a specific
restriction then it can simply define it within itself for dpkg/apt to
use. The database that dpkg/apt can use will look exactly like this format
without the 'Files:' entry. However dpkg/apt can keep a database on
installed packages with restrictions in say /var/lib/dpkg/restrictions
with the same format except that it appends files with packages onto each
restriction type like so:

	Type: crypto-des
	Files: ssh (/usr/bin/ssh /usr/sbin/sshd) \
	 krb5-client (/usr/bin/klogin)
	Restrictions: any-US
	Description: DES encryption blah blah blah

The advantage of listing the files affected by the encryption helps users
know which files in the package they are free to distribute with out
regard for the restrictions and which ones they can't. They can also track
all the files on their system relative to a certain type of restriction.

QUESTION: I'm not too familiar with how things like this are supposed to
be agreed upon and brought to a resolution for inclusion into the policy.
Can some one help me out with these intricacies? I will write this up in a
more 'Debian Policy' format tomorrow, similiar to how the other control
file descriptions are layed out.


-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Attachment: pgp5KLQV2cVS4.pgp
Description: PGP signature

Reply to: