Re: Status on Proposal for restricted packages

To: john@dhh.gt.org
Cc: debian-devel@lists.debian.org
Subject: Re: Status on Proposal for restricted packages
From: Ben Collins <bmc@visi.net>
Date: Thu, 26 Nov 1998 21:48:26 -0500
Message-id: <[🔎] 19981126214826.A15975@visi.net>
Mail-followup-to: john@dhh.gt.org, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87hfvlzxs4.fsf@hasler.dhh>; from john@dhh.gt.org on Thu, Nov 26, 1998 at 08:15:23PM -0600
References: <[🔎] 19981125194610.A7255@visi.net> <[🔎] 87hfvlzxs4.fsf@hasler.dhh>

On Thu, Nov 26, 1998 at 08:15:23PM -0600, john@dhh.gt.org wrote:
> Ben Collins writes:
> > This relies on a few things, 1) That we have a set standard of some
> > common restrictions (ie. des, rsa, etc) 2) dpkg/apt, or some other
> > essential packages, contains a database of these agreed upon common
> > restrictions.
> 
> Much too complicated.  The software only needs to know where not to send
> the package.

This isn't just for the software tho. The data related to the restrictions
needs to be persistent, not just in the .deb file, it needs to stay on the
system and the user should be able to reasonably understand the info.

> > This way most maintainers will only have to list the type and which files
> > in the package it affects, and the restrictions can be centrally
> > maintained by all of the developers.
> 
> That way someone has to develop a machine readable notation for all
> possible restrictions and maintain a database of all existing ones.  An
> impossible task, IMHO.  And an unnecessary one.

Not true, just the most common ones that we see in almost all restrcited
packages, which is a limited amount.

> > This avoids 2 different developers having completely different
> > descriptions and/or restriction definitions (the 'where-to' entries).
> 
> Raul seems to have already proposed a simple textual database of known
> restrictions that developers can consult if they think their package may be
> restricted.  It seems to me that a developer is less likely to make a
> mistake in deciding on a set of 'where-to' restrictions then in deciding on
> a 'type'.

This is exaclty what I was stating above, however, I and others can very
easily tell you what ssh has that makes it restricted, but I bet very few
people really know all of the import and export restrictions associated
with it world-wide. I'de much rather say "crypto-rsa" than say "ummm, I
wonder where this thing can and can't go?". If a maintainer can't even
recognize the type of restriction in his package, how would he know where
the restrictions affect it? He would have to know the type.

-- 
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Reply to:

Follow-Ups:
- Re: Status on Proposal for restricted packages
  - From: john@dhh.gt.org

References:
- Status on Proposal for restricted packages
  - From: Ben Collins <bmc@visi.net>
- Re: Status on Proposal for restricted packages
  - From: john@dhh.gt.org

Prev by Date: Re: Draft new DFSG
Next by Date: Draft new DFSG - r1.4
Previous by thread: Re: Status on Proposal for restricted packages
Next by thread: Re: Status on Proposal for restricted packages
Index(es):
- Date
- Thread