[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ITI: HTTPS method for apt

On Sun, Mar 24, 2002 at 12:21:02PM -0800, Adam McKenna wrote:
> > >Signing packages themselves is a much better approach IMHO.
> > 
> > But https also allows the use of client certificates, which is quite
> > useful if you use the .deb format to distribute commercial software
> > that should only be downloaded by sites that paid for it.
> So, let the company that is distributing the non-free software donate the 
> time and resources required to build this support into apt.

So just because it may benefit some hypotethetical commercial project, we
should not do it?  If a developer has desire and interest to write the
code, why oppose it?  Besides, I refuse to accept the suggestion that a
commercial effort is welcome to do anything for Debian.  Politics and
paranoia will kill any such effort quickly.  Remember slink.5 anyone?

For the newbies, and to refresh the memories of everyone responsible for
that mistake, two developers were asked by their employer to update Slink
a bit - just backport a few major packages like 2.2 kernels and the like
so it actually worked on the company's hardware.

This list opposed the project for two reasons:

 1. Potato would be out in a month or so anyway, work on that instead!
 2. We can't allow evil corporate influence affecting the project!

It was completed in two weeks.  Two months afterward, potato was no closer
to a release.  A similar project for Potato to add a 2.4 kernel was not
commercially sponsored and has generally been supported pretty well.  Go

Joseph Carter <knghtbrd@bluecherry.net>     I N33D MY G4M3Z, D00D!!!!111!!
                                                      (Just ... don't ask)
* Endy needs to consult coffee :P
<Endy> coffee the bot person, not coffee the beverage :)
<knghtbrd> consulting the beverage may help too  =>

Attachment: pgpUPeNHuKbRm.pgp
Description: PGP signature

Reply to: