Re: setuid/setgid binaries contained in the Debian repository.
On Sun, 3 Aug 2003 13:24:13 -0400, Joey Hess <joeyh@debian.org> said:
> Manoj Srivastava wrote:
>> Not without a transition plan in the general case. And my point,
>> which you have not addressed, was that most of your examples were
>> not ones that mandated significant changes to the source or
>> behavior of programs.
>> First, most of these alloowed people time to bring their programs
>> in line. Secondly,, no new programs were kept out of the
>> distribution by requiring an audit and a consensus on debian-devel;
>> You got the program in, and you worked on the bugs that were filed
>> on it.
> So by analogy, the debian-legal list should not be able to block new
> software with potentially bad licenses from entering the archive.
> Instead we should have some kind of "teansition plan". Fascinating,
> tell me more.
*Sigh*. I didn't think I would need to tell you about our
social contract, nor that you would find that exposition
fascinating. Since even you appear to be confused about this
distinction, perhaps I should not be making assumptions about other
readers of this list.
Hmm. See, we have this thing called the social contract,
which we all agreed to, and which is one of the core things about
Debian. The social contract provides a guideline to determine what we
call free.
That is hard at times to do, so we have a bunch of people,
who, in the goodness of their heart, donate time to help people
determine how to apply those guidelines.
I also note that the -legal list does have gating rights over
every package; they mostly respond to request from maintainers who
are confused about some license. Packages are not held up until the
list provides the proper penguin pee. There is no dictum in policy to
beat people on the head with to make them go to the list and get
consensus.
It is one thing to have a clearinghouse where expertise
lives, and to have that clearinghouse offer expert services when a
developer is in doubt, and quite another to use policy to ram these
volunteer services down every ones throats.
Did you find this as elucidating as my previous message?
> Manoj Srivastava wrote:
>> I haven't objected to code reviews of packages; I objected to
>> gathering consensus through discussion; and making admission of new
>> packages incumbent on such consensus.
> Again, how is this different from the debian-legal mailing list?
Again, there is nothing in policy that requires a consensus on
the -legal mailing list in order for packages to be included in the
project.
If I am confused about a license, yes, the -legal list exists
to disambiguate the license; and help me decide whether it should or
should not be in Debian. No beating me on the head with policy at
all.
Is this distinction really so hard to see?
I would be enthusiastically for a list like -legal, where
people can go and ask for help to have packages audited, but not for
people rolling up policy to beat people on the head to make it so.
manoj
--
"Keeping proprietary and confidential information secret is the key to
moving the computer industry into the 21st century." Letter from Apple
Computer and Rasterops to the Macintosh user community
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: