On Fri, Jul 25, 2014 at 03:00:17PM +0100, Marcin Kulisz (kuLa) wrote: > * Package name : apt-transport-s3 Note that this is only 'needed' for private S3, apt came to terms with public S3 desperate its problems (like pipelining and decoding of '+') – which this copy doesn't support, but see next section: > Version : 20120426090326git > Upstream Author : Kyle Shank <kyle.shank@gmail.com> > * URL : https://github.com/kyleshank/apt-s3 > * License : GPLv3 That is surprising to see. It seems to be a slightly modified 6 years old copy of apt's http method (with all its bugs of course) which just got 2 years ago GPLv3(+) headers. APT itself (and the copied code, too) is GPL2+, which this copy avoids mentioning as it doesn't tell you anything about being a copy (looking at some of the forks and how they do the same to https, oh dear…) while the copyright is claimed by the upstream author alone. Slightly modified as the modification in s3.h is the addition of the license header, while s3.cc goes the extra-mile of including openssl (remember, I said GPL2+ – nothing about an OpenSSL exception) and curl (no idea why, as it isn't used) to get SHA1 and Base64 encoding (which is both already available in libapt anyway) to set a "Date:" and an "Authorization: AWS" header for AWS while removing our "Authorization: Basic" support. Oh, and it does change the user-agent from "Debian APT" to "Ubuntu APT"… (and yes, I diff'ed that against an apt checkout from that time as the history of upstream is non-existent). I have the strong feeling that this could just as well be patched into apt directly. Some of the forks (really, 77 forks? for this? apt has a serious marketing problem…) suggest that a bunch of stuff could be added, which I guess are not that okayish for apt directly, but I would encourage you in any case to contact us at deity@lists.debian.org so we can work out how to avoid a massive code-copy as this is (as shown here) prune to get out of date and accumulate unfixed (security) bugs fast. > deb s3://AWS_ACCESS_ID:[AWS_SECRET_KEY]@s3.amazonaws.com/BUCKETNAME wheezy main btw: You don't need to write your credentials in a sources.list anymore (which should be world-readable) if your apt is recent enough (and with recent I mean at least oldstable). You can populate a netrc-like file at /etc/apt/auth.conf with them (create it if you must and set for it the permissions to your liking!). Best regards David Kalnischkies
Attachment:
signature.asc
Description: Digital signature