Re: The "Free" vs. "Non-Free" issue
On Wed, Jan 07, 2004 at 09:46:39AM -0500, Raul Miller wrote:
> On Wed, Jan 07, 2004 at 11:10:21AM +0100, Michael Banck wrote:
> > I see only one vital point for having those packages on the "real Debian
> > infrastructure", instead of a mere copy of it: You could continue to
> > reassign bugs from non-free to main.
> >
> > Anything else I missed?
>
> The "real Debian infrastructure" has relatively easy to understand issues
> (dependencies, conflicts, structure, security, contacts).
>
> A "mere copy of it" doesn't currently exist, so will be harder to
> understand. For example, I would be a bit more worried about trojans
> in the context of some of the flakier apt-get.org feeds than in the
> context of something provided by a debian developer (or even a university
> project).
I believe the mentors.debian.net project has resolved this, they're only
letting GPG-signed packages in their repository, AFAIK. Of course, they
are all by non-DDs (which is the point of a sponsoring framework), but
I don't think that's a very big technical problem, albeit a point worth
reconsidering.
A replacement of non-free outside of Debian should have the guarentee of
being from the people that maintain it (whether or not they are
exclusively DDs is up to the maintainer of the non-free project) and
should have better traceability than your avarage apt-get.org line.
Michael
Reply to: