The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: qmail license

To: Michael Alan Dorman <mdorman@calder.med.miami.edu>, Dale Scheetz <dwarf@polaris.net>
Subject: Re: qmail license
From: bruce@pixar.com (Bruce Perens)
Date: Fri, 7 Mar 97 13:59 PST
Cc: debian-private@lists.debian.org
Reply-to: Bruce Perens <bruce@pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 7 Mar 1997 22:03:03 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"-VBxo3.0.Te5.N298p"@debian>
Resent-sender: debian-private-request@lists.debian.org

From: Dale Scheetz <dwarf@polaris.net>
> All he needs to do to make it work is name his source tree head as
> qmail-1.0.orig and then his md5sum will match ours.

No, I think we need to stop using .orig and match him. The .orig is simply
a mistake. No package should be named "FooBar 1.0, the Original Version",
it should simply be "FooBar 1.0". Naming the upstream source .orig is
a bit of Debian chauvanism that crept in un-noticed.

> In fact, I think we should inspect the general idea of getting upstream
> developers to deliver source compatible with the packaging system (tar.gz
> with a consistent <package>-<version>.orig source tree head) specifically
> because they then only need to provide the md5sum to validate the source
> as being free of "unknown changes".

Indeed this is a good goal, but I think we need to get them to consistently
use <package>-<version> as they mostly do now, or <package>_<version>, which
would be a bit less ambiguous about what is the package and what is the
version.

> Encouraging the free software community to adopt a common source format
> with associated md5sum (possibly pgp signed by the developer) could go a
> long way to closing up this possibility for destructive intervention by
> persons of malicious intent.

Right.

	Bruce
--
Bruce Perens K6BP   Bruce@Pixar.com   510-215-3502
Finger bruce@master.Debian.org for PGP public key.
PGP fingerprint = 88 6A 15 D0 65 D4 A3 A6  1F 89 6A 76 95 24 87 B3

Follow-Ups:
- Re: qmail license
  - From: Dale Scheetz <dwarf@polaris.net>

Prev by Date: Re: [RFC] Restructuring of the Debian Project
Next by Date: Changing the way we deal with source archives
Previous by thread: Re: qmail license
Next by thread: Re: qmail license
Index(es):
- Date
- Thread