The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: qmail license

To: Bruce Perens <bruce@pixar.com>
Subject: Re: qmail license
From: Dale Scheetz <dwarf@polaris.net>
Date: Sat, 8 Mar 1997 16:45:38 -0500 (EST)
Cc: Michael Alan Dorman <mdorman@calder.med.miami.edu>, debian-private@lists.debian.org
In-reply-to: <m0w37g7-00MKNfC@golem.pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 8 Mar 1997 21:44:07 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"mM5_E2.0.T04.dsT8p"@debian>
Resent-sender: debian-private-request@lists.debian.org

On Fri, 7 Mar 1997, Bruce Perens wrote:

> From: Dale Scheetz <dwarf@polaris.net>
> > All he needs to do to make it work is name his source tree head as
> > qmail-1.0.orig and then his md5sum will match ours.
> 
> No, I think we need to stop using .orig and match him. The .orig is simply
> a mistake. No package should be named "FooBar 1.0, the Original Version",
> it should simply be "FooBar 1.0". Naming the upstream source .orig is
> a bit of Debian chauvanism that crept in un-noticed.

This would, of course, require that the Debian source tree be "renamed" to
something like FooBar_1.0.debian to keep them distinct.
The more we talk about it, the more I'm convinced that the .orig tree is
an obsolete idea that should be "no trouble" to correct.

> 
> > In fact, I think we should inspect the general idea of getting upstream
> > developers to deliver source compatible with the packaging system (tar.gz
> > with a consistent <package>-<version>.orig source tree head) specifically
> > because they then only need to provide the md5sum to validate the source
> > as being free of "unknown changes".
> 
> Indeed this is a good goal, but I think we need to get them to consistently
> use <package>-<version> as they mostly do now, or <package>_<version>, which
> would be a bit less ambiguous about what is the package and what is the
> version.
> 
I didn't like the use of "_" when we first started, but, now that I am
accustomed to it, I think this is something we should try to addopt and
enforce on the source package files as well as the binaries.

> > Encouraging the free software community to adopt a common source format
> > with associated md5sum (possibly pgp signed by the developer) could go a
> > long way to closing up this possibility for destructive intervention by
> > persons of malicious intent.
> 
> Right.

As was pointed out to me by someone else, the free software community has
already addopted a common source format. It is the tar.gz format, without
our additional ".orig" feature. If we can become more conformative with
this format then we are better able to "protect" from outside modification
of these sources.

Luck,

Dwarf

------------                                          --------------

aka   Dale Scheetz                   Phone:   1 (904) 656-9769
      Flexible Software              11000 McCrackin Road
      e-mail:  dwarf@polaris.net     Tallahassee, FL  32308

------------ If you don't see what you want, just ask --------------

References:
- Re: qmail license
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Re: dpkg/dselect development
Next by Date: re: donations
Previous by thread: Re: qmail license
Next by thread: Re: qmail license
Index(es):
- Date
- Thread