From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-41497-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1ORUtO-0005QR-Bg
	for garchives@archives.gentoo.org; Wed, 23 Jun 2010 18:41:46 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 74CBCE0BC2;
	Wed, 23 Jun 2010 18:41:41 +0000 (UTC)
Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id 522EAE088C
	for <gentoo-dev@lists.gentoo.org>; Wed, 23 Jun 2010 18:41:14 +0000 (UTC)
Received: by fxm19 with SMTP id 19so217201fxm.40
        for <gentoo-dev@lists.gentoo.org>; Wed, 23 Jun 2010 11:41:13 -0700 (PDT)
Received: by 10.102.237.35 with SMTP id k35mr2781609muh.72.1277318473588;
        Wed, 23 Jun 2010 11:41:13 -0700 (PDT)
Received: from [192.168.1.20] (84-255-194-155.static.t-2.net [84.255.194.155])
        by mx.google.com with ESMTPS id w5sm10476964mue.59.2010.06.23.11.41.11
        (version=SSLv3 cipher=RC4-MD5);
        Wed, 23 Jun 2010 11:41:12 -0700 (PDT)
Subject: Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
From: Domen =?UTF-8?Q?Ko=C5=BEar?= <domen@dev.si>
To: gentoo-dev@lists.gentoo.org
In-Reply-To: <4C1B7B7E.70701@gentoo.org>
References: <4C169D32.5080706@gentoo.org>	<4C1A9E38.8050206@gmail.com>
	 <20100618014229.GA12490@hrair>	<201006181108.29193.polynomial-c@gentoo.org>
	 <AANLkTimufQyHQ9rMvDyZ9XhZ1m-wU8K4pz21I52DvgzD@mail.gmail.com>
	 <4C1B7B7E.70701@gentoo.org>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-Ji2MtjeWfcVr7P8dbYDO"
Date: Wed, 23 Jun 2010 20:41:10 +0200
Message-ID: <1277318470.5556.0.camel@oblak>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3.1 
X-Archives-Salt: 461ca079-2119-456f-abd2-c863a19f1553
X-Archives-Hash: 83d5ab5f811fb8217a1bbce2e448d500


--=-Ji2MtjeWfcVr7P8dbYDO
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

This should probably be updated:

http://www.gentoo.org/doc/en/gentoo-amd64-faq.xml#flash

On Fri, 2010-06-18 at 15:58 +0200, Angelo Arrifano wrote:
> On 18-06-2010 12:16, Alec Warner wrote:
> > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org>=
 wrote:
> >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
> >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> >>>> Lars Wendler wrote:
> >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
> >>>>>>> Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n<chithanh@gentoo.org>  w=
rote:
> >>>>>>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>>>>>> download and install additional Content Protection software on t=
he
> >>>>>>>> user's PC.
> >>>>>>>
> >>>>>>> Not like anyone will actually *read* the license before adding it=
 to
> >>>>>>> their accept group, but if they did this would indeed be an impor=
tant
> >>>>>>> thing of which users should be aware.
> >>>>>>
> >>>>>> I defend it is our job to warn users about this kind of details. T=
o me
> >>>>>> it sounds that a einfo at post-build phase would do the job, what =
do
> >>>>>> you guys think?
> >>>>>
> >>>>> Definitely yes! This is a very dangerous snippet in Adobe's license
> >>>>> which should be pretty clearly pointed at to every user.
> >>>>
> >>>> Could that also include a alternative to adobe?  If there is one.
> >>>
> >>> The place to advocate free alternatives (or upstreams that are
> >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or a=
t
> >>> best in metadata.xml... einfo should be "this is the things to watch
> >>> for in using this/setting it up" not "these guys are evil, use one of
> >>> the free alternatives!".
>=20
> Why? You are running a free and opensource operating system, what's
> wrong suggesting *other* free and opensource alternatives? You are just
> providing the user a choice, not to actually oblige him to install anythi=
ng.
>=20
> Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
> kernel driver when using the hardened profile.
> >>
> >> Maybe I expressed myself a bit misinterpretative. I don't want to requ=
est an
> >> elog message telling users about alternative packages. But in my opini=
on an
> >> elog message pointing at the bald-faced parts of Adobe's license shoul=
d be
> >> added. These parts about allowing Adobe to install further content pro=
tection
> >> software is just too dangerous in my opinion.
> >=20
> > I will ignore the technical portion where basically any binary on your
> > system; even binaries you compiled yourself have the ability to
> > 'install things you do not like' when run as root (and sometimes when
> > run as a normal user as well.)
>=20
> For all the years running Linux, I never found that case.
> >=20
> > The real meat here is that you want Gentoo to take some kind of stand
> > on particular licensing terms.  I don't think this is a good
> > precedent[0] to set for our users.  It presumes we will essentially
> > read the license in its entirety and inform users of the parts that we
> > think are 'scary.'[1]  The user is the person who is installing and
> > running the software.  The user is the person who should be reading
> > and agreeing with any licensing terms lest they find the teams
> > unappealing.  I don't find it unreasonable to implement a tool as
> > Duncan suggested because it is not a judgement but a statement of
> > fact.  "The license for app/foo has changed from X to Y.  You should
> > review the changes accordingly by running <blah>"
>=20
> I'm the person who initially proposed warning users on elog. The initial
> proposal only states about:
> 1) A warning about change of licensing terms.
> 2) A warning that "additional Content Protection software" might be
> installed without users consent.
>=20
> In fact, portage already warns the users about bad coding practices,
> install of executables with runtime text relocations, etc.. How is this
> different?
> If me, as a user, didn't know about such detail (who reads software
> license agreements anyway?) and someday I hypothetically find a
> executable running without my permission as my user account and I'm able
> to associate it with Adobe's flash, I would be pissed off to no extent.
> And guess what? First thing I would *blame* is flash maintainers.
> I expect package maintainers to be more familiar with the packages they
> maintain than me. As consequence, I expect them to advice me about
> non-obvious details on those packages. At least that's what I try to do
> on the packages I maintain.
> GNU/Linux is all about choice. Stating, during install, that a package
> might later install additional stuff will just provide a choice to the
> user, not conditioning it.
>=20
> Regards,
> - Angelo
> >=20
> > [0] There is an existing precedent for reading the license and
> > ensuring Gentoo itself is not violating the license by distributing
> > said software.  Gentoo takes measures to reduce its own liability in
> > case a lawsuit arises; however this is a pretty narrow case.
> > [1] The other bad part here is that 'scary' is itself a judgement call
> > about licensing terms.  I do not want to have arguments with users
> > about which terms I should have to warn them about versus not.  Users
> > should (ideally) be reading the software licenses for software they
> > choose to use.
> >=20
> > -A
> >=20
> >>
> >>> Grok?
> >>>
> >>> ~harring
> >>
> >> --
> >> Lars Wendler (Polynomial-C)
> >> Gentoo developer and bug-wrangler
> >>
> >>
> >=20
>=20
>=20


--=-Ji2MtjeWfcVr7P8dbYDO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iQEcBAABAgAGBQJMIlVGAAoJELK2yDJICzUABCMH/16jySfYYUP3KXigyc3kOFUQ
TXLEgWSnWOUdqNbNLPnX8zWlKPoXPImZjYWDaUeLBoCabgbPevj0lKnRJW3Zyw1X
+JGa4SiM/LfWHGpj83O2l7gp92z6jLfPNyGh2BpscnJO2GuEy5ybhab8/Q5ttUPk
VgNXunCFZLQrade4pA1+XaVpxKfgQWi92Rwp1GcvpVgimTvaGH7OIjtG9aK4xTN+
cQr91dFw1nxEHEcfpGTqdLdpEomWVdeUrXEAQOBAAeLFabO8SQNhqNpWZb/Jvm1l
gHjxuO/ejbUduXa5zwWLX8iL4HAK/NCSPd2Im8Wi+seazPeohCDWpbMsIQfo6RM=
=ftes
-----END PGP SIGNATURE-----

--=-Ji2MtjeWfcVr7P8dbYDO--