From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NKYEU-0004Fz-3B for garchives@archives.gentoo.org; Tue, 15 Dec 2009 14:18:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CC9EEE0CEF for ; Tue, 15 Dec 2009 14:18:32 +0000 (UTC) Received: from vms173015pub.verizon.net (vms173015pub.verizon.net [206.46.173.15]) by pigeon.gentoo.org (Postfix) with ESMTP id 54757E09A1 for ; Tue, 15 Dec 2009 12:19:48 +0000 (UTC) Received: from gw.thefreemanclan.net ([96.245.54.62]) by vms173015.mailsrvcs.net (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPA id <0KUP00B0T0WBFXWF@vms173015.mailsrvcs.net> for gentoo-dev@lists.gentoo.org; Tue, 15 Dec 2009 06:19:28 -0600 (CST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by gw.thefreemanclan.net (Postfix) with ESMTPS id E93A81759AC6 for ; Tue, 15 Dec 2009 07:19:22 -0500 (EST) Message-id: <4B277ECA.3000608@gentoo.org> Date: Tue, 15 Dec 2009 07:19:22 -0500 From: Richard Freeman User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Thunderbird/3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] CAcert certificate distribution license to third parties (i.e. distributors like gentoo) References: <200912132244.09435.dragonheart@gentoo.org> <4B262C68.9030402@gentoo.org> <200912151746.09755.dragonheart@gentoo.org> In-reply-to: <200912151746.09755.dragonheart@gentoo.org> Content-type: text/plain; charset=ISO-8859-15; format=flowed Content-transfer-encoding: 7bit X-Archives-Salt: b70aa4f3-a710-4854-aecd-4409a0d2b73e X-Archives-Hash: 8b7b63c92d5552dc0f87440f6461a4ba On 12/15/2009 01:46 AM, Daniel Black wrote: > I did email the debian maintainer too. no response yet. They have interactive > builds though and I guess we do too now. Will be a royal pain if every > CA/software did the same thing. > The last thing gentoo needs is interactive builds. XFree86 was forked over something less annoying than that (advertising clause)... I'd rather put a disclaimer in the handbook that when you install gentoo you bear the consequences of anything you do with it: if you're in a jurisdiction where software licenses are binding on those who use software then be sure to set ACCEPT_LICENSE accordingly, and all users should monitor the outputs of their builds for important notices. On that note, perhaps the default make.conf should send ELOGs to root@localhost or something? People can disable it if they don't like it, but I don't think we want our default to be that important notices are lost. If legal experts feel that the only thing that will work would be an interactive build, then we should: 1. Have the build by default terminate with an error that it requires some kind of acknowledgment. Ideally have the package manager detect this condition at --pretend time. 2. Have the user set this acknowledgment using an environment variable in make.conf (perhaps a setting for these purposes), or a local use flag, or some other one-time non-interactive mechanism. 3. Have the build notice this and proceed normally (so the actual build and future upgrades are non-interactive). 4. Ensure that this package is NOT required by anything in system, or installed by default by any major popular package (so maybe we have ca-certificates, and ca-certificates-annoying or something). We definitely don't want the gentoo experience to be one of typing emerge world and then having to check back on it every three minutes to see what the latest prompt is. I'm generally in favor of including CACert by default, but if they're going to shoot themselves in the foot over licensing then that is their loss. I already have to install it manually for chromium (a real pita, btw). I can't see the council voting to allow interactive builds for a certificate, and I really don't see why CACert is pushing this either...