public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
@ 2010-06-14 21:20 Chí-Thanh Christopher Nguyễn
  2010-06-16 12:40 ` Jim Ramsay
  0 siblings, 1 reply; 17+ messages in thread
From: Chí-Thanh Christopher Nguyễn @ 2010-06-14 21:20 UTC (permalink / raw
  To: gentoo-dev

Hi,

www-plugins/adobe-flash has a new license[1] which refers to itself as 
"License Agreement" and in section 1.2 "BINDING AGREEMENT" states that 
the user must accept the agreement in order to use the software.

I propose that this license be added to the EULA group. The previous 
AdobeFlash-10 license is similar in this regard, and could possibly also 
be added to that group.

One notable section is 7.6 in which Adobe reserves the right to download 
and install additional Content Protection software on the user's PC.

Your thoughts?


Regards,
Chí-Thanh Christopher Nguyễn


[1] https://bugs.gentoo.org/show_bug.cgi?id=323837




^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-14 21:20 [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group Chí-Thanh Christopher Nguyễn
@ 2010-06-16 12:40 ` Jim Ramsay
  2010-06-16 12:45   ` Angelo Arrifano
  0 siblings, 1 reply; 17+ messages in thread
From: Jim Ramsay @ 2010-06-16 12:40 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 717 bytes --]

Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
> I propose that this license be added to the EULA group. The previous 
> AdobeFlash-10 license is similar in this regard, and could possibly
> also be added to that group.

Agreed, on both points, and done.  Thanks for finding and airing this
issue!

> One notable section is 7.6 in which Adobe reserves the right to
> download and install additional Content Protection software on the
> user's PC.

Not like anyone will actually *read* the license before adding it to
their accept group, but if they did this would indeed be an important
thing of which users should be aware.

-- 
Jim Ramsay
Gentoo Developer (rox/fluxbox/gkrellm/vim)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-16 12:40 ` Jim Ramsay
@ 2010-06-16 12:45   ` Angelo Arrifano
  2010-06-17 22:06     ` Lars Wendler
  0 siblings, 1 reply; 17+ messages in thread
From: Angelo Arrifano @ 2010-06-16 12:45 UTC (permalink / raw
  To: gentoo-dev

On 16-06-2010 14:40, Jim Ramsay wrote:
> Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
>> I propose that this license be added to the EULA group. The previous 
>> AdobeFlash-10 license is similar in this regard, and could possibly
>> also be added to that group.
> 
> Agreed, on both points, and done.  Thanks for finding and airing this
> issue!
> 
>> One notable section is 7.6 in which Adobe reserves the right to
>> download and install additional Content Protection software on the
>> user's PC.
> 
> Not like anyone will actually *read* the license before adding it to
> their accept group, but if they did this would indeed be an important
> thing of which users should be aware.
> 

I defend it is our job to warn users about this kind of details. To me
it sounds that a einfo at post-build phase would do the job, what do you
guys think?



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-16 12:45   ` Angelo Arrifano
@ 2010-06-17 22:06     ` Lars Wendler
  2010-06-17 22:14       ` Dale
  0 siblings, 1 reply; 17+ messages in thread
From: Lars Wendler @ 2010-06-17 22:06 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: Text/Plain, Size: 1182 bytes --]

Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> On 16-06-2010 14:40, Jim Ramsay wrote:
> > Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
> >> I propose that this license be added to the EULA group. The previous
> >> AdobeFlash-10 license is similar in this regard, and could possibly
> >> also be added to that group.
> > 
> > Agreed, on both points, and done.  Thanks for finding and airing this
> > issue!
> > 
> >> One notable section is 7.6 in which Adobe reserves the right to
> >> download and install additional Content Protection software on the
> >> user's PC.
> > 
> > Not like anyone will actually *read* the license before adding it to
> > their accept group, but if they did this would indeed be an important
> > thing of which users should be aware.
> 
> I defend it is our job to warn users about this kind of details. To me
> it sounds that a einfo at post-build phase would do the job, what do you
> guys think?

Definitely yes! This is a very dangerous snippet in Adobe's license which 
should be pretty clearly pointed at to every user.

-- 
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler


[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-17 22:06     ` Lars Wendler
@ 2010-06-17 22:14       ` Dale
  2010-06-17 22:37         ` Chí-Thanh Christopher Nguyễn
  2010-06-18  1:42         ` Brian Harring
  0 siblings, 2 replies; 17+ messages in thread
From: Dale @ 2010-06-17 22:14 UTC (permalink / raw
  To: gentoo-dev

Lars Wendler wrote:
> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>    
>> On 16-06-2010 14:40, Jim Ramsay wrote:
>>      
>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
>>>        
>>>> I propose that this license be added to the EULA group. The previous
>>>> AdobeFlash-10 license is similar in this regard, and could possibly
>>>> also be added to that group.
>>>>          
>>> Agreed, on both points, and done.  Thanks for finding and airing this
>>> issue!
>>>
>>>        
>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>> download and install additional Content Protection software on the
>>>> user's PC.
>>>>          
>>> Not like anyone will actually *read* the license before adding it to
>>> their accept group, but if they did this would indeed be an important
>>> thing of which users should be aware.
>>>        
>> I defend it is our job to warn users about this kind of details. To me
>> it sounds that a einfo at post-build phase would do the job, what do you
>> guys think?
>>      
> Definitely yes! This is a very dangerous snippet in Adobe's license which
> should be pretty clearly pointed at to every user.
>
>    

Could that also include a alternative to adobe?  If there is one.

Dale

:-)  :-)



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-17 22:14       ` Dale
@ 2010-06-17 22:37         ` Chí-Thanh Christopher Nguyễn
  2010-06-17 23:20           ` Lars Wendler
  2010-06-18  1:42         ` Brian Harring
  1 sibling, 1 reply; 17+ messages in thread
From: Chí-Thanh Christopher Nguyễn @ 2010-06-17 22:37 UTC (permalink / raw
  To: gentoo-dev

Dale schrieb:
>>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>>> download and install additional Content Protection software on the
>>>>> user's PC.
>>>> Not like anyone will actually *read* the license before adding it to
>>>> their accept group, but if they did this would indeed be an important
>>>> thing of which users should be aware.
>>> I defend it is our job to warn users about this kind of details. To me
>>> it sounds that a einfo at post-build phase would do the job, what do 
>>> you
>>> guys think?

Though I am not opposed to adding a warning, I think the license mask is 
sufficient. If users demonstrate their indifference by setting 
ACCEPT_LICENSE="*" or adding AdobeFlash-10.1 without reading the 
license, then I somehow doubt that elog messages will have an effect.
>> Definitely yes! This is a very dangerous snippet in Adobe's license 
>> which
>> should be pretty clearly pointed at to every user.
>>
>
> Could that also include a alternative to adobe?  If there is one.

There are three open-source flash browser plugins in portage:
- swfdec: development seems to have stalled
- gnash: I have received mixed reports about the stability of the 
current version. The next release will include VA-API support and other 
improvements.
- lightspark: a recent effort which is in its early stages and still 
incomplete in many ways (eg. audio support is planned for 0.4.2)

None of them I consider good enough to replace adobe-flash for the 
average user.


Regards,
Chí-Thanh Christopher Nguyễn




^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-17 22:37         ` Chí-Thanh Christopher Nguyễn
@ 2010-06-17 23:20           ` Lars Wendler
  0 siblings, 0 replies; 17+ messages in thread
From: Lars Wendler @ 2010-06-17 23:20 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: Text/Plain, Size: 2443 bytes --]

Am Freitag 18 Juni 2010, 00:37:29 schrieb Chí-Thanh Christopher Nguyễn:
> Dale schrieb:
> >>>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>>> download and install additional Content Protection software on the
> >>>>> user's PC.
> >>>> 
> >>>> Not like anyone will actually *read* the license before adding it to
> >>>> their accept group, but if they did this would indeed be an important
> >>>> thing of which users should be aware.
> >>> 
> >>> I defend it is our job to warn users about this kind of details. To me
> >>> it sounds that a einfo at post-build phase would do the job, what do
> >>> you
> >>> guys think?
> 
> Though I am not opposed to adding a warning, I think the license mask is
> sufficient. If users demonstrate their indifference by setting
> ACCEPT_LICENSE="*" or adding AdobeFlash-10.1 without reading the
> license, then I somehow doubt that elog messages will have an effect.

Maybe I'm quite alone with that but I have ACCEPT_LICENSE="*" because I hate 
to edit my make.conf each time I try to emerge a package with yet another 
license that is missing in the variable. But I still watch for elog messages 
carefully after each merge.
 
> >> Definitely yes! This is a very dangerous snippet in Adobe's license
> >> which
> >> should be pretty clearly pointed at to every user.
> > 
> > Could that also include a alternative to adobe?  If there is one.
> 
> There are three open-source flash browser plugins in portage:
> - swfdec: development seems to have stalled
> - gnash: I have received mixed reports about the stability of the
> current version. The next release will include VA-API support and other
> improvements.
> - lightspark: a recent effort which is in its early stages and still
> incomplete in many ways (eg. audio support is planned for 0.4.2)
> 
> None of them I consider good enough to replace adobe-flash for the
> average user.

Unfortunately yes. Especially now that Adobe fails to provide x86_64 users a 
non-vulnerable plugin I'd very much prefer to use an open-source replacement 
that for sure would be fixed much faster in case it's affected by some security 
vulnerability as well.
One can only hope that flash finally vanishes from WWW now that HTML5 could 
become a good alternative...

> Regards,
> Chí-Thanh Christopher Nguyễn

-- 
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler


[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-17 22:14       ` Dale
  2010-06-17 22:37         ` Chí-Thanh Christopher Nguyễn
@ 2010-06-18  1:42         ` Brian Harring
  2010-06-18  6:10           ` Dale
  2010-06-18  9:08           ` Lars Wendler
  1 sibling, 2 replies; 17+ messages in thread
From: Brian Harring @ 2010-06-18  1:42 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]

On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> Lars Wendler wrote:
> > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> >    
> >> On 16-06-2010 14:40, Jim Ramsay wrote:
> >>      
> >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
> >>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>> download and install additional Content Protection software on the
> >>>> user's PC.
> >>>>          
> >>> Not like anyone will actually *read* the license before adding it to
> >>> their accept group, but if they did this would indeed be an important
> >>> thing of which users should be aware.
> >>>        
> >> I defend it is our job to warn users about this kind of details. To me
> >> it sounds that a einfo at post-build phase would do the job, what do you
> >> guys think?
> >>      
> > Definitely yes! This is a very dangerous snippet in Adobe's license which
> > should be pretty clearly pointed at to every user.
> >
> >    
> 
> Could that also include a alternative to adobe?  If there is one.

The place to advocate free alternatives (or upstreams that are 
nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at 
best in metadata.xml... einfo should be "this is the things to watch 
for in using this/setting it up" not "these guys are evil, use one of 
the free alternatives!".

Grok?

~harring

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18  1:42         ` Brian Harring
@ 2010-06-18  6:10           ` Dale
  2010-06-18  9:08           ` Lars Wendler
  1 sibling, 0 replies; 17+ messages in thread
From: Dale @ 2010-06-18  6:10 UTC (permalink / raw
  To: gentoo-dev

Brian Harring wrote:
> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>    
>> Lars Wendler wrote:
>>      
>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>>>
>>>        
>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
>>>>
>>>>          
>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>   wrote:
>>>>>            
>>>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>>>> download and install additional Content Protection software on the
>>>>>> user's PC.
>>>>>>
>>>>>>              
>>>>> Not like anyone will actually *read* the license before adding it to
>>>>> their accept group, but if they did this would indeed be an important
>>>>> thing of which users should be aware.
>>>>>
>>>>>            
>>>> I defend it is our job to warn users about this kind of details. To me
>>>> it sounds that a einfo at post-build phase would do the job, what do you
>>>> guys think?
>>>>
>>>>          
>>> Definitely yes! This is a very dangerous snippet in Adobe's license which
>>> should be pretty clearly pointed at to every user.
>>>
>>>
>>>        
>> Could that also include a alternative to adobe?  If there is one.
>>      
> The place to advocate free alternatives (or upstreams that are
> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
> best in metadata.xml... einfo should be "this is the things to watch
> for in using this/setting it up" not "these guys are evil, use one of
> the free alternatives!".
>
> Grok?
>
> ~harring
>    

I was thinking more along the lines of "the end user license has changed 
substantially for this package. If you don't accept the changes and want 
a alternative package, you can look into xyz or wyz." Nothing about 
being evil, just information.

This way the user knows it has changed, they can read it and then if 
they have problems with it, they can then use something else. I have all 
licenses accepted in my make.conf, as does another poster in this 
thread, but I do hope that I would be notified if a package is going to 
install or otherwise change my system. I'm using Gentoo because I DON'T 
want things installed that I don't know about. After all, the first line 
of defense in open source distros is the developers. Just think, would 
your reaction be different if it explicitly said it was going to install 
spyware? After all, no one knows what it may install and then do. Some 
users may decide they don't want to take that chance if they know about 
it. Right now, they may not even know about it. If I wasn't subscribed 
here, I wouldn't either.

Just my thoughts.

Dale

:-) :-)



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18  1:42         ` Brian Harring
  2010-06-18  6:10           ` Dale
@ 2010-06-18  9:08           ` Lars Wendler
  2010-06-18 10:16             ` Alec Warner
  1 sibling, 1 reply; 17+ messages in thread
From: Lars Wendler @ 2010-06-18  9:08 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: Text/Plain, Size: 1903 bytes --]

Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> > Lars Wendler wrote:
> > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> > >> On 16-06-2010 14:40, Jim Ramsay wrote:
> > >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
> > >>>> One notable section is 7.6 in which Adobe reserves the right to
> > >>>> download and install additional Content Protection software on the
> > >>>> user's PC.
> > >>> 
> > >>> Not like anyone will actually *read* the license before adding it to
> > >>> their accept group, but if they did this would indeed be an important
> > >>> thing of which users should be aware.
> > >> 
> > >> I defend it is our job to warn users about this kind of details. To me
> > >> it sounds that a einfo at post-build phase would do the job, what do
> > >> you guys think?
> > > 
> > > Definitely yes! This is a very dangerous snippet in Adobe's license
> > > which should be pretty clearly pointed at to every user.
> > 
> > Could that also include a alternative to adobe?  If there is one.
> 
> The place to advocate free alternatives (or upstreams that are
> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
> best in metadata.xml... einfo should be "this is the things to watch
> for in using this/setting it up" not "these guys are evil, use one of
> the free alternatives!".

Maybe I expressed myself a bit misinterpretative. I don't want to request an 
elog message telling users about alternative packages. But in my opinion an 
elog message pointing at the bald-faced parts of Adobe's license should be 
added. These parts about allowing Adobe to install further content protection 
software is just too dangerous in my opinion.

> Grok?
> 
> ~harring

-- 
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler


[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18  9:08           ` Lars Wendler
@ 2010-06-18 10:16             ` Alec Warner
  2010-06-18 13:58               ` Angelo Arrifano
  2010-06-19  2:25               ` [gentoo-dev] " Duncan
  0 siblings, 2 replies; 17+ messages in thread
From: Alec Warner @ 2010-06-18 10:16 UTC (permalink / raw
  To: gentoo-dev

On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote:
> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>> > Lars Wendler wrote:
>> > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>> > >> On 16-06-2010 14:40, Jim Ramsay wrote:
>> > >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
>> > >>>> One notable section is 7.6 in which Adobe reserves the right to
>> > >>>> download and install additional Content Protection software on the
>> > >>>> user's PC.
>> > >>>
>> > >>> Not like anyone will actually *read* the license before adding it to
>> > >>> their accept group, but if they did this would indeed be an important
>> > >>> thing of which users should be aware.
>> > >>
>> > >> I defend it is our job to warn users about this kind of details. To me
>> > >> it sounds that a einfo at post-build phase would do the job, what do
>> > >> you guys think?
>> > >
>> > > Definitely yes! This is a very dangerous snippet in Adobe's license
>> > > which should be pretty clearly pointed at to every user.
>> >
>> > Could that also include a alternative to adobe?  If there is one.
>>
>> The place to advocate free alternatives (or upstreams that are
>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
>> best in metadata.xml... einfo should be "this is the things to watch
>> for in using this/setting it up" not "these guys are evil, use one of
>> the free alternatives!".
>
> Maybe I expressed myself a bit misinterpretative. I don't want to request an
> elog message telling users about alternative packages. But in my opinion an
> elog message pointing at the bald-faced parts of Adobe's license should be
> added. These parts about allowing Adobe to install further content protection
> software is just too dangerous in my opinion.

I will ignore the technical portion where basically any binary on your
system; even binaries you compiled yourself have the ability to
'install things you do not like' when run as root (and sometimes when
run as a normal user as well.)

The real meat here is that you want Gentoo to take some kind of stand
on particular licensing terms.  I don't think this is a good
precedent[0] to set for our users.  It presumes we will essentially
read the license in its entirety and inform users of the parts that we
think are 'scary.'[1]  The user is the person who is installing and
running the software.  The user is the person who should be reading
and agreeing with any licensing terms lest they find the teams
unappealing.  I don't find it unreasonable to implement a tool as
Duncan suggested because it is not a judgement but a statement of
fact.  "The license for app/foo has changed from X to Y.  You should
review the changes accordingly by running <blah>"

[0] There is an existing precedent for reading the license and
ensuring Gentoo itself is not violating the license by distributing
said software.  Gentoo takes measures to reduce its own liability in
case a lawsuit arises; however this is a pretty narrow case.
[1] The other bad part here is that 'scary' is itself a judgement call
about licensing terms.  I do not want to have arguments with users
about which terms I should have to warn them about versus not.  Users
should (ideally) be reading the software licenses for software they
choose to use.

-A

>
>> Grok?
>>
>> ~harring
>
> --
> Lars Wendler (Polynomial-C)
> Gentoo developer and bug-wrangler
>
>



^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18 10:16             ` Alec Warner
@ 2010-06-18 13:58               ` Angelo Arrifano
  2010-06-18 17:56                 ` Brian Harring
  2010-06-23 18:41                 ` [gentoo-dev] " Domen Kožar
  2010-06-19  2:25               ` [gentoo-dev] " Duncan
  1 sibling, 2 replies; 17+ messages in thread
From: Angelo Arrifano @ 2010-06-18 13:58 UTC (permalink / raw
  To: gentoo-dev

On 18-06-2010 12:16, Alec Warner wrote:
> On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote:
>> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
>>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>>>> Lars Wendler wrote:
>>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
>>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
>>>>>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>>>>>> download and install additional Content Protection software on the
>>>>>>>> user's PC.
>>>>>>>
>>>>>>> Not like anyone will actually *read* the license before adding it to
>>>>>>> their accept group, but if they did this would indeed be an important
>>>>>>> thing of which users should be aware.
>>>>>>
>>>>>> I defend it is our job to warn users about this kind of details. To me
>>>>>> it sounds that a einfo at post-build phase would do the job, what do
>>>>>> you guys think?
>>>>>
>>>>> Definitely yes! This is a very dangerous snippet in Adobe's license
>>>>> which should be pretty clearly pointed at to every user.
>>>>
>>>> Could that also include a alternative to adobe?  If there is one.
>>>
>>> The place to advocate free alternatives (or upstreams that are
>>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
>>> best in metadata.xml... einfo should be "this is the things to watch
>>> for in using this/setting it up" not "these guys are evil, use one of
>>> the free alternatives!".

Why? You are running a free and opensource operating system, what's
wrong suggesting *other* free and opensource alternatives? You are just
providing the user a choice, not to actually oblige him to install anything.

Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
kernel driver when using the hardened profile.
>>
>> Maybe I expressed myself a bit misinterpretative. I don't want to request an
>> elog message telling users about alternative packages. But in my opinion an
>> elog message pointing at the bald-faced parts of Adobe's license should be
>> added. These parts about allowing Adobe to install further content protection
>> software is just too dangerous in my opinion.
> 
> I will ignore the technical portion where basically any binary on your
> system; even binaries you compiled yourself have the ability to
> 'install things you do not like' when run as root (and sometimes when
> run as a normal user as well.)

For all the years running Linux, I never found that case.
> 
> The real meat here is that you want Gentoo to take some kind of stand
> on particular licensing terms.  I don't think this is a good
> precedent[0] to set for our users.  It presumes we will essentially
> read the license in its entirety and inform users of the parts that we
> think are 'scary.'[1]  The user is the person who is installing and
> running the software.  The user is the person who should be reading
> and agreeing with any licensing terms lest they find the teams
> unappealing.  I don't find it unreasonable to implement a tool as
> Duncan suggested because it is not a judgement but a statement of
> fact.  "The license for app/foo has changed from X to Y.  You should
> review the changes accordingly by running <blah>"

I'm the person who initially proposed warning users on elog. The initial
proposal only states about:
1) A warning about change of licensing terms.
2) A warning that "additional Content Protection software" might be
installed without users consent.

In fact, portage already warns the users about bad coding practices,
install of executables with runtime text relocations, etc.. How is this
different?
If me, as a user, didn't know about such detail (who reads software
license agreements anyway?) and someday I hypothetically find a
executable running without my permission as my user account and I'm able
to associate it with Adobe's flash, I would be pissed off to no extent.
And guess what? First thing I would *blame* is flash maintainers.
I expect package maintainers to be more familiar with the packages they
maintain than me. As consequence, I expect them to advice me about
non-obvious details on those packages. At least that's what I try to do
on the packages I maintain.
GNU/Linux is all about choice. Stating, during install, that a package
might later install additional stuff will just provide a choice to the
user, not conditioning it.

Regards,
- Angelo
> 
> [0] There is an existing precedent for reading the license and
> ensuring Gentoo itself is not violating the license by distributing
> said software.  Gentoo takes measures to reduce its own liability in
> case a lawsuit arises; however this is a pretty narrow case.
> [1] The other bad part here is that 'scary' is itself a judgement call
> about licensing terms.  I do not want to have arguments with users
> about which terms I should have to warn them about versus not.  Users
> should (ideally) be reading the software licenses for software they
> choose to use.
> 
> -A
> 
>>
>>> Grok?
>>>
>>> ~harring
>>
>> --
>> Lars Wendler (Polynomial-C)
>> Gentoo developer and bug-wrangler
>>
>>
> 




^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18 13:58               ` Angelo Arrifano
@ 2010-06-18 17:56                 ` Brian Harring
  2010-06-19  2:29                   ` [gentoo-dev] " Duncan
  2010-06-23 18:41                 ` [gentoo-dev] " Domen Kožar
  1 sibling, 1 reply; 17+ messages in thread
From: Brian Harring @ 2010-06-18 17:56 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 3224 bytes --]

On Fri, Jun 18, 2010 at 03:58:22PM +0200, Angelo Arrifano wrote:
> Why? You are running a free and opensource operating system, what's
> wrong suggesting *other* free and opensource alternatives? You are just
> providing the user a choice, not to actually oblige him to install anything.

Some of us have 'no solicitation' signs on our doors for a reason.  If 
you're not familiar w/ the concept, it's essentially a legal warning 
to keep various idealogical people from coming up to our doors and 
trying to tell us how their particular religion will save our souls.

You've got some invalid assumptions here.  While gentoo infra is ran 
on strictly OSS, the tree has always been pragmatic- because it's the 
consumers *choice* if they want to run an idealogically pure system.  
What you're proposing is converting the tree away from it's neutral 
stance that "the consumer is an adult and can make their own 
decisions" to "the consumer should be told they should use a better 
<insert idealogy> pkg regardless of if it's equivalent in features".

This sort of thing is where I honestly wish there was a FSF 
no-solicitation sign I could purchase.

We have license filtering already, meaning the pkg in question isn't 
even visible on a default portage install.  This is equivalent to 
having a safety on the gun that is pkg merging.  Your request is at 
best requesting a second safety be added, at worst trying to push 
idealogical decisions into what is purely a technical matter.


> >> Maybe I expressed myself a bit misinterpretative. I don't want to request an
> >> elog message telling users about alternative packages. But in my opinion an
> >> elog message pointing at the bald-faced parts of Adobe's license should be
> >> added. These parts about allowing Adobe to install further content protection
> >> software is just too dangerous in my opinion.
> > 
> > I will ignore the technical portion where basically any binary on your
> > system; even binaries you compiled yourself have the ability to
> > 'install things you do not like' when run as root (and sometimes when
> > run as a normal user as well.)
> 
> For all the years running Linux, I never found that case.

That's reality.  If in doubt, read some glsa/cve's, or go read into 
the recent brewha about unrealircd.

Or go look into exactly what cpan, setuptools/dispatch, or gems do.  

Hell, look into the automated pkg updating in most integrated binary 
distro's.  Can't count the number of times they've installed shit I 
didn't want (specifically not wanting it because it broke my system 
yet again).


Simply put, you run whatever the hell you want on your system, 
literally, your choice.

I will not deprive you of that choice, nor will I stick in little 
nagging messages to pkgs you use suggesting you use something I think 
is idealogically better (whether it be DRM related, proprietary 
license, or just plain binary blobs).

Please show me the same respect I show you.  Deal?

It really is that simple from where I'm sitting.  The user is an 
adult, they're free to make whatever decision they want (even if you 
vehemently think said decision is wrong).

~harring

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [gentoo-dev] Re: Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18 10:16             ` Alec Warner
  2010-06-18 13:58               ` Angelo Arrifano
@ 2010-06-19  2:25               ` Duncan
  1 sibling, 0 replies; 17+ messages in thread
From: Duncan @ 2010-06-19  2:25 UTC (permalink / raw
  To: gentoo-dev

Alec Warner posted on Fri, 18 Jun 2010 03:16:36 -0700 as excerpted:

> I don't find it unreasonable to implement a tool as Duncan suggested
> because it is not a judgement but a statement of fact.  "The license for
> app/foo has changed from X to Y.  You should review the changes
> accordingly by running <blah>"

Just noting that it wasn't me that made that suggestion, it was Dale.  
Credit where credit is due and all that.  FWIW, I agree it'd be nice, but 
also think it sounds like it it could be more work than it's worth -- 
unless someone with the skills and the itch wants to scratch it, of course.

(I hadn't replied to this thread previous to this.  Not that I hadn't 
thought about it, but for a moment there, I was wondering if I had replied 
when half asleep (I don't drink so couldn't use /that/ excuse), thus no 
memory of it, and was wondering in alarm what else I might have said! So 
it was with some relief that I realized it was Dale's suggestion you were 
talking about, not mine.  =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman




^ permalink raw reply	[flat|nested] 17+ messages in thread

* [gentoo-dev] Re: Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18 17:56                 ` Brian Harring
@ 2010-06-19  2:29                   ` Duncan
  0 siblings, 0 replies; 17+ messages in thread
From: Duncan @ 2010-06-19  2:29 UTC (permalink / raw
  To: gentoo-dev

Brian Harring posted on Fri, 18 Jun 2010 10:56:19 -0700 as excerpted:

> We have license filtering already, meaning the pkg in question isn't
> even visible on a default portage install.  This is equivalent to having
> a safety on the gun that is pkg merging.  Your request is at best
> requesting a second safety be added, at worst trying to push idealogical
> decisions into what is purely a technical matter.

Well made point.  Thanks.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman




^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-18 13:58               ` Angelo Arrifano
  2010-06-18 17:56                 ` Brian Harring
@ 2010-06-23 18:41                 ` Domen Kožar
  2010-06-24  5:59                   ` Thilo Bangert
  1 sibling, 1 reply; 17+ messages in thread
From: Domen Kožar @ 2010-06-23 18:41 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 5674 bytes --]

This should probably be updated:

http://www.gentoo.org/doc/en/gentoo-amd64-faq.xml#flash

On Fri, 2010-06-18 at 15:58 +0200, Angelo Arrifano wrote:
> On 18-06-2010 12:16, Alec Warner wrote:
> > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote:
> >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
> >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> >>>> Lars Wendler wrote:
> >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
> >>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
> >>>>>>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>>>>>> download and install additional Content Protection software on the
> >>>>>>>> user's PC.
> >>>>>>>
> >>>>>>> Not like anyone will actually *read* the license before adding it to
> >>>>>>> their accept group, but if they did this would indeed be an important
> >>>>>>> thing of which users should be aware.
> >>>>>>
> >>>>>> I defend it is our job to warn users about this kind of details. To me
> >>>>>> it sounds that a einfo at post-build phase would do the job, what do
> >>>>>> you guys think?
> >>>>>
> >>>>> Definitely yes! This is a very dangerous snippet in Adobe's license
> >>>>> which should be pretty clearly pointed at to every user.
> >>>>
> >>>> Could that also include a alternative to adobe?  If there is one.
> >>>
> >>> The place to advocate free alternatives (or upstreams that are
> >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
> >>> best in metadata.xml... einfo should be "this is the things to watch
> >>> for in using this/setting it up" not "these guys are evil, use one of
> >>> the free alternatives!".
> 
> Why? You are running a free and opensource operating system, what's
> wrong suggesting *other* free and opensource alternatives? You are just
> providing the user a choice, not to actually oblige him to install anything.
> 
> Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
> kernel driver when using the hardened profile.
> >>
> >> Maybe I expressed myself a bit misinterpretative. I don't want to request an
> >> elog message telling users about alternative packages. But in my opinion an
> >> elog message pointing at the bald-faced parts of Adobe's license should be
> >> added. These parts about allowing Adobe to install further content protection
> >> software is just too dangerous in my opinion.
> > 
> > I will ignore the technical portion where basically any binary on your
> > system; even binaries you compiled yourself have the ability to
> > 'install things you do not like' when run as root (and sometimes when
> > run as a normal user as well.)
> 
> For all the years running Linux, I never found that case.
> > 
> > The real meat here is that you want Gentoo to take some kind of stand
> > on particular licensing terms.  I don't think this is a good
> > precedent[0] to set for our users.  It presumes we will essentially
> > read the license in its entirety and inform users of the parts that we
> > think are 'scary.'[1]  The user is the person who is installing and
> > running the software.  The user is the person who should be reading
> > and agreeing with any licensing terms lest they find the teams
> > unappealing.  I don't find it unreasonable to implement a tool as
> > Duncan suggested because it is not a judgement but a statement of
> > fact.  "The license for app/foo has changed from X to Y.  You should
> > review the changes accordingly by running <blah>"
> 
> I'm the person who initially proposed warning users on elog. The initial
> proposal only states about:
> 1) A warning about change of licensing terms.
> 2) A warning that "additional Content Protection software" might be
> installed without users consent.
> 
> In fact, portage already warns the users about bad coding practices,
> install of executables with runtime text relocations, etc.. How is this
> different?
> If me, as a user, didn't know about such detail (who reads software
> license agreements anyway?) and someday I hypothetically find a
> executable running without my permission as my user account and I'm able
> to associate it with Adobe's flash, I would be pissed off to no extent.
> And guess what? First thing I would *blame* is flash maintainers.
> I expect package maintainers to be more familiar with the packages they
> maintain than me. As consequence, I expect them to advice me about
> non-obvious details on those packages. At least that's what I try to do
> on the packages I maintain.
> GNU/Linux is all about choice. Stating, during install, that a package
> might later install additional stuff will just provide a choice to the
> user, not conditioning it.
> 
> Regards,
> - Angelo
> > 
> > [0] There is an existing precedent for reading the license and
> > ensuring Gentoo itself is not violating the license by distributing
> > said software.  Gentoo takes measures to reduce its own liability in
> > case a lawsuit arises; however this is a pretty narrow case.
> > [1] The other bad part here is that 'scary' is itself a judgement call
> > about licensing terms.  I do not want to have arguments with users
> > about which terms I should have to warn them about versus not.  Users
> > should (ideally) be reading the software licenses for software they
> > choose to use.
> > 
> > -A
> > 
> >>
> >>> Grok?
> >>>
> >>> ~harring
> >>
> >> --
> >> Lars Wendler (Polynomial-C)
> >> Gentoo developer and bug-wrangler
> >>
> >>
> > 
> 
> 


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group
  2010-06-23 18:41                 ` [gentoo-dev] " Domen Kožar
@ 2010-06-24  5:59                   ` Thilo Bangert
  0 siblings, 0 replies; 17+ messages in thread
From: Thilo Bangert @ 2010-06-24  5:59 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: Text/Plain, Size: 6239 bytes --]

Domen Kožar <domen@dev.si> said:
> This should probably be updated:
> 
> http://www.gentoo.org/doc/en/gentoo-amd64-faq.xml#flash

Thanks for noticing this. Everybodies input makes Gentoo a great place to 
be!

Now, if you want that extra chocolate chip cookie, please head over to 
https://bugs.gentoo.org and report the issue there. ;-)
(remember to search for duplicates first).

Thanks
kind regards
Thilo


> 
> On Fri, 2010-06-18 at 15:58 +0200, Angelo Arrifano wrote:
> > On 18-06-2010 12:16, Alec Warner wrote:
> > > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-
c@gentoo.org> wrote:
> > >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
> > >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> > >>>> Lars Wendler wrote:
> > >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> > >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
> > >>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org>  wrote:
> > >>>>>>>> One notable section is 7.6 in which Adobe reserves the right
> > >>>>>>>> to download and install additional Content Protection
> > >>>>>>>> software on the user's PC.
> > >>>>>>> 
> > >>>>>>> Not like anyone will actually *read* the license before
> > >>>>>>> adding it to their accept group, but if they did this would
> > >>>>>>> indeed be an important thing of which users should be aware.
> > >>>>>> 
> > >>>>>> I defend it is our job to warn users about this kind of
> > >>>>>> details. To me it sounds that a einfo at post-build phase
> > >>>>>> would do the job, what do you guys think?
> > >>>>> 
> > >>>>> Definitely yes! This is a very dangerous snippet in Adobe's
> > >>>>> license which should be pretty clearly pointed at to every
> > >>>>> user.
> > >>>> 
> > >>>> Could that also include a alternative to adobe?  If there is
> > >>>> one.
> > >>> 
> > >>> The place to advocate free alternatives (or upstreams that are
> > >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs
> > >>> or at best in metadata.xml... einfo should be "this is the
> > >>> things to watch for in using this/setting it up" not "these guys
> > >>> are evil, use one of the free alternatives!".
> > 
> > Why? You are running a free and opensource operating system, what's
> > wrong suggesting *other* free and opensource alternatives? You are
> > just providing the user a choice, not to actually oblige him to
> > install anything.
> > 
> > Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
> > kernel driver when using the hardened profile.
> > 
> > >> Maybe I expressed myself a bit misinterpretative. I don't want to
> > >> request an elog message telling users about alternative packages.
> > >> But in my opinion an elog message pointing at the bald-faced
> > >> parts of Adobe's license should be added. These parts about
> > >> allowing Adobe to install further content protection software is
> > >> just too dangerous in my opinion.
> > > 
> > > I will ignore the technical portion where basically any binary on
> > > your system; even binaries you compiled yourself have the ability
> > > to 'install things you do not like' when run as root (and
> > > sometimes when run as a normal user as well.)
> > 
> > For all the years running Linux, I never found that case.
> > 
> > > The real meat here is that you want Gentoo to take some kind of
> > > stand on particular licensing terms.  I don't think this is a good
> > > precedent[0] to set for our users.  It presumes we will
> > > essentially read the license in its entirety and inform users of
> > > the parts that we think are 'scary.'[1]  The user is the person
> > > who is installing and running the software.  The user is the
> > > person who should be reading and agreeing with any licensing terms
> > > lest they find the teams unappealing.  I don't find it
> > > unreasonable to implement a tool as Duncan suggested because it is
> > > not a judgement but a statement of fact.  "The license for app/foo
> > > has changed from X to Y.  You should review the changes
> > > accordingly by running <blah>"
> > 
> > I'm the person who initially proposed warning users on elog. The
> > initial proposal only states about:
> > 1) A warning about change of licensing terms.
> > 2) A warning that "additional Content Protection software" might be
> > installed without users consent.
> > 
> > In fact, portage already warns the users about bad coding practices,
> > install of executables with runtime text relocations, etc.. How is
> > this different?
> > If me, as a user, didn't know about such detail (who reads software
> > license agreements anyway?) and someday I hypothetically find a
> > executable running without my permission as my user account and I'm
> > able to associate it with Adobe's flash, I would be pissed off to no
> > extent. And guess what? First thing I would *blame* is flash
> > maintainers. I expect package maintainers to be more familiar with
> > the packages they maintain than me. As consequence, I expect them to
> > advice me about non-obvious details on those packages. At least
> > that's what I try to do on the packages I maintain.
> > GNU/Linux is all about choice. Stating, during install, that a
> > package might later install additional stuff will just provide a
> > choice to the user, not conditioning it.
> > 
> > Regards,
> > - Angelo
> > 
> > > [0] There is an existing precedent for reading the license and
> > > ensuring Gentoo itself is not violating the license by distributing
> > > said software.  Gentoo takes measures to reduce its own liability
> > > in case a lawsuit arises; however this is a pretty narrow case.
> > > [1] The other bad part here is that 'scary' is itself a judgement
> > > call about licensing terms.  I do not want to have arguments with
> > > users about which terms I should have to warn them about versus
> > > not.  Users should (ideally) be reading the software licenses for
> > > software they choose to use.
> > > 
> > > -A
> > > 
> > >>> Grok?
> > >>> 
> > >>> ~harring
> > >> 
> > >> --
> > >> Lars Wendler (Polynomial-C)
> > >> Gentoo developer and bug-wrangler


[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2010-06-24  5:59 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-14 21:20 [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group Chí-Thanh Christopher Nguyễn
2010-06-16 12:40 ` Jim Ramsay
2010-06-16 12:45   ` Angelo Arrifano
2010-06-17 22:06     ` Lars Wendler
2010-06-17 22:14       ` Dale
2010-06-17 22:37         ` Chí-Thanh Christopher Nguyễn
2010-06-17 23:20           ` Lars Wendler
2010-06-18  1:42         ` Brian Harring
2010-06-18  6:10           ` Dale
2010-06-18  9:08           ` Lars Wendler
2010-06-18 10:16             ` Alec Warner
2010-06-18 13:58               ` Angelo Arrifano
2010-06-18 17:56                 ` Brian Harring
2010-06-19  2:29                   ` [gentoo-dev] " Duncan
2010-06-23 18:41                 ` [gentoo-dev] " Domen Kožar
2010-06-24  5:59                   ` Thilo Bangert
2010-06-19  2:25               ` [gentoo-dev] " Duncan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox