* [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group @ 2010-06-14 21:20 Chí-Thanh Christopher Nguyễn 2010-06-16 12:40 ` Jim Ramsay 0 siblings, 1 reply; 17+ messages in thread From: Chí-Thanh Christopher Nguyễn @ 2010-06-14 21:20 UTC (permalink / raw To: gentoo-dev Hi, www-plugins/adobe-flash has a new license[1] which refers to itself as "License Agreement" and in section 1.2 "BINDING AGREEMENT" states that the user must accept the agreement in order to use the software. I propose that this license be added to the EULA group. The previous AdobeFlash-10 license is similar in this regard, and could possibly also be added to that group. One notable section is 7.6 in which Adobe reserves the right to download and install additional Content Protection software on the user's PC. Your thoughts? Regards, Chí-Thanh Christopher Nguyễn [1] https://bugs.gentoo.org/show_bug.cgi?id=323837 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-14 21:20 [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group Chí-Thanh Christopher Nguyễn @ 2010-06-16 12:40 ` Jim Ramsay 2010-06-16 12:45 ` Angelo Arrifano 0 siblings, 1 reply; 17+ messages in thread From: Jim Ramsay @ 2010-06-16 12:40 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 717 bytes --] Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote: > I propose that this license be added to the EULA group. The previous > AdobeFlash-10 license is similar in this regard, and could possibly > also be added to that group. Agreed, on both points, and done. Thanks for finding and airing this issue! > One notable section is 7.6 in which Adobe reserves the right to > download and install additional Content Protection software on the > user's PC. Not like anyone will actually *read* the license before adding it to their accept group, but if they did this would indeed be an important thing of which users should be aware. -- Jim Ramsay Gentoo Developer (rox/fluxbox/gkrellm/vim) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-16 12:40 ` Jim Ramsay @ 2010-06-16 12:45 ` Angelo Arrifano 2010-06-17 22:06 ` Lars Wendler 0 siblings, 1 reply; 17+ messages in thread From: Angelo Arrifano @ 2010-06-16 12:45 UTC (permalink / raw To: gentoo-dev On 16-06-2010 14:40, Jim Ramsay wrote: > Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote: >> I propose that this license be added to the EULA group. The previous >> AdobeFlash-10 license is similar in this regard, and could possibly >> also be added to that group. > > Agreed, on both points, and done. Thanks for finding and airing this > issue! > >> One notable section is 7.6 in which Adobe reserves the right to >> download and install additional Content Protection software on the >> user's PC. > > Not like anyone will actually *read* the license before adding it to > their accept group, but if they did this would indeed be an important > thing of which users should be aware. > I defend it is our job to warn users about this kind of details. To me it sounds that a einfo at post-build phase would do the job, what do you guys think? ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-16 12:45 ` Angelo Arrifano @ 2010-06-17 22:06 ` Lars Wendler 2010-06-17 22:14 ` Dale 0 siblings, 1 reply; 17+ messages in thread From: Lars Wendler @ 2010-06-17 22:06 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: Text/Plain, Size: 1182 bytes --] Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > On 16-06-2010 14:40, Jim Ramsay wrote: > > Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote: > >> I propose that this license be added to the EULA group. The previous > >> AdobeFlash-10 license is similar in this regard, and could possibly > >> also be added to that group. > > > > Agreed, on both points, and done. Thanks for finding and airing this > > issue! > > > >> One notable section is 7.6 in which Adobe reserves the right to > >> download and install additional Content Protection software on the > >> user's PC. > > > > Not like anyone will actually *read* the license before adding it to > > their accept group, but if they did this would indeed be an important > > thing of which users should be aware. > > I defend it is our job to warn users about this kind of details. To me > it sounds that a einfo at post-build phase would do the job, what do you > guys think? Definitely yes! This is a very dangerous snippet in Adobe's license which should be pretty clearly pointed at to every user. -- Lars Wendler (Polynomial-C) Gentoo developer and bug-wrangler [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-17 22:06 ` Lars Wendler @ 2010-06-17 22:14 ` Dale 2010-06-17 22:37 ` Chí-Thanh Christopher Nguyễn 2010-06-18 1:42 ` Brian Harring 0 siblings, 2 replies; 17+ messages in thread From: Dale @ 2010-06-17 22:14 UTC (permalink / raw To: gentoo-dev Lars Wendler wrote: > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > >> On 16-06-2010 14:40, Jim Ramsay wrote: >> >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: >>> >>>> I propose that this license be added to the EULA group. The previous >>>> AdobeFlash-10 license is similar in this regard, and could possibly >>>> also be added to that group. >>>> >>> Agreed, on both points, and done. Thanks for finding and airing this >>> issue! >>> >>> >>>> One notable section is 7.6 in which Adobe reserves the right to >>>> download and install additional Content Protection software on the >>>> user's PC. >>>> >>> Not like anyone will actually *read* the license before adding it to >>> their accept group, but if they did this would indeed be an important >>> thing of which users should be aware. >>> >> I defend it is our job to warn users about this kind of details. To me >> it sounds that a einfo at post-build phase would do the job, what do you >> guys think? >> > Definitely yes! This is a very dangerous snippet in Adobe's license which > should be pretty clearly pointed at to every user. > > Could that also include a alternative to adobe? If there is one. Dale :-) :-) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-17 22:14 ` Dale @ 2010-06-17 22:37 ` Chí-Thanh Christopher Nguyễn 2010-06-17 23:20 ` Lars Wendler 2010-06-18 1:42 ` Brian Harring 1 sibling, 1 reply; 17+ messages in thread From: Chí-Thanh Christopher Nguyễn @ 2010-06-17 22:37 UTC (permalink / raw To: gentoo-dev Dale schrieb: >>>>> One notable section is 7.6 in which Adobe reserves the right to >>>>> download and install additional Content Protection software on the >>>>> user's PC. >>>> Not like anyone will actually *read* the license before adding it to >>>> their accept group, but if they did this would indeed be an important >>>> thing of which users should be aware. >>> I defend it is our job to warn users about this kind of details. To me >>> it sounds that a einfo at post-build phase would do the job, what do >>> you >>> guys think? Though I am not opposed to adding a warning, I think the license mask is sufficient. If users demonstrate their indifference by setting ACCEPT_LICENSE="*" or adding AdobeFlash-10.1 without reading the license, then I somehow doubt that elog messages will have an effect. >> Definitely yes! This is a very dangerous snippet in Adobe's license >> which >> should be pretty clearly pointed at to every user. >> > > Could that also include a alternative to adobe? If there is one. There are three open-source flash browser plugins in portage: - swfdec: development seems to have stalled - gnash: I have received mixed reports about the stability of the current version. The next release will include VA-API support and other improvements. - lightspark: a recent effort which is in its early stages and still incomplete in many ways (eg. audio support is planned for 0.4.2) None of them I consider good enough to replace adobe-flash for the average user. Regards, Chí-Thanh Christopher Nguyễn ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-17 22:37 ` Chí-Thanh Christopher Nguyễn @ 2010-06-17 23:20 ` Lars Wendler 0 siblings, 0 replies; 17+ messages in thread From: Lars Wendler @ 2010-06-17 23:20 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: Text/Plain, Size: 2443 bytes --] Am Freitag 18 Juni 2010, 00:37:29 schrieb Chí-Thanh Christopher Nguyễn: > Dale schrieb: > >>>>> One notable section is 7.6 in which Adobe reserves the right to > >>>>> download and install additional Content Protection software on the > >>>>> user's PC. > >>>> > >>>> Not like anyone will actually *read* the license before adding it to > >>>> their accept group, but if they did this would indeed be an important > >>>> thing of which users should be aware. > >>> > >>> I defend it is our job to warn users about this kind of details. To me > >>> it sounds that a einfo at post-build phase would do the job, what do > >>> you > >>> guys think? > > Though I am not opposed to adding a warning, I think the license mask is > sufficient. If users demonstrate their indifference by setting > ACCEPT_LICENSE="*" or adding AdobeFlash-10.1 without reading the > license, then I somehow doubt that elog messages will have an effect. Maybe I'm quite alone with that but I have ACCEPT_LICENSE="*" because I hate to edit my make.conf each time I try to emerge a package with yet another license that is missing in the variable. But I still watch for elog messages carefully after each merge. > >> Definitely yes! This is a very dangerous snippet in Adobe's license > >> which > >> should be pretty clearly pointed at to every user. > > > > Could that also include a alternative to adobe? If there is one. > > There are three open-source flash browser plugins in portage: > - swfdec: development seems to have stalled > - gnash: I have received mixed reports about the stability of the > current version. The next release will include VA-API support and other > improvements. > - lightspark: a recent effort which is in its early stages and still > incomplete in many ways (eg. audio support is planned for 0.4.2) > > None of them I consider good enough to replace adobe-flash for the > average user. Unfortunately yes. Especially now that Adobe fails to provide x86_64 users a non-vulnerable plugin I'd very much prefer to use an open-source replacement that for sure would be fixed much faster in case it's affected by some security vulnerability as well. One can only hope that flash finally vanishes from WWW now that HTML5 could become a good alternative... > Regards, > Chí-Thanh Christopher Nguyễn -- Lars Wendler (Polynomial-C) Gentoo developer and bug-wrangler [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-17 22:14 ` Dale 2010-06-17 22:37 ` Chí-Thanh Christopher Nguyễn @ 2010-06-18 1:42 ` Brian Harring 2010-06-18 6:10 ` Dale 2010-06-18 9:08 ` Lars Wendler 1 sibling, 2 replies; 17+ messages in thread From: Brian Harring @ 2010-06-18 1:42 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 1412 bytes --] On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: > Lars Wendler wrote: > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > > > >> On 16-06-2010 14:40, Jim Ramsay wrote: > >> > >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: > >>>> One notable section is 7.6 in which Adobe reserves the right to > >>>> download and install additional Content Protection software on the > >>>> user's PC. > >>>> > >>> Not like anyone will actually *read* the license before adding it to > >>> their accept group, but if they did this would indeed be an important > >>> thing of which users should be aware. > >>> > >> I defend it is our job to warn users about this kind of details. To me > >> it sounds that a einfo at post-build phase would do the job, what do you > >> guys think? > >> > > Definitely yes! This is a very dangerous snippet in Adobe's license which > > should be pretty clearly pointed at to every user. > > > > > > Could that also include a alternative to adobe? If there is one. The place to advocate free alternatives (or upstreams that are nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at best in metadata.xml... einfo should be "this is the things to watch for in using this/setting it up" not "these guys are evil, use one of the free alternatives!". Grok? ~harring [-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 1:42 ` Brian Harring @ 2010-06-18 6:10 ` Dale 2010-06-18 9:08 ` Lars Wendler 1 sibling, 0 replies; 17+ messages in thread From: Dale @ 2010-06-18 6:10 UTC (permalink / raw To: gentoo-dev Brian Harring wrote: > On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: > >> Lars Wendler wrote: >> >>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: >>> >>> >>>> On 16-06-2010 14:40, Jim Ramsay wrote: >>>> >>>> >>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: >>>>> >>>>>> One notable section is 7.6 in which Adobe reserves the right to >>>>>> download and install additional Content Protection software on the >>>>>> user's PC. >>>>>> >>>>>> >>>>> Not like anyone will actually *read* the license before adding it to >>>>> their accept group, but if they did this would indeed be an important >>>>> thing of which users should be aware. >>>>> >>>>> >>>> I defend it is our job to warn users about this kind of details. To me >>>> it sounds that a einfo at post-build phase would do the job, what do you >>>> guys think? >>>> >>>> >>> Definitely yes! This is a very dangerous snippet in Adobe's license which >>> should be pretty clearly pointed at to every user. >>> >>> >>> >> Could that also include a alternative to adobe? If there is one. >> > The place to advocate free alternatives (or upstreams that are > nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at > best in metadata.xml... einfo should be "this is the things to watch > for in using this/setting it up" not "these guys are evil, use one of > the free alternatives!". > > Grok? > > ~harring > I was thinking more along the lines of "the end user license has changed substantially for this package. If you don't accept the changes and want a alternative package, you can look into xyz or wyz." Nothing about being evil, just information. This way the user knows it has changed, they can read it and then if they have problems with it, they can then use something else. I have all licenses accepted in my make.conf, as does another poster in this thread, but I do hope that I would be notified if a package is going to install or otherwise change my system. I'm using Gentoo because I DON'T want things installed that I don't know about. After all, the first line of defense in open source distros is the developers. Just think, would your reaction be different if it explicitly said it was going to install spyware? After all, no one knows what it may install and then do. Some users may decide they don't want to take that chance if they know about it. Right now, they may not even know about it. If I wasn't subscribed here, I wouldn't either. Just my thoughts. Dale :-) :-) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 1:42 ` Brian Harring 2010-06-18 6:10 ` Dale @ 2010-06-18 9:08 ` Lars Wendler 2010-06-18 10:16 ` Alec Warner 1 sibling, 1 reply; 17+ messages in thread From: Lars Wendler @ 2010-06-18 9:08 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: Text/Plain, Size: 1903 bytes --] Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring: > On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: > > Lars Wendler wrote: > > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > > >> On 16-06-2010 14:40, Jim Ramsay wrote: > > >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: > > >>>> One notable section is 7.6 in which Adobe reserves the right to > > >>>> download and install additional Content Protection software on the > > >>>> user's PC. > > >>> > > >>> Not like anyone will actually *read* the license before adding it to > > >>> their accept group, but if they did this would indeed be an important > > >>> thing of which users should be aware. > > >> > > >> I defend it is our job to warn users about this kind of details. To me > > >> it sounds that a einfo at post-build phase would do the job, what do > > >> you guys think? > > > > > > Definitely yes! This is a very dangerous snippet in Adobe's license > > > which should be pretty clearly pointed at to every user. > > > > Could that also include a alternative to adobe? If there is one. > > The place to advocate free alternatives (or upstreams that are > nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at > best in metadata.xml... einfo should be "this is the things to watch > for in using this/setting it up" not "these guys are evil, use one of > the free alternatives!". Maybe I expressed myself a bit misinterpretative. I don't want to request an elog message telling users about alternative packages. But in my opinion an elog message pointing at the bald-faced parts of Adobe's license should be added. These parts about allowing Adobe to install further content protection software is just too dangerous in my opinion. > Grok? > > ~harring -- Lars Wendler (Polynomial-C) Gentoo developer and bug-wrangler [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 9:08 ` Lars Wendler @ 2010-06-18 10:16 ` Alec Warner 2010-06-18 13:58 ` Angelo Arrifano 2010-06-19 2:25 ` [gentoo-dev] " Duncan 0 siblings, 2 replies; 17+ messages in thread From: Alec Warner @ 2010-06-18 10:16 UTC (permalink / raw To: gentoo-dev On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote: > Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring: >> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: >> > Lars Wendler wrote: >> > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: >> > >> On 16-06-2010 14:40, Jim Ramsay wrote: >> > >>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: >> > >>>> One notable section is 7.6 in which Adobe reserves the right to >> > >>>> download and install additional Content Protection software on the >> > >>>> user's PC. >> > >>> >> > >>> Not like anyone will actually *read* the license before adding it to >> > >>> their accept group, but if they did this would indeed be an important >> > >>> thing of which users should be aware. >> > >> >> > >> I defend it is our job to warn users about this kind of details. To me >> > >> it sounds that a einfo at post-build phase would do the job, what do >> > >> you guys think? >> > > >> > > Definitely yes! This is a very dangerous snippet in Adobe's license >> > > which should be pretty clearly pointed at to every user. >> > >> > Could that also include a alternative to adobe? If there is one. >> >> The place to advocate free alternatives (or upstreams that are >> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at >> best in metadata.xml... einfo should be "this is the things to watch >> for in using this/setting it up" not "these guys are evil, use one of >> the free alternatives!". > > Maybe I expressed myself a bit misinterpretative. I don't want to request an > elog message telling users about alternative packages. But in my opinion an > elog message pointing at the bald-faced parts of Adobe's license should be > added. These parts about allowing Adobe to install further content protection > software is just too dangerous in my opinion. I will ignore the technical portion where basically any binary on your system; even binaries you compiled yourself have the ability to 'install things you do not like' when run as root (and sometimes when run as a normal user as well.) The real meat here is that you want Gentoo to take some kind of stand on particular licensing terms. I don't think this is a good precedent[0] to set for our users. It presumes we will essentially read the license in its entirety and inform users of the parts that we think are 'scary.'[1] The user is the person who is installing and running the software. The user is the person who should be reading and agreeing with any licensing terms lest they find the teams unappealing. I don't find it unreasonable to implement a tool as Duncan suggested because it is not a judgement but a statement of fact. "The license for app/foo has changed from X to Y. You should review the changes accordingly by running <blah>" [0] There is an existing precedent for reading the license and ensuring Gentoo itself is not violating the license by distributing said software. Gentoo takes measures to reduce its own liability in case a lawsuit arises; however this is a pretty narrow case. [1] The other bad part here is that 'scary' is itself a judgement call about licensing terms. I do not want to have arguments with users about which terms I should have to warn them about versus not. Users should (ideally) be reading the software licenses for software they choose to use. -A > >> Grok? >> >> ~harring > > -- > Lars Wendler (Polynomial-C) > Gentoo developer and bug-wrangler > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 10:16 ` Alec Warner @ 2010-06-18 13:58 ` Angelo Arrifano 2010-06-18 17:56 ` Brian Harring 2010-06-23 18:41 ` [gentoo-dev] " Domen Kožar 2010-06-19 2:25 ` [gentoo-dev] " Duncan 1 sibling, 2 replies; 17+ messages in thread From: Angelo Arrifano @ 2010-06-18 13:58 UTC (permalink / raw To: gentoo-dev On 18-06-2010 12:16, Alec Warner wrote: > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote: >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring: >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: >>>> Lars Wendler wrote: >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote: >>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: >>>>>>>> One notable section is 7.6 in which Adobe reserves the right to >>>>>>>> download and install additional Content Protection software on the >>>>>>>> user's PC. >>>>>>> >>>>>>> Not like anyone will actually *read* the license before adding it to >>>>>>> their accept group, but if they did this would indeed be an important >>>>>>> thing of which users should be aware. >>>>>> >>>>>> I defend it is our job to warn users about this kind of details. To me >>>>>> it sounds that a einfo at post-build phase would do the job, what do >>>>>> you guys think? >>>>> >>>>> Definitely yes! This is a very dangerous snippet in Adobe's license >>>>> which should be pretty clearly pointed at to every user. >>>> >>>> Could that also include a alternative to adobe? If there is one. >>> >>> The place to advocate free alternatives (or upstreams that are >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at >>> best in metadata.xml... einfo should be "this is the things to watch >>> for in using this/setting it up" not "these guys are evil, use one of >>> the free alternatives!". Why? You are running a free and opensource operating system, what's wrong suggesting *other* free and opensource alternatives? You are just providing the user a choice, not to actually oblige him to install anything. Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the kernel driver when using the hardened profile. >> >> Maybe I expressed myself a bit misinterpretative. I don't want to request an >> elog message telling users about alternative packages. But in my opinion an >> elog message pointing at the bald-faced parts of Adobe's license should be >> added. These parts about allowing Adobe to install further content protection >> software is just too dangerous in my opinion. > > I will ignore the technical portion where basically any binary on your > system; even binaries you compiled yourself have the ability to > 'install things you do not like' when run as root (and sometimes when > run as a normal user as well.) For all the years running Linux, I never found that case. > > The real meat here is that you want Gentoo to take some kind of stand > on particular licensing terms. I don't think this is a good > precedent[0] to set for our users. It presumes we will essentially > read the license in its entirety and inform users of the parts that we > think are 'scary.'[1] The user is the person who is installing and > running the software. The user is the person who should be reading > and agreeing with any licensing terms lest they find the teams > unappealing. I don't find it unreasonable to implement a tool as > Duncan suggested because it is not a judgement but a statement of > fact. "The license for app/foo has changed from X to Y. You should > review the changes accordingly by running <blah>" I'm the person who initially proposed warning users on elog. The initial proposal only states about: 1) A warning about change of licensing terms. 2) A warning that "additional Content Protection software" might be installed without users consent. In fact, portage already warns the users about bad coding practices, install of executables with runtime text relocations, etc.. How is this different? If me, as a user, didn't know about such detail (who reads software license agreements anyway?) and someday I hypothetically find a executable running without my permission as my user account and I'm able to associate it with Adobe's flash, I would be pissed off to no extent. And guess what? First thing I would *blame* is flash maintainers. I expect package maintainers to be more familiar with the packages they maintain than me. As consequence, I expect them to advice me about non-obvious details on those packages. At least that's what I try to do on the packages I maintain. GNU/Linux is all about choice. Stating, during install, that a package might later install additional stuff will just provide a choice to the user, not conditioning it. Regards, - Angelo > > [0] There is an existing precedent for reading the license and > ensuring Gentoo itself is not violating the license by distributing > said software. Gentoo takes measures to reduce its own liability in > case a lawsuit arises; however this is a pretty narrow case. > [1] The other bad part here is that 'scary' is itself a judgement call > about licensing terms. I do not want to have arguments with users > about which terms I should have to warn them about versus not. Users > should (ideally) be reading the software licenses for software they > choose to use. > > -A > >> >>> Grok? >>> >>> ~harring >> >> -- >> Lars Wendler (Polynomial-C) >> Gentoo developer and bug-wrangler >> >> > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 13:58 ` Angelo Arrifano @ 2010-06-18 17:56 ` Brian Harring 2010-06-19 2:29 ` [gentoo-dev] " Duncan 2010-06-23 18:41 ` [gentoo-dev] " Domen Kožar 1 sibling, 1 reply; 17+ messages in thread From: Brian Harring @ 2010-06-18 17:56 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 3224 bytes --] On Fri, Jun 18, 2010 at 03:58:22PM +0200, Angelo Arrifano wrote: > Why? You are running a free and opensource operating system, what's > wrong suggesting *other* free and opensource alternatives? You are just > providing the user a choice, not to actually oblige him to install anything. Some of us have 'no solicitation' signs on our doors for a reason. If you're not familiar w/ the concept, it's essentially a legal warning to keep various idealogical people from coming up to our doors and trying to tell us how their particular religion will save our souls. You've got some invalid assumptions here. While gentoo infra is ran on strictly OSS, the tree has always been pragmatic- because it's the consumers *choice* if they want to run an idealogically pure system. What you're proposing is converting the tree away from it's neutral stance that "the consumer is an adult and can make their own decisions" to "the consumer should be told they should use a better <insert idealogy> pkg regardless of if it's equivalent in features". This sort of thing is where I honestly wish there was a FSF no-solicitation sign I could purchase. We have license filtering already, meaning the pkg in question isn't even visible on a default portage install. This is equivalent to having a safety on the gun that is pkg merging. Your request is at best requesting a second safety be added, at worst trying to push idealogical decisions into what is purely a technical matter. > >> Maybe I expressed myself a bit misinterpretative. I don't want to request an > >> elog message telling users about alternative packages. But in my opinion an > >> elog message pointing at the bald-faced parts of Adobe's license should be > >> added. These parts about allowing Adobe to install further content protection > >> software is just too dangerous in my opinion. > > > > I will ignore the technical portion where basically any binary on your > > system; even binaries you compiled yourself have the ability to > > 'install things you do not like' when run as root (and sometimes when > > run as a normal user as well.) > > For all the years running Linux, I never found that case. That's reality. If in doubt, read some glsa/cve's, or go read into the recent brewha about unrealircd. Or go look into exactly what cpan, setuptools/dispatch, or gems do. Hell, look into the automated pkg updating in most integrated binary distro's. Can't count the number of times they've installed shit I didn't want (specifically not wanting it because it broke my system yet again). Simply put, you run whatever the hell you want on your system, literally, your choice. I will not deprive you of that choice, nor will I stick in little nagging messages to pkgs you use suggesting you use something I think is idealogically better (whether it be DRM related, proprietary license, or just plain binary blobs). Please show me the same respect I show you. Deal? It really is that simple from where I'm sitting. The user is an adult, they're free to make whatever decision they want (even if you vehemently think said decision is wrong). ~harring [-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* [gentoo-dev] Re: Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 17:56 ` Brian Harring @ 2010-06-19 2:29 ` Duncan 0 siblings, 0 replies; 17+ messages in thread From: Duncan @ 2010-06-19 2:29 UTC (permalink / raw To: gentoo-dev Brian Harring posted on Fri, 18 Jun 2010 10:56:19 -0700 as excerpted: > We have license filtering already, meaning the pkg in question isn't > even visible on a default portage install. This is equivalent to having > a safety on the gun that is pkg merging. Your request is at best > requesting a second safety be added, at worst trying to push idealogical > decisions into what is purely a technical matter. Well made point. Thanks. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 13:58 ` Angelo Arrifano 2010-06-18 17:56 ` Brian Harring @ 2010-06-23 18:41 ` Domen Kožar 2010-06-24 5:59 ` Thilo Bangert 1 sibling, 1 reply; 17+ messages in thread From: Domen Kožar @ 2010-06-23 18:41 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 5674 bytes --] This should probably be updated: http://www.gentoo.org/doc/en/gentoo-amd64-faq.xml#flash On Fri, 2010-06-18 at 15:58 +0200, Angelo Arrifano wrote: > On 18-06-2010 12:16, Alec Warner wrote: > > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote: > >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring: > >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: > >>>> Lars Wendler wrote: > >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote: > >>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: > >>>>>>>> One notable section is 7.6 in which Adobe reserves the right to > >>>>>>>> download and install additional Content Protection software on the > >>>>>>>> user's PC. > >>>>>>> > >>>>>>> Not like anyone will actually *read* the license before adding it to > >>>>>>> their accept group, but if they did this would indeed be an important > >>>>>>> thing of which users should be aware. > >>>>>> > >>>>>> I defend it is our job to warn users about this kind of details. To me > >>>>>> it sounds that a einfo at post-build phase would do the job, what do > >>>>>> you guys think? > >>>>> > >>>>> Definitely yes! This is a very dangerous snippet in Adobe's license > >>>>> which should be pretty clearly pointed at to every user. > >>>> > >>>> Could that also include a alternative to adobe? If there is one. > >>> > >>> The place to advocate free alternatives (or upstreams that are > >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at > >>> best in metadata.xml... einfo should be "this is the things to watch > >>> for in using this/setting it up" not "these guys are evil, use one of > >>> the free alternatives!". > > Why? You are running a free and opensource operating system, what's > wrong suggesting *other* free and opensource alternatives? You are just > providing the user a choice, not to actually oblige him to install anything. > > Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the > kernel driver when using the hardened profile. > >> > >> Maybe I expressed myself a bit misinterpretative. I don't want to request an > >> elog message telling users about alternative packages. But in my opinion an > >> elog message pointing at the bald-faced parts of Adobe's license should be > >> added. These parts about allowing Adobe to install further content protection > >> software is just too dangerous in my opinion. > > > > I will ignore the technical portion where basically any binary on your > > system; even binaries you compiled yourself have the ability to > > 'install things you do not like' when run as root (and sometimes when > > run as a normal user as well.) > > For all the years running Linux, I never found that case. > > > > The real meat here is that you want Gentoo to take some kind of stand > > on particular licensing terms. I don't think this is a good > > precedent[0] to set for our users. It presumes we will essentially > > read the license in its entirety and inform users of the parts that we > > think are 'scary.'[1] The user is the person who is installing and > > running the software. The user is the person who should be reading > > and agreeing with any licensing terms lest they find the teams > > unappealing. I don't find it unreasonable to implement a tool as > > Duncan suggested because it is not a judgement but a statement of > > fact. "The license for app/foo has changed from X to Y. You should > > review the changes accordingly by running <blah>" > > I'm the person who initially proposed warning users on elog. The initial > proposal only states about: > 1) A warning about change of licensing terms. > 2) A warning that "additional Content Protection software" might be > installed without users consent. > > In fact, portage already warns the users about bad coding practices, > install of executables with runtime text relocations, etc.. How is this > different? > If me, as a user, didn't know about such detail (who reads software > license agreements anyway?) and someday I hypothetically find a > executable running without my permission as my user account and I'm able > to associate it with Adobe's flash, I would be pissed off to no extent. > And guess what? First thing I would *blame* is flash maintainers. > I expect package maintainers to be more familiar with the packages they > maintain than me. As consequence, I expect them to advice me about > non-obvious details on those packages. At least that's what I try to do > on the packages I maintain. > GNU/Linux is all about choice. Stating, during install, that a package > might later install additional stuff will just provide a choice to the > user, not conditioning it. > > Regards, > - Angelo > > > > [0] There is an existing precedent for reading the license and > > ensuring Gentoo itself is not violating the license by distributing > > said software. Gentoo takes measures to reduce its own liability in > > case a lawsuit arises; however this is a pretty narrow case. > > [1] The other bad part here is that 'scary' is itself a judgement call > > about licensing terms. I do not want to have arguments with users > > about which terms I should have to warn them about versus not. Users > > should (ideally) be reading the software licenses for software they > > choose to use. > > > > -A > > > >> > >>> Grok? > >>> > >>> ~harring > >> > >> -- > >> Lars Wendler (Polynomial-C) > >> Gentoo developer and bug-wrangler > >> > >> > > > > [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 490 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-23 18:41 ` [gentoo-dev] " Domen Kožar @ 2010-06-24 5:59 ` Thilo Bangert 0 siblings, 0 replies; 17+ messages in thread From: Thilo Bangert @ 2010-06-24 5:59 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: Text/Plain, Size: 6239 bytes --] Domen Kožar <domen@dev.si> said: > This should probably be updated: > > http://www.gentoo.org/doc/en/gentoo-amd64-faq.xml#flash Thanks for noticing this. Everybodies input makes Gentoo a great place to be! Now, if you want that extra chocolate chip cookie, please head over to https://bugs.gentoo.org and report the issue there. ;-) (remember to search for duplicates first). Thanks kind regards Thilo > > On Fri, 2010-06-18 at 15:58 +0200, Angelo Arrifano wrote: > > On 18-06-2010 12:16, Alec Warner wrote: > > > On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial- c@gentoo.org> wrote: > > >> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring: > > >>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote: > > >>>> Lars Wendler wrote: > > >>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano: > > >>>>>> On 16-06-2010 14:40, Jim Ramsay wrote: > > >>>>>>> Chí-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote: > > >>>>>>>> One notable section is 7.6 in which Adobe reserves the right > > >>>>>>>> to download and install additional Content Protection > > >>>>>>>> software on the user's PC. > > >>>>>>> > > >>>>>>> Not like anyone will actually *read* the license before > > >>>>>>> adding it to their accept group, but if they did this would > > >>>>>>> indeed be an important thing of which users should be aware. > > >>>>>> > > >>>>>> I defend it is our job to warn users about this kind of > > >>>>>> details. To me it sounds that a einfo at post-build phase > > >>>>>> would do the job, what do you guys think? > > >>>>> > > >>>>> Definitely yes! This is a very dangerous snippet in Adobe's > > >>>>> license which should be pretty clearly pointed at to every > > >>>>> user. > > >>>> > > >>>> Could that also include a alternative to adobe? If there is > > >>>> one. > > >>> > > >>> The place to advocate free alternatives (or upstreams that are > > >>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs > > >>> or at best in metadata.xml... einfo should be "this is the > > >>> things to watch for in using this/setting it up" not "these guys > > >>> are evil, use one of the free alternatives!". > > > > Why? You are running a free and opensource operating system, what's > > wrong suggesting *other* free and opensource alternatives? You are > > just providing the user a choice, not to actually oblige him to > > install anything. > > > > Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the > > kernel driver when using the hardened profile. > > > > >> Maybe I expressed myself a bit misinterpretative. I don't want to > > >> request an elog message telling users about alternative packages. > > >> But in my opinion an elog message pointing at the bald-faced > > >> parts of Adobe's license should be added. These parts about > > >> allowing Adobe to install further content protection software is > > >> just too dangerous in my opinion. > > > > > > I will ignore the technical portion where basically any binary on > > > your system; even binaries you compiled yourself have the ability > > > to 'install things you do not like' when run as root (and > > > sometimes when run as a normal user as well.) > > > > For all the years running Linux, I never found that case. > > > > > The real meat here is that you want Gentoo to take some kind of > > > stand on particular licensing terms. I don't think this is a good > > > precedent[0] to set for our users. It presumes we will > > > essentially read the license in its entirety and inform users of > > > the parts that we think are 'scary.'[1] The user is the person > > > who is installing and running the software. The user is the > > > person who should be reading and agreeing with any licensing terms > > > lest they find the teams unappealing. I don't find it > > > unreasonable to implement a tool as Duncan suggested because it is > > > not a judgement but a statement of fact. "The license for app/foo > > > has changed from X to Y. You should review the changes > > > accordingly by running <blah>" > > > > I'm the person who initially proposed warning users on elog. The > > initial proposal only states about: > > 1) A warning about change of licensing terms. > > 2) A warning that "additional Content Protection software" might be > > installed without users consent. > > > > In fact, portage already warns the users about bad coding practices, > > install of executables with runtime text relocations, etc.. How is > > this different? > > If me, as a user, didn't know about such detail (who reads software > > license agreements anyway?) and someday I hypothetically find a > > executable running without my permission as my user account and I'm > > able to associate it with Adobe's flash, I would be pissed off to no > > extent. And guess what? First thing I would *blame* is flash > > maintainers. I expect package maintainers to be more familiar with > > the packages they maintain than me. As consequence, I expect them to > > advice me about non-obvious details on those packages. At least > > that's what I try to do on the packages I maintain. > > GNU/Linux is all about choice. Stating, during install, that a > > package might later install additional stuff will just provide a > > choice to the user, not conditioning it. > > > > Regards, > > - Angelo > > > > > [0] There is an existing precedent for reading the license and > > > ensuring Gentoo itself is not violating the license by distributing > > > said software. Gentoo takes measures to reduce its own liability > > > in case a lawsuit arises; however this is a pretty narrow case. > > > [1] The other bad part here is that 'scary' is itself a judgement > > > call about licensing terms. I do not want to have arguments with > > > users about which terms I should have to warn them about versus > > > not. Users should (ideally) be reading the software licenses for > > > software they choose to use. > > > > > > -A > > > > > >>> Grok? > > >>> > > >>> ~harring > > >> > > >> -- > > >> Lars Wendler (Polynomial-C) > > >> Gentoo developer and bug-wrangler [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 17+ messages in thread
* [gentoo-dev] Re: Adding AdobeFlash-10{,.1} licenses to EULA group 2010-06-18 10:16 ` Alec Warner 2010-06-18 13:58 ` Angelo Arrifano @ 2010-06-19 2:25 ` Duncan 1 sibling, 0 replies; 17+ messages in thread From: Duncan @ 2010-06-19 2:25 UTC (permalink / raw To: gentoo-dev Alec Warner posted on Fri, 18 Jun 2010 03:16:36 -0700 as excerpted: > I don't find it unreasonable to implement a tool as Duncan suggested > because it is not a judgement but a statement of fact. "The license for > app/foo has changed from X to Y. You should review the changes > accordingly by running <blah>" Just noting that it wasn't me that made that suggestion, it was Dale. Credit where credit is due and all that. FWIW, I agree it'd be nice, but also think it sounds like it it could be more work than it's worth -- unless someone with the skills and the itch wants to scratch it, of course. (I hadn't replied to this thread previous to this. Not that I hadn't thought about it, but for a moment there, I was wondering if I had replied when half asleep (I don't drink so couldn't use /that/ excuse), thus no memory of it, and was wondering in alarm what else I might have said! So it was with some relief that I realized it was Dale's suggestion you were talking about, not mine. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2010-06-24 5:59 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2010-06-14 21:20 [gentoo-dev] Adding AdobeFlash-10{,.1} licenses to EULA group Chí-Thanh Christopher Nguyễn 2010-06-16 12:40 ` Jim Ramsay 2010-06-16 12:45 ` Angelo Arrifano 2010-06-17 22:06 ` Lars Wendler 2010-06-17 22:14 ` Dale 2010-06-17 22:37 ` Chí-Thanh Christopher Nguyễn 2010-06-17 23:20 ` Lars Wendler 2010-06-18 1:42 ` Brian Harring 2010-06-18 6:10 ` Dale 2010-06-18 9:08 ` Lars Wendler 2010-06-18 10:16 ` Alec Warner 2010-06-18 13:58 ` Angelo Arrifano 2010-06-18 17:56 ` Brian Harring 2010-06-19 2:29 ` [gentoo-dev] " Duncan 2010-06-23 18:41 ` [gentoo-dev] " Domen Kožar 2010-06-24 5:59 ` Thilo Bangert 2010-06-19 2:25 ` [gentoo-dev] " Duncan
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox