On 18-06-2010 12:16, Alec Warner wrote:
> On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <firstname.lastname@example.org> wrote:
>> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
>>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>>>> Lars Wendler wrote:
>>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
>>>>>>> Chí-Thanh Christopher Nguyễn<email@example.com> wrote:
>>>>>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>>>>>> download and install additional Content Protection software on the
>>>>>>>> user's PC.
>>>>>>> Not like anyone will actually *read* the license before adding it to
>>>>>>> their accept group, but if they did this would indeed be an important
>>>>>>> thing of which users should be aware.
>>>>>> I defend it is our job to warn users about this kind of details. To me
>>>>>> it sounds that a einfo at post-build phase would do the job, what do
>>>>>> you guys think?
>>>>> Definitely yes! This is a very dangerous snippet in Adobe's license
>>>>> which should be pretty clearly pointed at to every user.
>>>> Could that also include a alternative to adobe? If there is one.
>>> The place to advocate free alternatives (or upstreams that are
>>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
>>> best in metadata.xml... einfo should be "this is the things to watch
>>> for in using this/setting it up" not "these guys are evil, use one of
>>> the free alternatives!".
Why? You are running a free and opensource operating system, what's
wrong suggesting *other* free and opensource alternatives? You are just
providing the user a choice, not to actually oblige him to install anything.
Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
kernel driver when using the hardened profile.
>> Maybe I expressed myself a bit misinterpretative. I don't want to request an
>> elog message telling users about alternative packages. But in my opinion an
>> elog message pointing at the bald-faced parts of Adobe's license should be
>> added. These parts about allowing Adobe to install further content protection
>> software is just too dangerous in my opinion.
> I will ignore the technical portion where basically any binary on your
> system; even binaries you compiled yourself have the ability to
> 'install things you do not like' when run as root (and sometimes when
> run as a normal user as well.)
For all the years running Linux, I never found that case.
> The real meat here is that you want Gentoo to take some kind of stand
> on particular licensing terms. I don't think this is a good
> precedent to set for our users. It presumes we will essentially
> read the license in its entirety and inform users of the parts that we
> think are 'scary.' The user is the person who is installing and
> running the software. The user is the person who should be reading
> and agreeing with any licensing terms lest they find the teams
> unappealing. I don't find it unreasonable to implement a tool as
> Duncan suggested because it is not a judgement but a statement of
> fact. "The license for app/foo has changed from X to Y. You should
> review the changes accordingly by running <blah>"
I'm the person who initially proposed warning users on elog. The initial
proposal only states about:
1) A warning about change of licensing terms.
2) A warning that "additional Content Protection software" might be
installed without users consent.
In fact, portage already warns the users about bad coding practices,
install of executables with runtime text relocations, etc.. How is this
If me, as a user, didn't know about such detail (who reads software
license agreements anyway?) and someday I hypothetically find a
executable running without my permission as my user account and I'm able
to associate it with Adobe's flash, I would be pissed off to no extent.
And guess what? First thing I would *blame* is flash maintainers.
I expect package maintainers to be more familiar with the packages they
maintain than me. As consequence, I expect them to advice me about
non-obvious details on those packages. At least that's what I try to do
on the packages I maintain.
GNU/Linux is all about choice. Stating, during install, that a package
might later install additional stuff will just provide a choice to the
user, not conditioning it.
>  There is an existing precedent for reading the license and
> ensuring Gentoo itself is not violating the license by distributing
> said software. Gentoo takes measures to reduce its own liability in
> case a lawsuit arises; however this is a pretty narrow case.
>  The other bad part here is that 'scary' is itself a judgement call
> about licensing terms. I do not want to have arguments with users
> about which terms I should have to warn them about versus not. Users
> should (ideally) be reading the software licenses for software they
> choose to use.
>> Lars Wendler (Polynomial-C)
>> Gentoo developer and bug-wrangler