Il giorno gio, 20/01/2011 alle 20.27 +0100, Matti Bickel ha scritto:
> Not sure what you mean: if someone quickpkg's php and needs all the
> source? Well, they already downloaded them. Better keep them around,
> since it's *your* binary, not mine.

We do distribute part of our packages as binaries already so we have to
be compliant with their licenses to begin with. Better doing it with a
single sweep than trying to come up with abstruse case-by-case points,
no?

> Same thing, as already pointed out in another message. I see the point
> in making it easier for them. That's okay. So what you're saying is
> we're upstream too and upstream's should provide their historical stuff.

This is but _one_ reason, and just another thing to trickle down. I
don't care if "FSF says it's their problem"; what is it costing us,
really? The cost is minimal (as we need the archive anyway), and the
gain is there for many people.

Arguing against this is just getting to the point of arguing because
somebody is doing what nobody did for a long time: taking decisions.

> If you're reporting a security issue in a ebuild that's no longer in
> tree (in php's case, chances are it got removed b/c of security :p), the
> bug wouldn't be investigated, right?

There are cases and cases there; in the case of _custom_ tarballs, I'd
expect us to investigate if the security issues was found on our version
and not in the upstream-provided one for instance.

Once again, please tell me: what does it change to you? If anybody
should complain about this request is Infra. And Infra in the person of
Robin is okay with this policy as it was planned anyway.

-- 
Diego Elio Pettenò — Flameeyes
http://blog.flameeyes.eu/