On 2018-09-26, Mark Milhollan <[email protected]> wrote: > On Tue, 25 Sep 2018, Job Snijders wrote: > >>We really need to bring it back down to "apt install rpki-cache-validator" > > You say this as if no packager has a way to display and perhaps require > approval of the license nor any way to fetch something remote as part of > the installation process, e.g., the Microsoft "freely" supplied TTF > files ... > > # zypper install fetchmsttfonts > [...packager stuff...] > (1/1) Installing: fetchmsttfonts-11.4-42.28.noarch > .........................................[done] > Running: fetchmsttfonts-11.4-42.28-fetchmsttfonts.sh.txt (fetchmsttfonts, > /var/adm/update-scripts) > EULA: > END-USER LICENSE AGREEMENT FOR > MICROSOFT SOFTWARE > > IMPORTANT-READ CAREFULLY: This Microsoft End-User License Agreement > ("EULA") is > a legal agreement between you (either an individual or a single entity) and > [...] > andale32.exe > (https://sourceforge.net/projects/corefonts/files/the%20fonts/final/andale32.exe): > Fetching ... done > Extracting ... done > [...] > > I bet apt, dnf, pacman, pkg_add, yum, etc., do as well -- actually I > know some of those do.
Some do, some don't. As far as OpenBSD is concerned, pkg_add will install signed packages distributed by OpenBSD, they can only do that if free redistribution is possible. For things like the Microsoft fonts, they can be installed, but by a different process which is a lot more work. There's a big difference between this and something like the Microsoft fonts in your example: the fonts are clearly creative work and copyrightable. A generated integer in an RFC-specified format? That seems less likely.
