Hi Jonas Thanks for your answer. I guess there was a small misunderstanding. > > *) create an official, signed package with the key (I guess there > > are no legal problems preventing debian from distributing this key.) > > If possible, the package could even include a file > > /etc/apt/sources.list.d/videolan.list > > with the relevant lines. (However I fear, that here some legal > > subitlities might be important; but IANAL) > [...] > Your second proposed option is less realistic: In Debian we distribute > (and then sign) only code that we have compiled outselves from source > - not binary code prepared by others (except some non-free parts, but > let's not go there). My mail concerns libdvdcss that can (AFAIK) not be distributed within Debian. Now the nice people form VLC host the relevant Debian package in their own Debian repository [1]. Adding this repository to sources.list is no problem. However I need to trust some "random" key from the web to use it. (So far I just pinned the repository at a priority of -10 to reduce the potential for damage.) [1] http://www.videolan.org/developers/libdvdcss.html
Now my idea was that Debian could offer a package containing no binary software but only two files: *) /etc/apt/sources.list.d/videolan.list containing: deb http://download.videolan.org/pub/debian/stable/ / deb-src http://download.videolan.org/pub/debian/stable/ / *) videolan-apt.asc The key, transfered on a trusted path from the VideoLan Developers to Debian and apt-key added when the package is installed. This way Debian would not distribute libdvdcss but a user would have a comfortable and secure way of obtaining the library (as I said, I am not a lawyer, so a lawyer might disagree here). Hope this makes my idea a bit more clear. However if Reinhard is correct and there will be a sustainable solution for Jessie, it's probably not worth the hassle. Again, thanks for your great work to all of you Nicola
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ pkg-multimedia-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
