* Now talking on #ubuntu-motu * Topic for #ubuntu-motu is: Ubuntu Masters of the Universe: https://wiki.ubuntu.com/MOTU | Want to get involved with the MOTUs? https://wiki.ubuntu.com/MOTU/Contributing | http://ubuntu.joejaxx.org/ - TOP 10 Uploaders/Packages | REVU is back up on a new box at the same url. | Gutsy new package freeze is 30 August * Topic for #ubuntu-motu set by ScottK at Mon Aug 27 01:40:02 2007 * #ubuntu-motu :[freenode-info] if you need to send private messages, please register: http://freenode.net/faq.shtml#privmsg <khermans_> got a new packages, metasploit3 <khermans_> has justin wray come by to try adding it yet? <khermans_> bug marked as FIX COMMITED <khermans_> if anyone has this info, please contact me <khermans_> [EMAIL PROTECTED] <khermans_> looking to get metasploit into multiverse for Gutsy, package was made earlier <khermans_> thanks... * jml has quit (Read error: 110 (Connection timed out)) * jml ([EMAIL PROTECTED]) has joined #ubuntu-motu * jdong has quit (Read error: 110 (Connection timed out)) * mayday_jay has quit ("Leaving") * TheMuso has quit (Read error: 110 (Connection timed out)) * elkbuntu has quit (Read error: 110 (Connection timed out)) * blackskad ([EMAIL PROTECTED]) has joined #ubuntu-motu * elkbuntu_ is now known as elkbuntu * vil has quit ("Leaving.") * jml has quit ("Ex-Chat") * jml ([EMAIL PROTECTED]) has joined #ubuntu-motu * Paddy_EIRE has quit (""so shave your face with some mace in the dark"") <RAOF> khermans_: Didn't that have crazy licencing problems? <khermans_> RAOF, yeah but its all worked out <RAOF> Ah, cool. <khermans_> RAOF, we found that basiclaly anything can be placed in multiverse if it allows redistribution <RAOF> What bug is marked as fix committed, incidentally. <khermans_> https://bugs.launchpad.net/ubuntu/+bug/102212 <ubotu> Launchpad bug 102212 in ubuntu "[needs-packaging] Metasploit Framework 3.0 (multiverse)" [Wishlist,Fix committed] <khermans_> so i am wondering when the package will be installable form apt <khermans_> i updated to latest Gutsy, apt update, but dont see it * gusguus has quit () <khermans_> if you find out, please let me know <khermans_> i am damn tired, moving from boston to san francisco, got tons to do tonight and tomorrow <khermans_> but i wanted to make sure this was all set since cutoff date is tomorrow <RAOF> khermans_: Aaah, so it's actually on REVU now, presumably. <khermans_> the 30th... for multiverse new package <khermans_> REVU ? <RAOF> khermans_: http://revu.tauware.de/details.py?upid=121 <khermans_> i am reading the second hit <khermans_> https://wiki.ubuntu.com/MOTU/Packages/REVU <khermans_> hrmm i dont see it in there... * ScottK2 ([EMAIL PROTECTED]) has joined #ubuntu-motu <khermans_> oh ok nm <khermans_> it is in there <khermans_> http://revu.tauware.de/details.py?upid=121 <RAOF> khermans_: It looks like it needs some work. <khermans_> RAOF, a few things, but not much * ceros_ has quit (Remote closed the connection) <khermans_> the errors from linda are warnings, intentionally we left them in <khermans_> lintian warnings <khermans_> it is complaining about .svn directories <StevenK> So repack the tarball <khermans_> SteveA, no we want the svn entries in the release <RAOF> Installing files to /usr/local is a very bad thing, too. <khermans_> due to the nature of the package, it needs security updates, so leaving the .svn for updating is ideal <khermans_> RAOF, yeah that needs ot be ficxed <khermans_> justin was not supposed to upload a pakcage with /usr/local <StevenK> khermans_: That's *BAD*. <khermans_> SteveA, whats bad? <StevenK> I'm not SteveA <khermans_> .svn? <khermans_> StevenK, .. <StevenK> Do NOT encourage users to update installed packages using SVN. <khermans_> StevenK, but i think you are missing the point <khermans_> StevenK, metasploit is a security tool * khermans has quit (Remote closed the connection) <ScottK2> khermans_: I don't imagine he is. <khermans_> there will not be a new release for every update * khermans ([EMAIL PROTECTED]/cisco/x-7f64be9a20688e95) has joined #ubuntu-motu <khermans_> StevenK, the point is we could remove .svn, but it would make the package pretty much useless <khermans_> 6 month old security exploits are too old <StevenK> But there are better ways than using SVN ... * jussio1 ([EMAIL PROTECTED]) has joined #ubuntu-motu <khermans_> StevenK, yes, but not for a package with restrictive licensing <khermans_> we cant modify and make an auto-update feature <StevenK> Ways that don't make baby Jesus cry, for example. <khermans_> StevenK, ideally yes, but this is multiverse world <khermans_> StevenK, i understand the reasons for why this is bad <khermans_> fully... <khermans_> so let me know how you would do it? * ScottK2 doesn't understand why the fact that it's multiverse makes it less bad. <StevenK> Agreed. <khermans_> ScottK2, just means we have less control... <RAOF> khermans_: If the package in useless as shipped, why would we ship it? <ScottK2> khermans_: Who is the "we" in that statement? * Hobbsee ([EMAIL PROTECTED]/member/hobbsee) has joined #ubuntu-motu <khermans_> RAOF, its not *useless*, but just old and outdated <StevenK> I seriously doubt anyone would advocate that package. <khermans_> ScottK, "we" are people modifying the package <khermans_> or maintaining it <khermans_> StevenK, how can we make it advocated? <khermans_> StevenK, what needs to be fixeD? <khermans_> we will work with whatever it needs to get there <StevenK> But not using methods that are crack-addled? <khermans_> StevenK, crack-addled? <StevenK> Yes. Updating installed packages using SVN is utter crack. <khermans_> StevenK, do you know what metasploit is? <khermans_> StevenK, for normal packages i would agree <khermans_> lets say its microsoft tuesday, a patch is released * Hobbsee waves <ajmitch> hello Hobbsee <khermans_> on wednesday hdm uploads a new exploit for metasploit into svn <Hobbsee> hi ajmitch <khermans_> to make it easy for the user, we need to keep svn around <ajmitch> this sounds excruciatingly bad <khermans_> any suggestions please? <khermans_> ajmitch, so what is the solution? <ajmitch> separate the package & the data that needs to be updated? <khermans_> ajmitch, into what? <khermans_> there are many many modules <ajmitch> so that you can ship with some old stuff & update to newer crack in a directory under /var/cache/ for example? <ajmitch> that's nice <khermans_> ajmitch, well then i guess we cant get metasploit into multiverse <khermans_> the license prevents modification <ajmitch> that's a shame <khermans_> we already submitted patches to them, and they integrated our changes <khermans_> and this is the best we can do <khermans_> ajmitch, lots of people would like to see metasploit in ubuntu <ajmitch> it sounds like something that's not really intended for a distro release if you must have the very latest & you can't update data separately <ajmitch> lots of people would like to see automatix in ubuntu <khermans_> ajmitch, automatix sucks <khermans_> ajmitch, metasploit does not :-) <ajmitch> my point stands <StevenK> At least we can agree on one point. <khermans_> ajmitch, so shall i tell the metasploit guys they suck? <ajmitch> the "lots of people" argument isn't the most convincing :) <ajmitch> khermans_: you can if you really really want <khermans_> ajmitch, but this doesnt break your system as automatix does (exclude the /usr/local) problem <RAOF> khermans_: You really, really can't ship the data separately? <ajmitch> but that would be twisting what I said <khermans_> RAOF, http://www.metasploit.com/projects/Framework/msf3/download.html?Release=alpha-r3 <khermans_> license is there * atlas95 ([EMAIL PROTECTED]) has joined #ubuntu-motu <khermans_> we cant make modifications to the release <khermans_> i went over this license with a bunch of poeple in here a few weeks back, and the consensus was that it could go into multiverse if we didn't modify it <khermans_> because MSF allows redistribution <RAOF> Why must everyone write their own bad licence? <khermans_> RAOF, i agree <khermans_> RAOF, i told hdm about this <khermans_> they are making new license for next big release <khermans_> shall i point them to something -- they wont do GPL for sure * The-Kernel has quit ("Leaving") <khermans_> RAOF, even if we could ship the data separately, i wouldn't want to create a new package every few days for ubuntu! <khermans_> thats ludicrous <RAOF> It's a pity that license is so bad. <khermans_> :-( <RAOF> Otherwise you could patch the software, and add an autoupdate-data type script. <khermans_> RAOF, we cant patch <RAOF> Yes, I know. <ajmitch> spamassassin has a useful script like that <khermans_> hrm <RAOF> It's a pity that you can't. <ajmitch> khermans_: not your fault, sorry :) <khermans_> ahh whatever <khermans_> im just going to copy and paste this irc log to msfdev team <RAOF> Because as it stands, it's just not worth packaging, really. <khermans_> let those bastards sort it out... * highvoltage has quit (Read error: 104 (Connection reset by peer)) <RAOF> Even if that license made it through archive-admin scrutiny. <khermans_> i c ... too bad... <khermans_> to, just for the record, the correct solution is to modify the license <RAOF> You posted a debian-legal thread earlier, right? <khermans_> and to separate the packages into code/data portions <khermans_> not have them update via svn <khermans_> RAOF, yes * freeflying ([EMAIL PROTECTED]) has joined #ubuntu-motu <RAOF> And that debian-legal thread pretty much said "Woah, we can't touch this with a 10' asbestos pole!", IIRC. <khermans_> And what license could they use that would allow them to retain rights so other people don't sell their software under another name, but allows us to make such changes? <khermans_> RAOF, lol <ScottK2> Any MOTU reviewing image info right now? <RAOF> khermans_: Well... I don't know. That's not a free license that they're after. * mok0 ([EMAIL PROTECTED]) has joined #ubuntu-motu <RAOF> But there has to be *some* existing OSI approved license that they can use. <khermans_> ok well thanks for the chat ... i will just forget about it for now ... <khermans_> thanks guys :-) <ScottK2> I think (but am not sure) that software with a no commercial redistribution clause can go into multiverse. * ScottK2 is reviewing imageinfo then. <khermans_> ScottK, yes i think we established that <ScottK2> OK <RAOF> ScottK2: That's not the actual issue, though. * blackskad has quit ("Leaving.") <ScottK2> It's not? <ScottK2> I thought the issue was preventing someone else selling their stuff? <RAOF> It was, among other things, the "you will defend the developers" clause, IIRC. * highvoltage ([EMAIL PROTECTED]) has joined #ubuntu-motu <ScottK2> Ah. That one. Yeah. I would never advocate that. <khermans_> ScottK2, yeah but i guess they need to work out a change for updating properly <tonyyarusso> A what clause? <khermans_> RAOF, that was a big clause :-) <ScottK2> Basically they wanted to say that if you redistribute their software and they get sued, you'll defend them <khermans_> Indemnification <khermans_> You agree to indemnify, hold harmless, and defend Developer and <khermans_> Developer's owners, contributors, agents, and business partners from and <khermans_> against any and all claims or actions including reasonable legal expenses <khermans_> that arise or result from Your use of or inability to use the Software. <khermans_> Developer agrees to notify You and reasonably cooperate with Your defense <khermans_> of any third party claim triggering such indemnification. <RAOF> Also, that licence didn't seem like it allowed redistribution, except by pressing the "I accept" button on the website. <RAOF> However, IANAL :) <tonyyarusso> crazy -- Kristian Erik Hermansen
-- [needs-packaging] Metasploit Framework 3.0 (multiverse) https://bugs.launchpad.net/bugs/102212 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
