On Wed, 2 Jul 2008 00:13:06 -0700 Steve Langasek wrote:
[...]
> The real issue is not that you were posting without disclaimers. The real
> issue is that you post to debian-legal with *content* that is inappropriate
> *because* you are not a lawyer or a Debian developer.
>
> When someone posts t
On Wed, Jul 02, 2008 at 08:34:31PM +1000, Ben Finney wrote:
> Steve Langasek <[EMAIL PROTECTED]> writes:
> > The real issue is not that you [Francesco Poli] were posting without
> > disclaimers.
> The issue that led to those disclaimers was *exactly* that some
> thought Francesco should make it c
Reinhard Tartler <[EMAIL PROTECTED]> writes:
> Walter Landry <[EMAIL PROTECTED]> writes:
>
> > [debian-legal] does not restrict itself to dispensing the
> > decisions of the ftp-masters.
>
> Perhaps that should be fixed then.
What would your proposed fix entail? Surely not divorcing the
ftp-mas
Walter Landry <[EMAIL PROTECTED]> writes:
> Your [Steve Langasek's] complaint, on the other hand, is just as valid
> or invalid whether Francesco is a Debian developer or not. However,
> the description of the list says:
>
> debian-legal mailing list
> Copyright, licensing and patent issues
>
Steve Langasek <[EMAIL PROTECTED]> writes:
> The real issue is not that you [Francesco Poli] were posting without
> disclaimers.
The issue that led to those disclaimers was *exactly* that some
thought Francesco should make it clear he is not speaking officially.
> When someone posts to debian-le
Steve Langasek <[EMAIL PROTECTED]> wrote:
> On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote:
> > As a consequence I began adding the disclaimers to my messages, in
> > order to explicitly remind readers about the above facts.
>
> > Now, you say that those disclaimers are a waste of
On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote:
> On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote:
> I *used* to think that those disclaimers are implicit in most cases.
> But then, I was harshly accused of not making it clear enough that
> I am neither a lawyer, nor a Debi
On Sun, 2008-06-29 at 19:12 +1200, Chris Bannister wrote:
> On Mon, Jun 23, 2008 at 12:49:50PM -0500, William Pitcock wrote:
> > Have you ever heard the fable concerning a father, a son and a donkey?
> > In a nutshell, first, nobody rides down the road on the donkey, and
> > instead lead him with a
On Mon, Jun 23, 2008 at 12:49:50PM -0500, William Pitcock wrote:
> Have you ever heard the fable concerning a father, a son and a donkey?
> In a nutshell, first, nobody rides down the road on the donkey, and
> instead lead him with a rope. People criticized them for doing so, e.g.
> "why not let th
On Saturday 28 June 2008 02:48, Holger Levsen wrote:
> It's documented here:
>
http://wiki.debian.org/DebianEdu/Documentation/Etch/HowTo/Administration#head-136bb7e75e07e8b6463e6b30761ac51776c5c27d
now also with the correct order of commands :-)
regards,
Holger (see, it ain't easy :-D
Hi,
while I'm actually in favor of adding this package because it makes it a lot
easier to obtain a trustpath to the backports.org repo, which is important
to our users, it's not true that there isnt a documented trusted path to
install the key.
It's documented here:
http://wiki.debian.org/Debi
On Tue, 24 Jun 2008 18:19:49 +0200 Tollef Fog Heen wrote:
> * Francesco Poli
[...]
> | If you modify a GPG public key, you obtain something that no longer
> | corresponds to the original private key (obviously).
>
> No, the most common modification done to a GPG public key is adding a
> signatur
* Francesco Poli
| On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote:
|
| [...]
| > Actually, how are debian-keyring and debian-archive-keyring free-software,
| > anyway? Do I get source code for the all GPG keys they contain?
|
| The most widely accepted definition of source code is
This one time, at band camp, Francesco Poli said:
>
> There were some other people who seemed to more or less agree with
> Anthony Towns. But he was certainly the loudest one complaining about
> this.
I think it's quite likely I objected to you appearing to speak
authoritatively on behalf of the
Hi,
On Sun, Jun 22, 2008 at 12:54:09PM -0600, Wesley J. Landaker wrote:
> Actually, how are debian-keyring and debian-archive-keyring free-software,
> anyway?
Next time you have a similar question about these things, please
consider dropping -devel from the list of CCs.
thanks,
Michael
--
On Mon, 23 Jun 2008 22:31:02 +0200 Arnoud Engelfriet wrote:
> Francesco Poli wrote:
> > On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
> > > I don't think that "modifying" has any reasonable meaning when talking
> > > about cryptographic keys.
> >
> > Why not?
>
> Because it implies
On Mon, 23 Jun 2008 11:43:25 -0700 (PDT) Walter Landry wrote:
> Francesco Poli <[EMAIL PROTECTED]> wrote:
[...]
> > But then, I was harshly accused of not making it clear enough that
> > I am neither a lawyer, nor a Debian developer, that I'm not providing
> > legal advice, and that I don't speak
Francesco Poli wrote:
> On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
> > I don't think that "modifying" has any reasonable meaning when talking
> > about cryptographic keys.
>
> Why not?
Because it implies that you'd obtain something meaningful after
the modification. The intent of
El domingo, 22 de junio de 2008 a las 12:54:09 -0600, Wesley J. Landaker
escribía:
> Actually, how are debian-keyring and debian-archive-keyring free-software,
> anyway? Do I get source code for the all GPG keys they contain?
> The /usr/share/doc/debian-keyring/copyright even says "The keys in
Francesco Poli <[EMAIL PROTECTED]> wrote:
> On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote:
>
> > On 11424 March 1977, Francesco Poli wrote:
> >
> > > Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
> >
> > Those are *totally* and absolutely unimportant and a waste to write.
> >
Quoting Joerg Jaspert ([EMAIL PROTECTED]):
> On 11424 March 1977, Francesco Poli wrote:
>
> > Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
>
> Those are *totally* and absolutely unimportant and a waste to write.
I disagree.
For the very first time after too may years of electronic
On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
> Ken Arromdee wrote:
> > On Sun, 22 Jun 2008, Francesco Poli wrote:
> > > OK, that said, if you wanted to modify a public key (in order to obtain
> > > something else), what form would you use for making modifications?
> > > I think the
On Mon, 2008-06-23 at 09:00 -0700, Ken Arromdee wrote:
> On Sun, 22 Jun 2008, Francesco Poli wrote:
> > OK, that said, if you wanted to modify a public key (in order to obtain
> > something else), what form would you use for making modifications?
> > I think the preferred form would be the one in w
Hi,
On Mon, 2008-06-23 at 19:34 +0200, Francesco Poli wrote:
> I *used* to think that those disclaimers are implicit in most cases.
>
> But then, I was harshly accused of not making it clear enough that
> I am neither a lawyer, nor a Debian developer, that I'm not providing
> legal advice, and th
On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote:
> On 11424 March 1977, Francesco Poli wrote:
>
> > Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
>
> Those are *totally* and absolutely unimportant and a waste to write.
> Could people please stop always writing them, its fairly
brian m. carlson wrote:
>> I don't think there's a legal basis to claim copyright on a blob of random
>> bytes generated by a program. Who's the copyright holder? gpg? The authors
>> of gpg? The person who typed gpg in command-line? The entropy source?
>
> Copyright (in the United States) requ
On Sun, 22 Jun 2008, Francesco Poli wrote:
> OK, that said, if you wanted to modify a public key (in order to obtain
> something else), what form would you use for making modifications?
> I think the preferred form would be the one in which the GPG public key
> is distributed by keyservers or some
On Mon, Jun 23, 2008 at 06:05:28PM +0200, Robert Millan wrote:
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
Certainly, the backports.org keyring is useful to some people, *but* it is,
1. not free software
I don't think there's a legal basis to claim copyright on a blob of ra
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
>
> Certainly, the backports.org keyring is useful to some people, *but* it is,
>
> 1. not free software
I don't think there's a legal basis to claim copyright on a blob of random
bytes generated by a program. Who's the copyright hol
On 11424 March 1977, Francesco Poli wrote:
> Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
Those are *totally* and absolutely unimportant and a waste to write.
Could people please stop always writing them, its fairly clear by itself
that debian-legal does NOT do any lawyers work (and w
Hi,
On Mon, Jun 23, 2008 at 11:20:33AM +0200, Goswin von Brederlow wrote:
> The beauty of signatures is that you do not have to trust the source
> of the key, only the signatures. It truely doesn't matter wher you get
> the key from.
yes, you are right (given that you mean signatures on the key f
Patrick Schoenfeld <[EMAIL PROTECTED]> writes:
> Hi Goswin,
>
> On Mon, Jun 23, 2008 at 01:07:38AM +0200, Goswin von Brederlow wrote:
>> For example: Each repository puts its keyring into Release.keyring
>> (next to Release and Release.gpg). The Release.keyring could be listed
>> with checksum in
On Mon, Jun 23, 2008 at 11:39:36AM +1000, Brian May wrote:
> Luk Claes wrote:
> >apt-get install debian-backports-keyring
> >
> >or
> >
> >gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
> >gpg --export | apt-key add -
> >
> This involves 3 separate commands, and modifies files under
Hi Goswin,
On Mon, Jun 23, 2008 at 01:07:38AM +0200, Goswin von Brederlow wrote:
> For example: Each repository puts its keyring into Release.keyring
> (next to Release and Release.gpg). The Release.keyring could be listed
> with checksum in Release so frontends know it is there and when it
> chan
Luk Claes wrote:
apt-get install debian-backports-keyring
or
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
gpg --export | apt-key add -
This involves 3 separate commands, and modifies files under
/root/.gnupg/ at the same time. Seems overly complicated, especially for
non-tech
Adam Majer wrote:
Certainly, the backports.org keyring is useful to some people, *but* it is,
1. not free software
Presumably the following packages would never have made it into Debian
if a public key didn't comply with the DFSG.
debian-archive-keyring - GnuPG archive keys of the Debian
Patrick Schoenfeld <[EMAIL PROTECTED]> writes:
> Hi Neil,
>
> On Sun, Jun 22, 2008 at 09:54:43PM +0100, Neil Williams wrote:
>> > Do you mean from a central repository, somewhat like a keyserver? :-)
>> > How would one check integrity then?
>>
>> Precisely as you do with any key - signatures and
On Sun, Jun 22, 2008 at 10:34:15PM +0200, Luk Claes wrote:
> Robert Millan wrote:
> > On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
> >> I'm still not that sure if its a good idea to add a non-offical debian repo
> >> keyring into the archive... But I let the decision to the ftp-m
Hi Neil,
On Sun, Jun 22, 2008 at 09:54:43PM +0100, Neil Williams wrote:
> > Do you mean from a central repository, somewhat like a keyserver? :-)
> > How would one check integrity then?
>
> Precisely as you do with any key - signatures and gpg integrity checks
> when the key is imported into apt-
On Sun, 2008-06-22 at 22:39 +0200, Patrick Schoenfeld wrote:
> On Sun, Jun 22, 2008 at 09:37:46PM +0200, Goswin von Brederlow wrote:
> > PS: I would prefer if apt-get could fetch and verify keyring updates
> > directly from a repository though. Keyring packages are awfull for key
> > rollovers.
>
On Sun, Jun 22, 2008 at 09:37:46PM +0200, Goswin von Brederlow wrote:
> PS: I would prefer if apt-get could fetch and verify keyring updates
> directly from a repository though. Keyring packages are awfull for key
> rollovers.
Do you mean from a central repository, somewhat like a keyserver? :-)
H
Hi,
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
> Patrick Schoenfeld wrote:
> > In my humble opinion they should be allowed to be packaged as if they
> > are normal packages. Don't get me wrong, but Debian is a distribution,
> > so what we basically do is pack up things that are wo
Robert Millan wrote:
> On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
>> I'm still not that sure if its a good idea to add a non-offical debian repo
>> keyring into the archive... But I let the decision to the ftp-masters..
>
> Well, currently a problem is the only way to get a tr
On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote:
[...]
> Actually, how are debian-keyring and debian-archive-keyring free-software,
> anyway? Do I get source code for the all GPG keys they contain?
The most widely accepted definition of source code is the one found in
the GNU GPL: th
On Sun, 2008-06-22 at 21:37 +0200, Goswin von Brederlow wrote:
> PS: I would prefer if apt-get could fetch and verify keyring updates
> directly from a repository though. Keyring packages are awfull for key
> rollovers.
As maintainer of the emdebian-archive-keyring package and one of the
signatori
Adam Majer <[EMAIL PROTECTED]> writes:
> If backports.org keyring get distributed, then I would argue it allows
> others, non-software data to be packaged as well. For example, some free
> anime movies, or the Gutenberg project packages.
>
> Debian is for *free software* (and some non-free) and st
On Sunday 22 June 2008 12:08:30 Adam Majer wrote:
> AFAIK, we do not distribute "things", we distribute *software*. Some
> packages are just composed of data though, but other packages depend on
> it. Some is just data that is very useful in the *Debian* project. This
> includes the keyring.
>
> Ce
Patrick Schoenfeld wrote:
> In my humble opinion they should be allowed to be packaged as if they
> are normal packages. Don't get me wrong, but Debian is a distribution,
> so what we basically do is pack up things that are worth distributing
> and distribute them. This way Debian users can benefit
Hi,
On Sat, Jun 21, 2008 at 01:38:07PM -0400, Roberto C. Sánchez wrote:
> But backports.org is still unofficial.
so what? Its unofficial, but still its of great use for the most Debian
users.
> If it were permitted, then what
> would happen when other unofficial repository maintainers want to
>
"Wesley J. Landaker" <[EMAIL PROTECTED]> wrote:
> On Saturday 21 June 2008 11:38:07 Roberto C. Sánchez wrote:
>> On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
>> > Hi,
>> >
>> > On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
>> > > I'm still not that sure if its a good idea
On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
> I'm still not that sure if its a good idea to add a non-offical debian repo
> keyring into the archive... But I let the decision to the ftp-masters..
Well, currently a problem is the only way to get a trusted path to the bpo
reposit
On sam, 2008-06-21 at 13:38 -0400, Roberto C. Sánchez wrote:
> But backports.org is still unofficial. If it were permitted, then
> what
> would happen when other unofficial repository maintainers want to
> package their repository keyrings? Will those be allowed or
> disallowed?
*if* the package
> On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
> > Hi,
> >
> > On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
> > > I'm still not that sure if its a good idea to add a non-offical debian
> > > repo
> > > keyring into the archive...
> >
> > Nobody is forced to install it
On Saturday 21 June 2008 11:38:07 Roberto C. Sánchez wrote:
> On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
> > Hi,
> >
> > On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
> > > I'm still not that sure if its a good idea to add a non-offical
> > > debian repo keyring into the
On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
> Hi,
>
> On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
> > I'm still not that sure if its a good idea to add a non-offical debian repo
> > keyring into the archive...
>
> Nobody is forced to install it?!
>
> And AFAICS we r
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
> I'm still not that sure if its a good idea to add a non-offical debian repo
> keyring into the archive...
Nobody is forced to install it?!
And AFAICS we regulary recommend backports.org to users, who need newer
software. So I think it
Robert Millan schrieb am Saturday, den 21. June 2008:
> reopen 480478
> retitle 480478 ITP: debian-backports-keyring -- GnuPG archive key of the
> backports.org repository
> reassign 480478 wnpp
> thanks
>
> * Package name: debian-backports-keyring
> * U
reopen 480478
retitle 480478 ITP: debian-backports-keyring -- GnuPG archive key of the
backports.org repository
reassign 480478 wnpp
thanks
* Package name: debian-backports-keyring
* URL :
http://backports.org/debian/pool/main/d/debian-backports-keyring/
* License
58 matches
Mail list logo