On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote:
On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote:
I *used* to think that those disclaimers are implicit in most cases.
But then, I was harshly accused of not making it clear enough that
I am neither a lawyer, nor a Debian
Steve Langasek [EMAIL PROTECTED] wrote:
On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote:
As a consequence I began adding the disclaimers to my messages, in
order to explicitly remind readers about the above facts.
Now, you say that those disclaimers are a waste of time...
Steve Langasek [EMAIL PROTECTED] writes:
The real issue is not that you [Francesco Poli] were posting without
disclaimers.
The issue that led to those disclaimers was *exactly* that some
thought Francesco should make it clear he is not speaking officially.
When someone posts to debian-legal
Walter Landry [EMAIL PROTECTED] writes:
Your [Steve Langasek's] complaint, on the other hand, is just as valid
or invalid whether Francesco is a Debian developer or not. However,
the description of the list says:
debian-legal mailing list
Copyright, licensing and patent issues
Reinhard Tartler [EMAIL PROTECTED] writes:
Walter Landry [EMAIL PROTECTED] writes:
[debian-legal] does not restrict itself to dispensing the
decisions of the ftp-masters.
Perhaps that should be fixed then.
What would your proposed fix entail? Surely not divorcing the
ftp-masters from
On Wed, Jul 02, 2008 at 08:34:31PM +1000, Ben Finney wrote:
Steve Langasek [EMAIL PROTECTED] writes:
The real issue is not that you [Francesco Poli] were posting without
disclaimers.
The issue that led to those disclaimers was *exactly* that some
thought Francesco should make it clear he
On Wed, 2 Jul 2008 00:13:06 -0700 Steve Langasek wrote:
[...]
The real issue is not that you were posting without disclaimers. The real
issue is that you post to debian-legal with *content* that is inappropriate
*because* you are not a lawyer or a Debian developer.
When someone posts to
On Mon, Jun 23, 2008 at 12:49:50PM -0500, William Pitcock wrote:
Have you ever heard the fable concerning a father, a son and a donkey?
In a nutshell, first, nobody rides down the road on the donkey, and
instead lead him with a rope. People criticized them for doing so, e.g.
why not let the
On Sun, 2008-06-29 at 19:12 +1200, Chris Bannister wrote:
On Mon, Jun 23, 2008 at 12:49:50PM -0500, William Pitcock wrote:
Have you ever heard the fable concerning a father, a son and a donkey?
In a nutshell, first, nobody rides down the road on the donkey, and
instead lead him with a rope.
Hi,
while I'm actually in favor of adding this package because it makes it a lot
easier to obtain a trustpath to the backports.org repo, which is important
to our users, it's not true that there isnt a documented trusted path to
install the key.
It's documented here:
On Saturday 28 June 2008 02:48, Holger Levsen wrote:
It's documented here:
http://wiki.debian.org/DebianEdu/Documentation/Etch/HowTo/Administration#head-136bb7e75e07e8b6463e6b30761ac51776c5c27d
now also with the correct order of commands :-)
regards,
Holger (see, it ain't easy :-D
* Francesco Poli
| On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote:
|
| [...]
| Actually, how are debian-keyring and debian-archive-keyring free-software,
| anyway? Do I get source code for the all GPG keys they contain?
|
| The most widely accepted definition of source code is
On Tue, 24 Jun 2008 18:19:49 +0200 Tollef Fog Heen wrote:
* Francesco Poli
[...]
| If you modify a GPG public key, you obtain something that no longer
| corresponds to the original private key (obviously).
No, the most common modification done to a GPG public key is adding a
signature to
Hi Goswin,
On Mon, Jun 23, 2008 at 01:07:38AM +0200, Goswin von Brederlow wrote:
For example: Each repository puts its keyring into Release.keyring
(next to Release and Release.gpg). The Release.keyring could be listed
with checksum in Release so frontends know it is there and when it
On Mon, Jun 23, 2008 at 11:39:36AM +1000, Brian May wrote:
Luk Claes wrote:
apt-get install debian-backports-keyring
or
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
gpg --export | apt-key add -
This involves 3 separate commands, and modifies files under
/root/.gnupg/
Patrick Schoenfeld [EMAIL PROTECTED] writes:
Hi Goswin,
On Mon, Jun 23, 2008 at 01:07:38AM +0200, Goswin von Brederlow wrote:
For example: Each repository puts its keyring into Release.keyring
(next to Release and Release.gpg). The Release.keyring could be listed
with checksum in Release so
Hi,
On Mon, Jun 23, 2008 at 11:20:33AM +0200, Goswin von Brederlow wrote:
The beauty of signatures is that you do not have to trust the source
of the key, only the signatures. It truely doesn't matter wher you get
the key from.
yes, you are right (given that you mean signatures on the key
On 11424 March 1977, Francesco Poli wrote:
Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
Those are *totally* and absolutely unimportant and a waste to write.
Could people please stop always writing them, its fairly clear by itself
that debian-legal does NOT do any lawyers work (and
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
Certainly, the backports.org keyring is useful to some people, *but* it is,
1. not free software
I don't think there's a legal basis to claim copyright on a blob of random
bytes generated by a program. Who's the copyright
On Mon, Jun 23, 2008 at 06:05:28PM +0200, Robert Millan wrote:
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
Certainly, the backports.org keyring is useful to some people, *but* it is,
1. not free software
I don't think there's a legal basis to claim copyright on a blob of
On Sun, 22 Jun 2008, Francesco Poli wrote:
OK, that said, if you wanted to modify a public key (in order to obtain
something else), what form would you use for making modifications?
I think the preferred form would be the one in which the GPG public key
is distributed by keyservers or some
brian m. carlson wrote:
I don't think there's a legal basis to claim copyright on a blob of random
bytes generated by a program. Who's the copyright holder? gpg? The authors
of gpg? The person who typed gpg in command-line? The entropy source?
Copyright (in the United States) requires an
On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote:
On 11424 March 1977, Francesco Poli wrote:
Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP.
Those are *totally* and absolutely unimportant and a waste to write.
Could people please stop always writing them, its fairly clear
Hi,
On Mon, 2008-06-23 at 19:34 +0200, Francesco Poli wrote:
I *used* to think that those disclaimers are implicit in most cases.
But then, I was harshly accused of not making it clear enough that
I am neither a lawyer, nor a Debian developer, that I'm not providing
legal advice, and that I
On Mon, 2008-06-23 at 09:00 -0700, Ken Arromdee wrote:
On Sun, 22 Jun 2008, Francesco Poli wrote:
OK, that said, if you wanted to modify a public key (in order to obtain
something else), what form would you use for making modifications?
I think the preferred form would be the one in which
On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
Ken Arromdee wrote:
On Sun, 22 Jun 2008, Francesco Poli wrote:
OK, that said, if you wanted to modify a public key (in order to obtain
something else), what form would you use for making modifications?
I think the preferred
On Mon, 23 Jun 2008 11:43:25 -0700 (PDT) Walter Landry wrote:
Francesco Poli [EMAIL PROTECTED] wrote:
[...]
But then, I was harshly accused of not making it clear enough that
I am neither a lawyer, nor a Debian developer, that I'm not providing
legal advice, and that I don't speak on
On Mon, 23 Jun 2008 22:31:02 +0200 Arnoud Engelfriet wrote:
Francesco Poli wrote:
On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote:
I don't think that modifying has any reasonable meaning when talking
about cryptographic keys.
Why not?
Because it implies that you'd
Hi,
On Sun, Jun 22, 2008 at 12:54:09PM -0600, Wesley J. Landaker wrote:
Actually, how are debian-keyring and debian-archive-keyring free-software,
anyway?
Next time you have a similar question about these things, please
consider dropping -devel from the list of CCs.
thanks,
Michael
--
This one time, at band camp, Francesco Poli said:
There were some other people who seemed to more or less agree with
Anthony Towns. But he was certainly the loudest one complaining about
this.
I think it's quite likely I objected to you appearing to speak
authoritatively on behalf of the
Wesley J. Landaker [EMAIL PROTECTED] wrote:
On Saturday 21 June 2008 11:38:07 Roberto C. Sánchez wrote:
On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a
Hi,
On Sat, Jun 21, 2008 at 01:38:07PM -0400, Roberto C. Sánchez wrote:
But backports.org is still unofficial.
so what? Its unofficial, but still its of great use for the most Debian
users.
If it were permitted, then what
would happen when other unofficial repository maintainers want to
Patrick Schoenfeld wrote:
In my humble opinion they should be allowed to be packaged as if they
are normal packages. Don't get me wrong, but Debian is a distribution,
so what we basically do is pack up things that are worth distributing
and distribute them. This way Debian users can benefit
On Sunday 22 June 2008 12:08:30 Adam Majer wrote:
AFAIK, we do not distribute things, we distribute *software*. Some
packages are just composed of data though, but other packages depend on
it. Some is just data that is very useful in the *Debian* project. This
includes the keyring.
Adam Majer [EMAIL PROTECTED] writes:
If backports.org keyring get distributed, then I would argue it allows
others, non-software data to be packaged as well. For example, some free
anime movies, or the Gutenberg project packages.
Debian is for *free software* (and some non-free) and stuff
On Sun, 2008-06-22 at 21:37 +0200, Goswin von Brederlow wrote:
PS: I would prefer if apt-get could fetch and verify keyring updates
directly from a repository though. Keyring packages are awfull for key
rollovers.
As maintainer of the emdebian-archive-keyring package and one of the
signatories
On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote:
[...]
Actually, how are debian-keyring and debian-archive-keyring free-software,
anyway? Do I get source code for the all GPG keys they contain?
The most widely accepted definition of source code is the one found in
the GNU GPL: the
Robert Millan wrote:
On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian repo
keyring into the archive... But I let the decision to the ftp-masters..
Well, currently a problem is the only way to get a trusted
Hi,
On Sun, Jun 22, 2008 at 01:08:30PM -0500, Adam Majer wrote:
Patrick Schoenfeld wrote:
In my humble opinion they should be allowed to be packaged as if they
are normal packages. Don't get me wrong, but Debian is a distribution,
so what we basically do is pack up things that are worth
On Sun, Jun 22, 2008 at 09:37:46PM +0200, Goswin von Brederlow wrote:
PS: I would prefer if apt-get could fetch and verify keyring updates
directly from a repository though. Keyring packages are awfull for key
rollovers.
Do you mean from a central repository, somewhat like a keyserver? :-)
How
On Sun, 2008-06-22 at 22:39 +0200, Patrick Schoenfeld wrote:
On Sun, Jun 22, 2008 at 09:37:46PM +0200, Goswin von Brederlow wrote:
PS: I would prefer if apt-get could fetch and verify keyring updates
directly from a repository though. Keyring packages are awfull for key
rollovers.
Do you
Hi Neil,
On Sun, Jun 22, 2008 at 09:54:43PM +0100, Neil Williams wrote:
Do you mean from a central repository, somewhat like a keyserver? :-)
How would one check integrity then?
Precisely as you do with any key - signatures and gpg integrity checks
when the key is imported into apt-key.
On Sun, Jun 22, 2008 at 10:34:15PM +0200, Luk Claes wrote:
Robert Millan wrote:
On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian repo
keyring into the archive... But I let the decision to the ftp-masters..
Patrick Schoenfeld [EMAIL PROTECTED] writes:
Hi Neil,
On Sun, Jun 22, 2008 at 09:54:43PM +0100, Neil Williams wrote:
Do you mean from a central repository, somewhat like a keyserver? :-)
How would one check integrity then?
Precisely as you do with any key - signatures and gpg integrity
Adam Majer wrote:
Certainly, the backports.org keyring is useful to some people, *but* it is,
1. not free software
Presumably the following packages would never have made it into Debian
if a public key didn't comply with the DFSG.
debian-archive-keyring - GnuPG archive keys of the
Luk Claes wrote:
apt-get install debian-backports-keyring
or
gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
gpg --export | apt-key add -
This involves 3 separate commands, and modifies files under
/root/.gnupg/ at the same time. Seems overly complicated, especially for
reopen 480478
retitle 480478 ITP: debian-backports-keyring -- GnuPG archive key of the
backports.org repository
reassign 480478 wnpp
thanks
* Package name: debian-backports-keyring
* URL :
http://backports.org/debian/pool/main/d/debian-backports-keyring/
* License
Robert Millan schrieb am Saturday, den 21. June 2008:
reopen 480478
retitle 480478 ITP: debian-backports-keyring -- GnuPG archive key of the
backports.org repository
reassign 480478 wnpp
thanks
* Package name: debian-backports-keyring
* URL :
http://backports.org
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian repo
keyring into the archive...
Nobody is forced to install it?!
And AFAICS we regulary recommend backports.org to users, who need newer
software. So I think it
On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian repo
keyring into the archive...
Nobody is forced to install it?!
And AFAICS we regulary
On Saturday 21 June 2008 11:38:07 Roberto C. Sánchez wrote:
On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical
debian repo keyring into the archive...
On Sat, Jun 21, 2008 at 07:34:59PM +0200, Holger Levsen wrote:
Hi,
On Saturday 21 June 2008 15:52, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian
repo
keyring into the archive...
Nobody is forced to install it?!
And AFAICS
On sam, 2008-06-21 at 13:38 -0400, Roberto C. Sánchez wrote:
But backports.org is still unofficial. If it were permitted, then
what
would happen when other unofficial repository maintainers want to
package their repository keyrings? Will those be allowed or
disallowed?
*if* the package
On Sat, Jun 21, 2008 at 03:52:12PM +0200, Alexander Wirt wrote:
I'm still not that sure if its a good idea to add a non-offical debian repo
keyring into the archive... But I let the decision to the ftp-masters..
Well, currently a problem is the only way to get a trusted path to the bpo
54 matches
Mail list logo