Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote: On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote: I *used* to think that those disclaimers are implicit in most cases. But then, I was harshly accused of not making it clear enough that I am neither a lawyer, nor a Debian developer, that I'm not providing legal advice, and that I don't speak on behalf of the Debian Project. Other people were similarly attacked for the same reason. http://lists.debian.org/debian-legal/2006/10/msg00133.html http://lists.debian.org/debian-legal/2007/06/msg00014.html http://lists.debian.org/debian-legal/2007/06/msg00038.html http://lists.debian.org/debian-legal/2007/06/msg00092.html http://lists.debian.org/debian-legal/2007/06/msg00106.html http://lists.debian.org/debian-legal/2007/06/msg00222.html http://lists.debian.org/debian-legal/2007/06/msg00278.html http://lists.debian.org/debian-legal/2007/07/msg00062.html http://lists.debian.org/debian-legal/2007/07/msg00215.html As a consequence I began adding the disclaimers to my messages, in order to explicitly remind readers about the above facts. Now, you say that those disclaimers are a waste of time... I'm really puzzled. The real issue is not that you were posting without disclaimers. The real issue is that you post to debian-legal with *content* that is inappropriate *because* you are not a lawyer or a Debian developer. When someone posts to debian-legal asking for help figuring out if a license is ok for Debian main, and you respond saying that it isn't because of license feature X; and you are well aware that the ftpmasters have previously and consciously accepted other licenses into main with that same feature, and have not been swayed by your arguments; that's not appropriate. This list doesn't exist to serve as a soapbox for non-DDs to promote their own interpretations of the DFSG, it's here to help maintainers (and ftpmasters) figure out what packages Debian can distribute and in what section of the archive. When you repeatedly push interpretations of the DFSG that you *know* are inconsistent with how the ftpmasters operate, that's an abuse of debian-legal, regardless of how many disclaimers you stick on the end of it. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Steve Langasek [EMAIL PROTECTED] wrote: On Mon, Jun 23, 2008 at 07:34:22PM +0200, Francesco Poli wrote: As a consequence I began adding the disclaimers to my messages, in order to explicitly remind readers about the above facts. Now, you say that those disclaimers are a waste of time... I'm really puzzled. The real issue is not that you were posting without disclaimers. The real issue is that you post to debian-legal with *content* that is inappropriate *because* you are not a lawyer or a Debian developer. When someone posts to debian-legal asking for help figuring out if a license is ok for Debian main, and you respond saying that it isn't because of license feature X; and you are well aware that the ftpmasters have previously and consciously accepted other licenses into main with that same feature, and have not been swayed by your arguments; that's not appropriate. This list doesn't exist to serve as a soapbox for non-DDs to promote their own interpretations of the DFSG, it's here to help maintainers (and ftpmasters) figure out what packages Debian can distribute and in what section of the archive. When you repeatedly push interpretations of the DFSG that you *know* are inconsistent with how the ftpmasters operate, that's an abuse of debian-legal, regardless of how many disclaimers you stick on the end of it. Your complaint is separate from Anthony Towns' complaints. Anthony Towns was specifically complaining that someone might mistake Francesco's emails for some sort of official statement. Your complaint, on the other hand, is just as valid or invalid whether Francesco is a Debian developer or not. However, the description of the list says: debian-legal mailing list Copyright, licensing and patent issues Discussions about legality issues such as copyrights, patents etc. It does not restrict itself to dispensing the decisions of the ftp-masters. In fact, debian-legal is the most appropriate place to try to change the minds of people with regards to legal issues in Debian. Even if you are not a Debian Developer. In particular, it is appropriate to try to get people not to use bad licenses for software being packaged in Debian. You may have a different opinion on what bad (as opposed to non-DFSG free) means, which is why the list is open for discussion. Since Francesco does make pains to point out when he disagrees with official policy, I see nothing wrong with his posts. Cheers, Walter Landry [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Steve Langasek [EMAIL PROTECTED] writes: The real issue is not that you [Francesco Poli] were posting without disclaimers. The issue that led to those disclaimers was *exactly* that some thought Francesco should make it clear he is not speaking officially. When someone posts to debian-legal asking for help figuring out if a license is ok for Debian main, and you respond saying that it isn't because of license feature X; and you are well aware that the ftpmasters have previously and consciously accepted other licenses into main with that same feature, and have not been swayed by your arguments; that's not appropriate. Perhaps so. But that's not the issue that led to Francesco habitually appending disclaimers to his messages. It seems you have some separate complaint, that is unrelated to whether Francesco appends disclaimers to his messages or not. -- \“Some people, when confronted with a problem, think 'I know, | `\ I'll use regular expressions'. Now they have two problems.” | _o__) —Jamie Zawinski, in alt.religion.emacs | Ben Finney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Walter Landry [EMAIL PROTECTED] writes: Your [Steve Langasek's] complaint, on the other hand, is just as valid or invalid whether Francesco is a Debian developer or not. However, the description of the list says: debian-legal mailing list Copyright, licensing and patent issues Discussions about legality issues such as copyrights, patents etc. It does not restrict itself to dispensing the decisions of the ftp-masters. Perhaps that should be fixed then. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Reinhard Tartler [EMAIL PROTECTED] writes: Walter Landry [EMAIL PROTECTED] writes: [debian-legal] does not restrict itself to dispensing the decisions of the ftp-masters. Perhaps that should be fixed then. What would your proposed fix entail? Surely not divorcing the ftp-masters from an open discussion forum about legal issues. -- \ “If [a technology company] has confidence in their future | `\ ability to innovate, the importance they place on protecting | _o__) their past innovations really should decline.” —Gary Barnett | Ben Finney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Wed, Jul 02, 2008 at 08:34:31PM +1000, Ben Finney wrote: Steve Langasek [EMAIL PROTECTED] writes: The real issue is not that you [Francesco Poli] were posting without disclaimers. The issue that led to those disclaimers was *exactly* that some thought Francesco should make it clear he is not speaking officially. Well, it's the same thing really - adding the disclaimers is one (poor) way of addressing... When someone posts to debian-legal asking for help figuring out if a license is ok for Debian main, and you respond saying that it isn't because of license feature X; and you are well aware that the ftpmasters have previously and consciously accepted other licenses into main with that same feature, and have not been swayed by your arguments; that's not appropriate. ...the problems with him making statements that sound more authorative than they should be. Perhaps so. But that's not the issue that led to Francesco habitually appending disclaimers to his messages. Ideally there'd be no need for such disclaimers because the content of posts wouldn't create misleading impressions. -- You grabbed my hand and we fell into it, like a daydream - or a fever. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Wed, 2 Jul 2008 00:13:06 -0700 Steve Langasek wrote: [...] The real issue is not that you were posting without disclaimers. The real issue is that you post to debian-legal with *content* that is inappropriate *because* you are not a lawyer or a Debian developer. When someone posts to debian-legal asking for help figuring out if a license is ok for Debian main, and you respond saying that it isn't because of license feature X; and you are well aware that the ftpmasters have previously and consciously accepted other licenses into main with that same feature, and have not been swayed by your arguments; that's not appropriate. When I am aware that the ftpmasters disagree with my own personal opinion, I try to explicitly acknowledge it. See, for instance: http://lists.debian.org/debian-legal/2008/03/msg00089.html I am not a spokesperson of the ftpmasters: I think I am allowed to contribute to this list with my own personal opinion, as long as it's clear that I am not claiming that my opinion is the official Debian position or ftpmasters' one. This list doesn't exist to serve as a soapbox for non-DDs to promote their own interpretations of the DFSG, it's here to help maintainers (and ftpmasters) figure out what packages Debian can distribute and in what section of the archive. The description of this list states: Discussions about legality issues such as copyrights, patents etc. If *only one* opinion (namely ftpmasters' one) is allowed, I cannot see what kind of 'discussions' can be held... Moreover, if the list is here to also help [...] ftpmasters [...] figure out what packages Debian can distribute and in what section of the archive, as you yourself state, then I cannot understand how this could be achieved by only reporting ftpmasters' opinions... Do we have to remind ftpmasters their own opinions?!? When you repeatedly push interpretations of the DFSG that you *know* are inconsistent with how the ftpmasters operate, that's an abuse of debian-legal, regardless of how many disclaimers you stick on the end of it. Frankly speaking, you seem to consider debian-legal as an address for ftpmasters' spokespersons. If you really believe debian-legal should only report ftpmasters' opinions, then you should propose that [EMAIL PROTECTED] becomes an alias for [EMAIL PROTECTED] ... At that point, nothing but ftpmasters' opinions would be given. I don't know how many answers would be given for the raised questions, though: ftpmasters don't seem to be much willing to explain their decisions. For instance, I explicitly asked for an explanation of the acceptance of CC-by-v3.0 in bug #431794, but ftpmasters' answer has been a deafening silence, so far... :-( -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpA86ztAP1jc.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
* Francesco Poli | On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote: | | [...] | Actually, how are debian-keyring and debian-archive-keyring free-software, | anyway? Do I get source code for the all GPG keys they contain? | | The most widely accepted definition of source code is the one found in | the GNU GPL: the preferred form for making modifications to the work. | | If you modify a GPG public key, you obtain something that no longer | corresponds to the original private key (obviously). No, the most common modification done to a GPG public key is adding a signature to it in which case it still corresponds to the original private key. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Tue, 24 Jun 2008 18:19:49 +0200 Tollef Fog Heen wrote: * Francesco Poli [...] | If you modify a GPG public key, you obtain something that no longer | corresponds to the original private key (obviously). No, the most common modification done to a GPG public key is adding a signature to it in which case it still corresponds to the original private key. Fair enough. Even though adding a signature is more adding something to a work than modifying the existing work... Anyway, adding a signature does not require access to anything but the public key itself in the form in which it's normally distributed by keyservers. As a consequence, I would say the remainder of my previous reasoning still holds... -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpf3lqZK0AZg.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On 11424 March 1977, Francesco Poli wrote: Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP. Those are *totally* and absolutely unimportant and a waste to write. Could people please stop always writing them, its fairly clear by itself that debian-legal does NOT do any lawyers work (and whatever else people put into that crap). Its also absolutely unimportant if someone is a DD or not, it doesnt matter at all, as people are writing their own opinion about $stuff on the list, not that of Debian. -- bye, Joerg GyrosGeier SCSI benötigt drei Terminierungen, eine am einen Ende, eine am anderen Ende, und das Leben einer Ziege über einer schwarzen Kerze pgpuXa47pJTF9.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Sun, 22 Jun 2008, Francesco Poli wrote: OK, that said, if you wanted to modify a public key (in order to obtain something else), what form would you use for making modifications? I think the preferred form would be the one in which the GPG public key is distributed by keyservers or some other equivalent form (which may be losslessly obtained from the distribution form). Wouldn't the preferred form for modification be the number that's used to generate both the private and public key? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Ken Arromdee wrote: On Sun, 22 Jun 2008, Francesco Poli wrote: OK, that said, if you wanted to modify a public key (in order to obtain something else), what form would you use for making modifications? I think the preferred form would be the one in which the GPG public key is distributed by keyservers or some other equivalent form (which may be losslessly obtained from the distribution form). Wouldn't the preferred form for modification be the number that's used to generate both the private and public key? I don't think that modifying has any reasonable meaning when talking about cryptographic keys. A key is a number, or a set of numbers in the case of public-key cryptography. How do you modify a number? Arnoud -- IT lawyer, blogger and patent attorney ~ Partner at ICTRecht.nl legal services http://www.arnoud.engelfriet.net/ ~ http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote: On 11424 March 1977, Francesco Poli wrote: Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP. Those are *totally* and absolutely unimportant and a waste to write. Could people please stop always writing them, its fairly clear by itself that debian-legal does NOT do any lawyers work (and whatever else people put into that crap). Its also absolutely unimportant if someone is a DD or not, it doesnt matter at all, as people are writing their own opinion about $stuff on the list, not that of Debian. I *used* to think that those disclaimers are implicit in most cases. But then, I was harshly accused of not making it clear enough that I am neither a lawyer, nor a Debian developer, that I'm not providing legal advice, and that I don't speak on behalf of the Debian Project. Other people were similarly attacked for the same reason. http://lists.debian.org/debian-legal/2006/10/msg00133.html http://lists.debian.org/debian-legal/2007/06/msg00014.html http://lists.debian.org/debian-legal/2007/06/msg00038.html http://lists.debian.org/debian-legal/2007/06/msg00092.html http://lists.debian.org/debian-legal/2007/06/msg00106.html http://lists.debian.org/debian-legal/2007/06/msg00222.html http://lists.debian.org/debian-legal/2007/06/msg00278.html http://lists.debian.org/debian-legal/2007/07/msg00062.html http://lists.debian.org/debian-legal/2007/07/msg00215.html As a consequence I began adding the disclaimers to my messages, in order to explicitly remind readers about the above facts. Now, you say that those disclaimers are a waste of time... I'm really puzzled. -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpOgqux064Jh.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote: Ken Arromdee wrote: On Sun, 22 Jun 2008, Francesco Poli wrote: OK, that said, if you wanted to modify a public key (in order to obtain something else), what form would you use for making modifications? I think the preferred form would be the one in which the GPG public key is distributed by keyservers or some other equivalent form (which may be losslessly obtained from the distribution form). Wouldn't the preferred form for modification be the number that's used to generate both the private and public key? No, that would be the preferred form for compromising the key! ;-) Seriously, if I want to alter the public key, I don't think I need the corresponding secret key. A public key consists of some numbers, and so does the secret key. Those two sets of numbers are somewhat correlated, but I don't need one set in order to alter some numbers in the other set... I don't think that modifying has any reasonable meaning when talking about cryptographic keys. Why not? Original public key: -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.6 (GNU/Linux) mQGiBWDHQR[...]9U/rG7P6VAgfYkUYnkueiQ== =AGXn -END PGP PUBLIC KEY BLOCK- Modified work: -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.6 (GNU/Linux) XQGiBWDHQm[...]9U/rG7P6VAgfYkUYnkueiQ== =AGXn -END PGP PUBLIC KEY BLOCK- Please note that I changed two characters. Maybe it's no longer a public key, but who cares? It was a public key, it has been modified... A key is a number, or a set of numbers in the case of public-key cryptography. How do you modify a number? By performing operations on it. 5454 may be modified into 5457 by adding 3. Or into 2727 by dividing by 2. As an aside, this is just what computers do all the time: they process numbers in order to compute other numbers, and so on... P.S.: now what should I do? to add disclaimers or not to add disclaimers? this is the question! ;-) -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpPdfcV7lJfT.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Hi, On Mon, 2008-06-23 at 19:34 +0200, Francesco Poli wrote: I *used* to think that those disclaimers are implicit in most cases. But then, I was harshly accused of not making it clear enough that I am neither a lawyer, nor a Debian developer, that I'm not providing legal advice, and that I don't speak on behalf of the Debian Project. Other people were similarly attacked for the same reason. http://lists.debian.org/debian-legal/2006/10/msg00133.html http://lists.debian.org/debian-legal/2007/06/msg00014.html http://lists.debian.org/debian-legal/2007/06/msg00038.html http://lists.debian.org/debian-legal/2007/06/msg00092.html http://lists.debian.org/debian-legal/2007/06/msg00106.html http://lists.debian.org/debian-legal/2007/06/msg00222.html http://lists.debian.org/debian-legal/2007/06/msg00278.html http://lists.debian.org/debian-legal/2007/07/msg00062.html http://lists.debian.org/debian-legal/2007/07/msg00215.html As a consequence I began adding the disclaimers to my messages, in order to explicitly remind readers about the above facts. Now, you say that those disclaimers are a waste of time... I'm really puzzled. Have you ever heard the fable concerning a father, a son and a donkey? In a nutshell, first, nobody rides down the road on the donkey, and instead lead him with a rope. People criticized them for doing so, e.g. why not let the kid ride on top of the donkey? So, the father told the kid to ride the donkey. Then people criticized them again, for not letting the father ride the donkey instead. So, they switched again. Then people criticized that too, so they wound up carrying the donkey. Eventually, they reached a stream and fell in the water because there was too much weight in once place on the bridge they were crossing. The moral of the story is that no matter what you do or say, somebody will complain about it. So, the best path to take is the one which you think is correct. Judging by the point that you used to believe that the disclaimers were implicit, it seems like going back to assuming that might be a good idea. But, that's just my opinion, obviously. William signature.asc Description: This is a digitally signed message part
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Francesco Poli [EMAIL PROTECTED] wrote: On Mon, 23 Jun 2008 17:16:28 +0200 Joerg Jaspert wrote: On 11424 March 1977, Francesco Poli wrote: Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP. Those are *totally* and absolutely unimportant and a waste to write. Could people please stop always writing them, its fairly clear by itself that debian-legal does NOT do any lawyers work (and whatever else people put into that crap). Its also absolutely unimportant if someone is a DD or not, it doesnt matter at all, as people are writing their own opinion about $stuff on the list, not that of Debian. I *used* to think that those disclaimers are implicit in most cases. But then, I was harshly accused of not making it clear enough that I am neither a lawyer, nor a Debian developer, that I'm not providing legal advice, and that I don't speak on behalf of the Debian Project. Other people were similarly attacked for the same reason. http://lists.debian.org/debian-legal/2006/10/msg00133.html http://lists.debian.org/debian-legal/2007/06/msg00014.html http://lists.debian.org/debian-legal/2007/06/msg00038.html http://lists.debian.org/debian-legal/2007/06/msg00092.html http://lists.debian.org/debian-legal/2007/06/msg00106.html http://lists.debian.org/debian-legal/2007/06/msg00222.html http://lists.debian.org/debian-legal/2007/06/msg00278.html http://lists.debian.org/debian-legal/2007/07/msg00062.html http://lists.debian.org/debian-legal/2007/07/msg00215.html Note that all of these complaints were made by the same person: Anthony Towns. Since Anthony used to hold a number of positions of authority in Debian, including ftpmaster and DPL, I think that Francesco's response was not irrational. Since a current ftpmaster has explicitly said that these notices are no longer necessary, Francesco can probably relent. Personally, I received similar criticisms, but I never added disclaimers. I just thought Anthony was being a jerk. Cheers, Walter Landry [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the?backports.org repository
El domingo, 22 de junio de 2008 a las 12:54:09 -0600, Wesley J. Landaker escribía: Actually, how are debian-keyring and debian-archive-keyring free-software, anyway? Do I get source code for the all GPG keys they contain? The /usr/share/doc/debian-keyring/copyright even says The keys in the keyrings don't fall under any copyright. Ops! Well, the keys are not creative works, so they cannot be covered under copyright in most jurisdictions. However, the collection of keys itself can be covered under copyright, or something similar to it, in many of them, so having a free licence is still relevant: you can add, remove and update keys in the collection freely. Note how cunningly I avoided talking specifics about one or other jurisdiction to avoid giving legal advice unadvertantly. -- Jacobo Tarrío | http://jacobo.tarrio.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
Francesco Poli wrote: On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote: I don't think that modifying has any reasonable meaning when talking about cryptographic keys. Why not? Because it implies that you'd obtain something meaningful after the modification. The intent of the right to modify is that you can do something meaningful with the work. With any bitstream you can change random characters at will. I do not see any meaningful modification I can do with someone's key block. 5454 may be modified into 5457 by adding 3. Or into 2727 by dividing by 2. Well, if that's what you want, then the key block is source enough for the purpose. I just don't understand the point. It gets much more interesting if you want to modify, say, the name and e-mail address in an informational field in the key block. P.S.: now what should I do? to add disclaimers or not to add disclaimers? this is the question! ;-) Disclaimers usually aren't worth the electroncs they're reproduced with. Arnoud -- IT lawyer, blogger and patent attorney ~ Partner at ICTRecht.nl legal services http://www.arnoud.engelfriet.net/ ~ http://www.iusmentis.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Mon, 23 Jun 2008 11:43:25 -0700 (PDT) Walter Landry wrote: Francesco Poli [EMAIL PROTECTED] wrote: [...] But then, I was harshly accused of not making it clear enough that I am neither a lawyer, nor a Debian developer, that I'm not providing legal advice, and that I don't speak on behalf of the Debian Project. Other people were similarly attacked for the same reason. http://lists.debian.org/debian-legal/2006/10/msg00133.html http://lists.debian.org/debian-legal/2007/06/msg00014.html http://lists.debian.org/debian-legal/2007/06/msg00038.html http://lists.debian.org/debian-legal/2007/06/msg00092.html http://lists.debian.org/debian-legal/2007/06/msg00106.html http://lists.debian.org/debian-legal/2007/06/msg00222.html http://lists.debian.org/debian-legal/2007/06/msg00278.html http://lists.debian.org/debian-legal/2007/07/msg00062.html http://lists.debian.org/debian-legal/2007/07/msg00215.html Note that all of these complaints were made by the same person: Anthony Towns. There were some other people who seemed to more or less agree with Anthony Towns. But he was certainly the loudest one complaining about this. That's why the messages I was able to found out in a hurry were his ones: I didn't manage to dig the few from other people... Since Anthony used to hold a number of positions of authority in Debian, including ftpmaster and DPL, I think that Francesco's response was not irrational. Since a current ftpmaster has explicitly said that these notices are no longer necessary, Francesco can probably relent. I am not sure: adding those acronyms is not a big deal and they use (or waste!) really few bits. They seem to succeed in stopping the complaints, so maybe they are not completely useless. -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpuX9JRDOqIR.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Mon, 23 Jun 2008 22:31:02 +0200 Arnoud Engelfriet wrote: Francesco Poli wrote: On Mon, 23 Jun 2008 18:15:16 +0200 Arnoud Engelfriet wrote: I don't think that modifying has any reasonable meaning when talking about cryptographic keys. Why not? Because it implies that you'd obtain something meaningful after the modification. The intent of the right to modify is that you can do something meaningful with the work. Never underestimate the unexpected results you can obtain by giving some permission to unknown people! ;-) I mean: just because you cannot think of any meaningful modifications, it does not mean that nobody will ever come up with some. Maybe someone will turn your public key into some sort of ASCII art! Or who knows what? [...] I do not see any meaningful modification I can do with someone's key block. 5454 may be modified into 5457 by adding 3. Or into 2727 by dividing by 2. Well, if that's what you want, then the key block is source enough for the purpose. Exactly. I just don't understand the point. It gets much more interesting if you want to modify, say, the name and e-mail address in an informational field in the key block. I suppose you can do that without access to the secret key. Of course at that point you would break the self-signature: at least I hope so, otherwise forging a fake public key would be too easy! ;-) -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpuOcttE5Ksf.pgp Description: PGP signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
This one time, at band camp, Francesco Poli said: There were some other people who seemed to more or less agree with Anthony Towns. But he was certainly the loudest one complaining about this. I think it's quite likely I objected to you appearing to speak authoritatively on behalf of the project. However, that has more to do with you saying things like you must or you cannot and less to do with how many acronyms you can invent to stick on the end of your emails. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Sunday 22 June 2008 12:08:30 Adam Majer wrote: AFAIK, we do not distribute things, we distribute *software*. Some packages are just composed of data though, but other packages depend on it. Some is just data that is very useful in the *Debian* project. This includes the keyring. Certainly, the backports.org keyring is useful to some people, *but* it is, 1. not free software Actually, how are debian-keyring and debian-archive-keyring free-software, anyway? Do I get source code for the all GPG keys they contain? The /usr/share/doc/debian-keyring/copyright even says The keys in the keyrings don't fall under any copyright. Ops! Maybe there are other reasons, but let's not pretend we're keeping debian-backports-keyring out because it's not free software. (Personally, I think all keyrings are fine.) -- Wesley J. Landaker [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 signature.asc Description: This is a digitally signed message part.
Re: ITP: debian-backports-keyring -- GnuPG archive key of the backports.org repository
On Sun, 22 Jun 2008 12:54:09 -0600 Wesley J. Landaker wrote: [...] Actually, how are debian-keyring and debian-archive-keyring free-software, anyway? Do I get source code for the all GPG keys they contain? The most widely accepted definition of source code is the one found in the GNU GPL: the preferred form for making modifications to the work. If you modify a GPG public key, you obtain something that no longer corresponds to the original private key (obviously). You could end up with a different GPG public key or with something that is no longer a GPG public key. OK, that said, if you wanted to modify a public key (in order to obtain something else), what form would you use for making modifications? I think the preferred form would be the one in which the GPG public key is distributed by keyservers or some other equivalent form (which may be losslessly obtained from the distribution form). Hence, if I understand correctly, I think the Debian package does provide source. The /usr/share/doc/debian-keyring/copyright even says The keys in the keyrings don't fall under any copyright. Ops! This could be true, to the extent that the key generation process does not involve any creative input. However, I've seen GPG key pairs generated in such a way that the ascii-armored public key embeds readable text provided by the user. In those cases, the readable text could be creative enough to be copyrighted by its author... Moreover, GPG public keys may be accompanied by photo-ids (small images that represent photo portraits of the key owner): those photo-ids, if present, may constitute other copyrighted material... Important disclaimers: IANAL, TINLA, IANADD, TINASOTODP. -- http://frx.netsons.org/doc/index.html#nanodocs The nano-document series is here! . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpuSh2JRToal.pgp Description: PGP signature
