Date: Thu, 13 Dec 2007 10:27:47 +0000 (UTC) From: Tuomo Valkonen <tuomov@iki.fi> To: freebsd-ports@freebsd.org Subject: Re: Ion3 license violation Message-ID: <slrnfm2293.7a5.tuomov@jolt.modeemi.cs.tut.fi> References: <slrnflv329.e47.tuomov@jolt.modeemi.cs.tut.fi> <20071212073944.GC29211@soaustin.net> <slrnflv4hj.ge8.tuomov@jolt.modeemi.cs.tut.fi> <20071212080932.GA30438@soaustin.net> <slrnflv6nd.k6f.tuomov@jolt.modeemi.cs.tut.fi> <20071212083658.GA31114@soaustin.net> <47602AC8.7060609@csub.edu> <476030F0.50501@csub.edu> <20071212142045.de0dcc7e.wmoran@potentialtech.com> <slrnfm0fd5.l9t.tuomov@jolt.modeemi.cs.tut.fi> <20071213095657.GT11310@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007-12-13, Peter Jeremy <peterjeremy@optushome.com.au> wrote: > I'm not sure how me as an end user not bothering to update my > installed package for several months differs from me as a package > distributor failing to update a binary distribution to your latest > release within 28 days, As someone who's been using a particular version for some time, you are more likely to check for a new version before complaining. New consider a new _l_user that has just heard of Ion, installing it from a distro that doesn't keep up-to-date, and running into problems. Aside from lusers having no idea that the distro doesn't keep up-to-date, and distributes old broken development snapshots, running into problems is more likely after a new install than later on. That's what this is about. > In general, FreeBSD only distributes third-party packages in binary format. Umm.. the ports system is primarily source-based, and you distribute the sources. > How will this work if the end user does not have web access or doesn't > have the resources or desire to compile it? I did mention that this does not work for binary packages. > This signature was created using a self-signed key and is therefore > useless as a mechanism to verify the associated package. IRL-based PGP signing customs suck [1]. I don't even know anyone IRL that would have the slightest interest in using encryption. [1]: http://www.iki.fi/tuomov/b/archives/2006/06/25/T00_20_11/ > way to verify that the person who created that signature is the same > person who wrote the e-mail I am responding to or that either are > actually the author of the "official" version of Ion-3. That doesn't matter. What matters is that the _same_ key is used, after you've initially verified the package. -- Tuomo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnfm2293.7a5.tuomov>