Ion3 license violation
Tuomo Valkonen
tuomov at iki.fi
Thu Dec 13 02:28:04 PST 2007
On 2007-12-13, Peter Jeremy <peterjeremy at optushome.com.au> wrote:
> I'm not sure how me as an end user not bothering to update my
> installed package for several months differs from me as a package
> distributor failing to update a binary distribution to your latest
> release within 28 days,
As someone who's been using a particular version for some time, you are
more likely to check for a new version before complaining. New consider
a new _l_user that has just heard of Ion, installing it from a distro that
doesn't keep up-to-date, and running into problems. Aside from lusers
having no idea that the distro doesn't keep up-to-date, and distributes
old broken development snapshots, running into problems is more likely
after a new install than later on. That's what this is about.
> In general, FreeBSD only distributes third-party packages in binary format.
Umm.. the ports system is primarily source-based, and you distribute the
sources.
> How will this work if the end user does not have web access or doesn't
> have the resources or desire to compile it?
I did mention that this does not work for binary packages.
> This signature was created using a self-signed key and is therefore
> useless as a mechanism to verify the associated package.
IRL-based PGP signing customs suck [1]. I don't even know anyone IRL
that would have the slightest interest in using encryption.
[1]: http://www.iki.fi/tuomov/b/archives/2006/06/25/T00_20_11/
> way to verify that the person who created that signature is the same
> person who wrote the e-mail I am responding to or that either are
> actually the author of the "official" version of Ion-3.
That doesn't matter. What matters is that the _same_ key is used,
after you've initially verified the package.
--
Tuomo
More information about the freebsd-ports
mailing list