Ion3 license violation

Gergely CZUCZY phoemix at harmless.hu
Thu Dec 13 02:30:35 PST 2007 

On Thu, Dec 13, 2007 at 10:27:47AM +0000, Tuomo Valkonen wrote:
> On 2007-12-13, Peter Jeremy <peterjeremy at optushome.com.au> wrote:
> > I'm not sure how me as an end user not bothering to update my
> > installed package for several months differs from me as a package
> > distributor failing to update a binary distribution to your latest
> > release within 28 days,
> 
> As someone who's been using a particular version for some time, you are 
> more likely to check for a new version before complaining. New consider
> a new _l_user that has just heard of Ion, installing it from a distro that
> doesn't keep up-to-date, and running into problems. Aside from lusers 
> having no idea that the distro doesn't keep up-to-date, and distributes
> old broken development snapshots, running into problems is more likely
> after a new install than later on. That's what this is about. 
> 
> > In general, FreeBSD only distributes third-party packages in binary format.
> 
> Umm.. the ports system is primarily source-based, and you distribute the
> sources.
False. We distribute the URLs to the sources. Usually the sources are
retrieved from the author and its mirrors.
Only a few versions are mirrored by the FreeBSD project.

> > How will this work if the end user does not have web access or doesn't
> > have the resources or desire to compile it?
> 
> I did mention that this does not work for binary packages.
> 
> > This signature was created using a self-signed key and is therefore
> > useless as a mechanism to verify the associated package.  
> 
> IRL-based PGP signing customs suck [1]. I don't even know anyone IRL
> that would have the slightest interest in using encryption.
> 
>   [1]: http://www.iki.fi/tuomov/b/archives/2006/06/25/T00_20_11/
> 
> > way to verify that the person who created that signature is the same
> > person who wrote the e-mail I am responding to or that either are
> > actually the author of the "official" version of Ion-3.
> 
> That doesn't matter. What matters is that the _same_ key is used,
> after you've initially verified the package.
> 
> -- 
> Tuomo
> 
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"

Sincerely,

Gergely Czuczy
mailto: gergely.czuczy at harmless.hu

-- 
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2104 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20071213/28fccd0a/attachment.pgp

More information about the freebsd-ports mailing list