Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Dev

Are we allowed to provide valid SRC_URI for fetch restricted packages?

  

 
Gentoo dev RSS feed   Index | Next | Previous | View Threaded


xarthisius at gentoo

Feb 26, 2012, 3:34 AM

Post #1 of 4 (236 views)
Permalink
Are we allowed to provide valid SRC_URI for fetch restricted packages?
Hi all,
I've been asked by a user to remove valid SRC_URI for a package that has
RESTRICT="fetch". The package in question requires you to go to
upstream's webpage, sign license agreement and then you're fed with
download link. User argues that by giving people valid download link
hardcoded in ebuild we may encourage them to bypass the registration
step[1] and that may pose a legal threat. Can anyone more law-aware
comment on that?
TIA!
Kacper

[1] https://bugs.gentoo.org/show_bug.cgi?id=405803#c0
Attachments: signature.asc (0.88 KB)


antarus at gentoo

Feb 26, 2012, 4:33 AM

Post #2 of 4 (229 views)
Permalink
Re: Are we allowed to provide valid SRC_URI for fetch restricted packages? [In reply to]
On Sun, Feb 26, 2012 at 3:34 AM, Kacper Kowalik <xarthisius [at] gentoo> wrote:
> Hi all,
> I've been asked by a user to remove valid SRC_URI for a package that has
> RESTRICT="fetch". The package in question requires you to go to
> upstream's webpage, sign license agreement and then you're fed with
> download link. User argues that by giving people valid download link
> hardcoded in ebuild we may encourage them to bypass the registration
> step[1] and that may pose a legal threat. Can anyone more law-aware
> comment on that?
> TIA!
> Kacper
>
> [1] https://bugs.gentoo.org/show_bug.cgi?id=405803#c0
>

You should file a bug with the trustees; they deal with legal stuff.

-A


vapier at gentoo

Apr 10, 2012, 12:38 PM

Post #3 of 4 (186 views)
Permalink
Re: Are we allowed to provide valid SRC_URI for fetch restricted packages? [In reply to]
On Sunday 26 February 2012 06:34:13 Kacper Kowalik wrote:
> I've been asked by a user to remove valid SRC_URI for a package that has
> RESTRICT="fetch". The package in question requires you to go to
> upstream's webpage, sign license agreement and then you're fed with
> download link. User argues that by giving people valid download link
> hardcoded in ebuild we may encourage them to bypass the registration
> step[1] and that may pose a legal threat. Can anyone more law-aware
> comment on that?

i don't see a problem here. although this is something that you'd prob want
to post to the trustees and let them make a decision.
-mike
Attachments: signature.asc (0.82 KB)


rich0 at gentoo

Apr 10, 2012, 12:47 PM

Post #4 of 4 (187 views)
Permalink
Re: Are we allowed to provide valid SRC_URI for fetch restricted packages? [In reply to]
On Tue, Apr 10, 2012 at 3:38 PM, Mike Frysinger <vapier [at] gentoo> wrote:
>
> i don't see a problem here.  although this is something that you'd prob want
> to post to the trustees and let them make a decision.
> -mike
>

This is a bit of a stale thread. This particular package was modified
to remove the SRC_URI, so it is no longer outstanding. The Trustees
have discussed, and i'd say a majority would prefer not to have
SRC_URI for fetch-restricted files. However, I don't believe we put
it to a vote.

Personally, I tend to not see an issue here, but am open-minded to
specific precedents/etc that raise concerns. I think others are a bit
more conservative.

Rich

Gentoo dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.