FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 06-16-2010, 12:40 PM
Jim Ramsay
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Ch*-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
> I propose that this license be added to the EULA group. The previous
> AdobeFlash-10 license is similar in this regard, and could possibly
> also be added to that group.

Agreed, on both points, and done. Thanks for finding and airing this
issue!

> One notable section is 7.6 in which Adobe reserves the right to
> download and install additional Content Protection software on the
> user's PC.

Not like anyone will actually *read* the license before adding it to
their accept group, but if they did this would indeed be an important
thing of which users should be aware.

--
Jim Ramsay
Gentoo Developer (rox/fluxbox/gkrellm/vim)
 
Old 06-16-2010, 12:45 PM
Angelo Arrifano
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

On 16-06-2010 14:40, Jim Ramsay wrote:
> Ch*-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
>> I propose that this license be added to the EULA group. The previous
>> AdobeFlash-10 license is similar in this regard, and could possibly
>> also be added to that group.
>
> Agreed, on both points, and done. Thanks for finding and airing this
> issue!
>
>> One notable section is 7.6 in which Adobe reserves the right to
>> download and install additional Content Protection software on the
>> user's PC.
>
> Not like anyone will actually *read* the license before adding it to
> their accept group, but if they did this would indeed be an important
> thing of which users should be aware.
>

I defend it is our job to warn users about this kind of details. To me
it sounds that a einfo at post-build phase would do the job, what do you
guys think?
 
Old 06-17-2010, 10:06 PM
Lars Wendler
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> On 16-06-2010 14:40, Jim Ramsay wrote:
> > Ch*-Thanh Christopher Nguyễn <chithanh@gentoo.org> wrote:
> >> I propose that this license be added to the EULA group. The previous
> >> AdobeFlash-10 license is similar in this regard, and could possibly
> >> also be added to that group.
> >
> > Agreed, on both points, and done. Thanks for finding and airing this
> > issue!
> >
> >> One notable section is 7.6 in which Adobe reserves the right to
> >> download and install additional Content Protection software on the
> >> user's PC.
> >
> > Not like anyone will actually *read* the license before adding it to
> > their accept group, but if they did this would indeed be an important
> > thing of which users should be aware.
>
> I defend it is our job to warn users about this kind of details. To me
> it sounds that a einfo at post-build phase would do the job, what do you
> guys think?

Definitely yes! This is a very dangerous snippet in Adobe's license which
should be pretty clearly pointed at to every user.

--
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler
 
Old 06-17-2010, 10:14 PM
Dale
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Lars Wendler wrote:

Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:


On 16-06-2010 14:40, Jim Ramsay wrote:


Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote:


I propose that this license be added to the EULA group. The previous
AdobeFlash-10 license is similar in this regard, and could possibly
also be added to that group.


Agreed, on both points, and done. Thanks for finding and airing this
issue!



One notable section is 7.6 in which Adobe reserves the right to
download and install additional Content Protection software on the
user's PC.


Not like anyone will actually *read* the license before adding it to
their accept group, but if they did this would indeed be an important
thing of which users should be aware.


I defend it is our job to warn users about this kind of details. To me
it sounds that a einfo at post-build phase would do the job, what do you
guys think?


Definitely yes! This is a very dangerous snippet in Adobe's license which
should be pretty clearly pointed at to every user.




Could that also include a alternative to adobe? If there is one.

Dale

:-) :-)
 
Old 06-17-2010, 11:20 PM
Lars Wendler
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Am Freitag 18 Juni 2010, 00:37:29 schrieb Ch*-Thanh Christopher Nguyễn:
> Dale schrieb:
> >>>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>>> download and install additional Content Protection software on the
> >>>>> user's PC.
> >>>>
> >>>> Not like anyone will actually *read* the license before adding it to
> >>>> their accept group, but if they did this would indeed be an important
> >>>> thing of which users should be aware.
> >>>
> >>> I defend it is our job to warn users about this kind of details. To me
> >>> it sounds that a einfo at post-build phase would do the job, what do
> >>> you
> >>> guys think?
>
> Though I am not opposed to adding a warning, I think the license mask is
> sufficient. If users demonstrate their indifference by setting
> ACCEPT_LICENSE="*" or adding AdobeFlash-10.1 without reading the
> license, then I somehow doubt that elog messages will have an effect.

Maybe I'm quite alone with that but I have ACCEPT_LICENSE="*" because I hate
to edit my make.conf each time I try to emerge a package with yet another
license that is missing in the variable. But I still watch for elog messages
carefully after each merge.

> >> Definitely yes! This is a very dangerous snippet in Adobe's license
> >> which
> >> should be pretty clearly pointed at to every user.
> >
> > Could that also include a alternative to adobe? If there is one.
>
> There are three open-source flash browser plugins in portage:
> - swfdec: development seems to have stalled
> - gnash: I have received mixed reports about the stability of the
> current version. The next release will include VA-API support and other
> improvements.
> - lightspark: a recent effort which is in its early stages and still
> incomplete in many ways (eg. audio support is planned for 0.4.2)
>
> None of them I consider good enough to replace adobe-flash for the
> average user.

Unfortunately yes. Especially now that Adobe fails to provide x86_64 users a
non-vulnerable plugin I'd very much prefer to use an open-source replacement
that for sure would be fixed much faster in case it's affected by some security
vulnerability as well.
One can only hope that flash finally vanishes from WWW now that HTML5 could
become a good alternative...

> Regards,
> Ch*-Thanh Christopher Nguyễn

--
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler
 
Old 06-18-2010, 01:42 AM
Brian Harring
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> Lars Wendler wrote:
> > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> >
> >> On 16-06-2010 14:40, Jim Ramsay wrote:
> >>
> >>> Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote:
> >>>> One notable section is 7.6 in which Adobe reserves the right to
> >>>> download and install additional Content Protection software on the
> >>>> user's PC.
> >>>>
> >>> Not like anyone will actually *read* the license before adding it to
> >>> their accept group, but if they did this would indeed be an important
> >>> thing of which users should be aware.
> >>>
> >> I defend it is our job to warn users about this kind of details. To me
> >> it sounds that a einfo at post-build phase would do the job, what do you
> >> guys think?
> >>
> > Definitely yes! This is a very dangerous snippet in Adobe's license which
> > should be pretty clearly pointed at to every user.
> >
> >
>
> Could that also include a alternative to adobe? If there is one.

The place to advocate free alternatives (or upstreams that are
nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
best in metadata.xml... einfo should be "this is the things to watch
for in using this/setting it up" not "these guys are evil, use one of
the free alternatives!".

Grok?

~harring
 
Old 06-18-2010, 06:10 AM
Dale
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Brian Harring wrote:

On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:


Lars Wendler wrote:


Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:



On 16-06-2010 14:40, Jim Ramsay wrote:



Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote:


One notable section is 7.6 in which Adobe reserves the right to
download and install additional Content Protection software on the
user's PC.



Not like anyone will actually *read* the license before adding it to
their accept group, but if they did this would indeed be an important
thing of which users should be aware.



I defend it is our job to warn users about this kind of details. To me
it sounds that a einfo at post-build phase would do the job, what do you
guys think?



Definitely yes! This is a very dangerous snippet in Adobe's license which
should be pretty clearly pointed at to every user.




Could that also include a alternative to adobe? If there is one.


The place to advocate free alternatives (or upstreams that are
nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
best in metadata.xml... einfo should be "this is the things to watch
for in using this/setting it up" not "these guys are evil, use one of
the free alternatives!".

Grok?

~harring



I was thinking more along the lines of "the end user license has changed
substantially for this package. If you don't accept the changes and want
a alternative package, you can look into xyz or wyz." Nothing about
being evil, just information.


This way the user knows it has changed, they can read it and then if
they have problems with it, they can then use something else. I have all
licenses accepted in my make.conf, as does another poster in this
thread, but I do hope that I would be notified if a package is going to
install or otherwise change my system. I'm using Gentoo because I DON'T
want things installed that I don't know about. After all, the first line
of defense in open source distros is the developers. Just think, would
your reaction be different if it explicitly said it was going to install
spyware? After all, no one knows what it may install and then do. Some
users may decide they don't want to take that chance if they know about
it. Right now, they may not even know about it. If I wasn't subscribed
here, I wouldn't either.


Just my thoughts.

Dale

:-) :-)
 
Old 06-18-2010, 09:08 AM
Lars Wendler
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
> > Lars Wendler wrote:
> > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
> > >> On 16-06-2010 14:40, Jim Ramsay wrote:
> > >>> Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote:
> > >>>> One notable section is 7.6 in which Adobe reserves the right to
> > >>>> download and install additional Content Protection software on the
> > >>>> user's PC.
> > >>>
> > >>> Not like anyone will actually *read* the license before adding it to
> > >>> their accept group, but if they did this would indeed be an important
> > >>> thing of which users should be aware.
> > >>
> > >> I defend it is our job to warn users about this kind of details. To me
> > >> it sounds that a einfo at post-build phase would do the job, what do
> > >> you guys think?
> > >
> > > Definitely yes! This is a very dangerous snippet in Adobe's license
> > > which should be pretty clearly pointed at to every user.
> >
> > Could that also include a alternative to adobe? If there is one.
>
> The place to advocate free alternatives (or upstreams that are
> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
> best in metadata.xml... einfo should be "this is the things to watch
> for in using this/setting it up" not "these guys are evil, use one of
> the free alternatives!".

Maybe I expressed myself a bit misinterpretative. I don't want to request an
elog message telling users about alternative packages. But in my opinion an
elog message pointing at the bald-faced parts of Adobe's license should be
added. These parts about allowing Adobe to install further content protection
software is just too dangerous in my opinion.

> Grok?
>
> ~harring

--
Lars Wendler (Polynomial-C)
Gentoo developer and bug-wrangler
 
Old 06-18-2010, 10:16 AM
Alec Warner
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote:
> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>> > Lars Wendler wrote:
>> > > Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>> > >> On 16-06-2010 14:40, Jim Ramsay wrote:
>> > >>> Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> *wrote:
>> > >>>> One notable section is 7.6 in which Adobe reserves the right to
>> > >>>> download and install additional Content Protection software on the
>> > >>>> user's PC.
>> > >>>
>> > >>> Not like anyone will actually *read* the license before adding it to
>> > >>> their accept group, but if they did this would indeed be an important
>> > >>> thing of which users should be aware.
>> > >>
>> > >> I defend it is our job to warn users about this kind of details. To me
>> > >> it sounds that a einfo at post-build phase would do the job, what do
>> > >> you guys think?
>> > >
>> > > Definitely yes! This is a very dangerous snippet in Adobe's license
>> > > which should be pretty clearly pointed at to every user.
>> >
>> > Could that also include a alternative to adobe? *If there is one.
>>
>> The place to advocate free alternatives (or upstreams that are
>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
>> best in metadata.xml... einfo should be "this is the things to watch
>> for in using this/setting it up" not "these guys are evil, use one of
>> the free alternatives!".
>
> Maybe I expressed myself a bit misinterpretative. I don't want to request an
> elog message telling users about alternative packages. But in my opinion an
> elog message pointing at the bald-faced parts of Adobe's license should be
> added. These parts about allowing Adobe to install further content protection
> software is just too dangerous in my opinion.

I will ignore the technical portion where basically any binary on your
system; even binaries you compiled yourself have the ability to
'install things you do not like' when run as root (and sometimes when
run as a normal user as well.)

The real meat here is that you want Gentoo to take some kind of stand
on particular licensing terms. I don't think this is a good
precedent[0] to set for our users. It presumes we will essentially
read the license in its entirety and inform users of the parts that we
think are 'scary.'[1] The user is the person who is installing and
running the software. The user is the person who should be reading
and agreeing with any licensing terms lest they find the teams
unappealing. I don't find it unreasonable to implement a tool as
Duncan suggested because it is not a judgement but a statement of
fact. "The license for app/foo has changed from X to Y. You should
review the changes accordingly by running <blah>"

[0] There is an existing precedent for reading the license and
ensuring Gentoo itself is not violating the license by distributing
said software. Gentoo takes measures to reduce its own liability in
case a lawsuit arises; however this is a pretty narrow case.
[1] The other bad part here is that 'scary' is itself a judgement call
about licensing terms. I do not want to have arguments with users
about which terms I should have to warn them about versus not. Users
should (ideally) be reading the software licenses for software they
choose to use.

-A

>
>> Grok?
>>
>> ~harring
>
> --
> Lars Wendler (Polynomial-C)
> Gentoo developer and bug-wrangler
>
>
 
Old 06-18-2010, 01:58 PM
Angelo Arrifano
 
Default Adding AdobeFlash-10{,.1} licenses to EULA group

On 18-06-2010 12:16, Alec Warner wrote:
> On Fri, Jun 18, 2010 at 2:08 AM, Lars Wendler <polynomial-c@gentoo.org> wrote:
>> Am Freitag 18 Juni 2010, 03:42:29 schrieb Brian Harring:
>>> On Thu, Jun 17, 2010 at 05:14:16PM -0500, Dale wrote:
>>>> Lars Wendler wrote:
>>>>> Am Mittwoch 16 Juni 2010, 14:45:21 schrieb Angelo Arrifano:
>>>>>> On 16-06-2010 14:40, Jim Ramsay wrote:
>>>>>>> Ch*-Thanh Christopher Nguyễn<chithanh@gentoo.org> wrote:
>>>>>>>> One notable section is 7.6 in which Adobe reserves the right to
>>>>>>>> download and install additional Content Protection software on the
>>>>>>>> user's PC.
>>>>>>>
>>>>>>> Not like anyone will actually *read* the license before adding it to
>>>>>>> their accept group, but if they did this would indeed be an important
>>>>>>> thing of which users should be aware.
>>>>>>
>>>>>> I defend it is our job to warn users about this kind of details. To me
>>>>>> it sounds that a einfo at post-build phase would do the job, what do
>>>>>> you guys think?
>>>>>
>>>>> Definitely yes! This is a very dangerous snippet in Adobe's license
>>>>> which should be pretty clearly pointed at to every user.
>>>>
>>>> Could that also include a alternative to adobe? If there is one.
>>>
>>> The place to advocate free alternatives (or upstreams that are
>>> nonsuck) isn't in einfo messages in ebuilds, it's on folks blogs or at
>>> best in metadata.xml... einfo should be "this is the things to watch
>>> for in using this/setting it up" not "these guys are evil, use one of
>>> the free alternatives!".

Why? You are running a free and opensource operating system, what's
wrong suggesting *other* free and opensource alternatives? You are just
providing the user a choice, not to actually oblige him to install anything.

Also, I'm pretty sure seeing nvidia-drivers suggesting the use of the
kernel driver when using the hardened profile.
>>
>> Maybe I expressed myself a bit misinterpretative. I don't want to request an
>> elog message telling users about alternative packages. But in my opinion an
>> elog message pointing at the bald-faced parts of Adobe's license should be
>> added. These parts about allowing Adobe to install further content protection
>> software is just too dangerous in my opinion.
>
> I will ignore the technical portion where basically any binary on your
> system; even binaries you compiled yourself have the ability to
> 'install things you do not like' when run as root (and sometimes when
> run as a normal user as well.)

For all the years running Linux, I never found that case.
>
> The real meat here is that you want Gentoo to take some kind of stand
> on particular licensing terms. I don't think this is a good
> precedent[0] to set for our users. It presumes we will essentially
> read the license in its entirety and inform users of the parts that we
> think are 'scary.'[1] The user is the person who is installing and
> running the software. The user is the person who should be reading
> and agreeing with any licensing terms lest they find the teams
> unappealing. I don't find it unreasonable to implement a tool as
> Duncan suggested because it is not a judgement but a statement of
> fact. "The license for app/foo has changed from X to Y. You should
> review the changes accordingly by running <blah>"

I'm the person who initially proposed warning users on elog. The initial
proposal only states about:
1) A warning about change of licensing terms.
2) A warning that "additional Content Protection software" might be
installed without users consent.

In fact, portage already warns the users about bad coding practices,
install of executables with runtime text relocations, etc.. How is this
different?
If me, as a user, didn't know about such detail (who reads software
license agreements anyway?) and someday I hypothetically find a
executable running without my permission as my user account and I'm able
to associate it with Adobe's flash, I would be pissed off to no extent.
And guess what? First thing I would *blame* is flash maintainers.
I expect package maintainers to be more familiar with the packages they
maintain than me. As consequence, I expect them to advice me about
non-obvious details on those packages. At least that's what I try to do
on the packages I maintain.
GNU/Linux is all about choice. Stating, during install, that a package
might later install additional stuff will just provide a choice to the
user, not conditioning it.

Regards,
- Angelo
>
> [0] There is an existing precedent for reading the license and
> ensuring Gentoo itself is not violating the license by distributing
> said software. Gentoo takes measures to reduce its own liability in
> case a lawsuit arises; however this is a pretty narrow case.
> [1] The other bad part here is that 'scary' is itself a judgement call
> about licensing terms. I do not want to have arguments with users
> about which terms I should have to warn them about versus not. Users
> should (ideally) be reading the software licenses for software they
> choose to use.
>
> -A
>
>>
>>> Grok?
>>>
>>> ~harring
>>
>> --
>> Lars Wendler (Polynomial-C)
>> Gentoo developer and bug-wrangler
>>
>>
>
 

Thread Tools




All times are GMT. The time now is 09:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org