On 06/02/2012 09:24 AM, Gregory Maxwell wrote:
(Users would have to disable
> yum's gpg checking in order to install your unsigned package, or they would
> have to install/your/ gpg key and trust it in order to install the package
> signed with your key).
I distribute modified copies of Fedora's OpenSSL libraries, they're
signed my by key not Fedora's. Users— even rather technically
unsophisticated— install them without any difficulty. The install
tools do not enforce that the files be signed, they do not have to
install my key.
Try for yourself, if you like:http://people.xiph.org/~greg/openssl/
My point here was that you don't enjoy equal footing with Fedora in this
regard, today. User's have to do something /extra/ to get your
software. They have to either disable GPG protection in yum, install
your GPG key, or install the packages outside of yum.
This is not unlike disabling Secure Boot or adding your key to Secure Boot.
> You have as
> much equal footing as Fedora does to plunk down the $99 and play along in
> the PC sandbox.
So if I were to take, say, a GPLed compositing window manager and then
I paid $99 for a license to embed a copy of commercial opengl special
effects— which prohibited modification, reverse engineering,
redistribution by unlicensed parties, and commercial use— then I
started distributing this modified version... and I gave it to you and
told you that you were free to pay $99 to play in the
graphically-enhanced distribution sandbox, you'd think that was
okay?
That's a nice strawman you've built up there, however I'm quite unable
to see what point you're trying to make here.
--
Help me fight child abuse: http://tinyurl.com/jlkcourage
- jlk
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
