Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
Package: wnpp Severity: wishlist Package name: elfsign Version : 0.2.0 Upstream Author : <[EMAIL PROTECTED]> URL : http://www.hick.org/code/skape/elfsign/ License : Artistic Description : ELF binary signing and verification utilities This package provides a utility to add a digital signature to an ELF binary, and another utility to verify that signature. The current implementation uses PKI to sign the checksum of the binary. The benefits of doing this are are that it enables one to determine if a binary has been modified, and who created that binary. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.25-1-686 Locale: LANG=C, LC_CTYPE=C
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
On Wed, May 05, 2004 at 12:24:00PM +0100, Andrew Suffield wrote: > > The original Artistic license is not appropriate for licensing > anything that is not approximately perl, because of the way it is > worded. It is a terrible license. Do not use it. It's also highly > questionable as to whether things licensed under it can be included in > Debian, given the prohibitions on commercial distribution. Please ask > upstream to replace it with the Clarified Artistic license (or some > other free software license) before this is included in Debian. > Oh bleh. Why the hell does DFSG #10 specifically mention it then? Interestingly the DFSG links to the Artistic licence at http://www.perl.com/pub/a/language/misc/Artistic.html whereas http://www.debian.org/intro/free links to it at http://www.opensource.org/licenses/artistic-license.php I've already asked upstream to change it from: elfsign is property of Uninformed Research and is freely distributable under the conditions that: 1) Modification of the code retains credit to the original author(s) 2) The authors may not be blamed for any damages incurred from the use of this software. to the Artistic licence, after specifically directing him to http://www.debian.org/social_contract and http://www.debian.org/intro/free If the official line isn't what's on the website, we really should get it fixed up. regards Andrew signature.asc Description: Digital signature
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
On Wed, May 05, 2004 at 02:24:54PM +1000, Andrew Pollock wrote: > Package name: elfsign > Version : 0.2.0 > Upstream Author : <[EMAIL PROTECTED]> > URL : http://www.hick.org/code/skape/elfsign/ > License : Artistic > Description : ELF binary signing and verification utilities > > This package provides a utility to add a digital signature to an ELF > binary, and another utility to verify that signature. The current > implementation uses PKI to sign the checksum of the binary. The benefits > of doing this are are that it enables one to determine if a binary has > been modified, and who created that binary. The original Artistic license is not appropriate for licensing anything that is not approximately perl, because of the way it is worded. It is a terrible license. Do not use it. It's also highly questionable as to whether things licensed under it can be included in Debian, given the prohibitions on commercial distribution. Please ask upstream to replace it with the Clarified Artistic license (or some other free software license) before this is included in Debian. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- | signature.asc Description: Digital signature
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
On Wed, May 05, 2004 at 09:58:35PM +1000, Andrew Pollock wrote: > On Wed, May 05, 2004 at 12:24:00PM +0100, Andrew Suffield wrote: > > > > The original Artistic license is not appropriate for licensing > > anything that is not approximately perl, because of the way it is > > worded. It is a terrible license. Do not use it. It's also highly > > questionable as to whether things licensed under it can be included in > > Debian, given the prohibitions on commercial distribution. Please ask > > upstream to replace it with the Clarified Artistic license (or some > > other free software license) before this is included in Debian. > > > > Oh bleh. Why the hell does DFSG #10 specifically mention it then? Historical. The Artistic license is basically only appropriate for perl (and perl modules) because of the way it's written[0], and in *that specific instance* there aren't any problems. (This is on my list of things to fix, probably by replacing it with the Clarified Artistic) > Interestingly the DFSG links to the Artistic licence at > http://www.perl.com/pub/a/language/misc/Artistic.html > whereas http://www.debian.org/intro/free links to it at > http://www.opensource.org/licenses/artistic-license.php Even more interestingly, the latter is not a copy of the Perl Artistic license. I'm not really sure *what* it is, it's somewhere between that and the Clarified. elfsign is using the original, which can be found at /usr/share/common-licenses/Artistic. What are OSI playing at? Who uses this license? > I've already asked upstream to change it from: > > elfsign is property of Uninformed Research and is freely distributable under > the conditions that: > > 1) Modification of the code retains credit to the original author(s) > 2) The authors may not be blamed for any damages incurred from the use of > this software. > > to the Artistic licence, after specifically directing him to > > http://www.debian.org/social_contract > and > http://www.debian.org/intro/free Oops. Best to check with -legal before doing anything with licenses; there's a lot of stuff floating around that's misleading or outdated. > If the official line isn't what's on the website, we really should get it > fixed up. Yeah, these things take a painful amount of time, were backed up *years* by the voting system changes, and there have been higher priorities. I do plan on pressing for a DFSG revision this year, though. [0] Clauses like this crap: You may embed this Package's interpreter within an executable of yours (by linking); this shall be construed as a mere form of aggregation, provided that the complete Standard Version of the interpreter is so embedded. We *need* that clause, but this "interpreter" stuff doesn't make any sense for elfsign - it was written for perl. There are several more like this. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- | signature.asc Description: Digital signature
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
Andrew Pollock <[EMAIL PROTECTED]> writes: > Package: wnpp > Severity: wishlist > > Package name: elfsign > Version : 0.2.0 > Upstream Author : <[EMAIL PROTECTED]> > URL : http://www.hick.org/code/skape/elfsign/ > License : Artistic > Description : ELF binary signing and verification utilities > > This package provides a utility to add a digital signature to an ELF > binary, and another utility to verify that signature. The current > implementation uses PKI to sign the checksum of the binary. The benefits > of doing this are are that it enables one to determine if a binary has ^^^ > been modified, and who created that binary. I'd be interested in the differences to bsign. Maybe you could add something about this to the Description to make it easier for the user to choose the right tool. -- CYa, Mario | Debian Developer http://debian.org/> | Get my public key via finger [EMAIL PROTECTED] | 1024D/7FC1A0854909BCCDBE6C102DDFFC022A6B113E44 pgpOjil7qO6P7.pgp Description: PGP signature
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
On Wed, May 05, 2004 at 12:24:00PM +0100, Andrew Suffield wrote: > > The original Artistic license is not appropriate for licensing > anything that is not approximately perl, because of the way it is > worded. It is a terrible license. Do not use it. It's also highly > questionable as to whether things licensed under it can be included in > Debian, given the prohibitions on commercial distribution. Please ask > upstream to replace it with the Clarified Artistic license (or some > other free software license) before this is included in Debian. > The upstream author has kindly relicensed under the Clarified Artistic Licence. (Please Cc me on any -legal correspondence, I'm not subscribed). regards Andrew signature.asc Description: Digital signature
Bug#247427: ITP: elfsign -- ELF binary signing and verification utilities
On Thu, May 06, 2004 at 12:43:00PM +1000, Andrew Pollock wrote: > On Wed, May 05, 2004 at 12:24:00PM +0100, Andrew Suffield wrote: > > > > The original Artistic license is not appropriate for licensing > > anything that is not approximately perl, because of the way it is > > worded. It is a terrible license. Do not use it. It's also highly > > questionable as to whether things licensed under it can be included in > > Debian, given the prohibitions on commercial distribution. Please ask > > upstream to replace it with the Clarified Artistic license (or some > > other free software license) before this is included in Debian. > > > > The upstream author has kindly relicensed under the Clarified Artistic > Licence. > > (Please Cc me on any -legal correspondence, I'm not subscribed). Thanks for your work to rectify this issue! -- G. Branden Robinson| Notions like Marxism and Debian GNU/Linux | Freudianism belong to the history [EMAIL PROTECTED] | of organized religion. http://people.debian.org/~branden/ | -- Noam Chomsky signature.asc Description: Digital signature