hat problem? One we could
post links to?
Even better, to move it to a more fredeom-respecting repository.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
eck whether XXX is a real directory.)
Are the GCC developers discussing these questions? If not, please
send them a bug report about this so they start doing so.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
erfere with
anything useful. What do others thing of this question?
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
ding those
> blessed by the user.
Could you make that last part more precise and clear>
> > What is an "OS package manager"?
> A popular OS package manager is Debian 'apt'
Thanks, now I know what you meant.
--
Dr Richard Stallman (https://stallma
ver, people have proposed
changes in make disclean and may propose changes in our coding
standards.
When considering any such change, we still should consider the question:
will this actually prevent cracks, or will it rather give crackers
an additional way to check that their activities can&#x
ack harder to do, or increased
the likelihood of spotting it. For instance, checking m4
files against standard sources. and maybe some others.
So let's not discard completely the idea of preventing
the XZ crack.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Proje
ing from gnulib and
> > compared to the copy in gnulib, the nonempty diff would have been
> > suspicious.
I have a hunch that some effort is needed to do that comparison, but
that it is feasible to write a script to do it could make it easy.
Is that so?
--
Dr Richard Stallman (h
;m speculating -- I don't know why it uses these compression liraries.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
it tests,
> instead of source or scripts to generate that data. In this case, that
> binary data was used to smuggle in heavily obfuscated object code.
If this is the crucial point, we could put in the coding standards
(or the maintainers' guide) not to do this.
--
Dr Richard Stallman (h
rsions.
The packager would need to specify another key and use that to sign
the files perse modifies. Or maybe, to sign all the files in the
distribution.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
es for that,
Just as long as we don't insist on perfect or nothing.
Because, as you said, no change in tools could protect perfectly
against this soft of devious sabotage.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free
estion.
Aside from autoconf and automake, what tools are involved here?
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
ss is inevitably slow
because many packages need to be changed.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
ed in fixing the bug, but I want to
make sure the GNU Project is working on it.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
een
likely to help people detect the bogus tar ball sooner? Or would it
have been likely to help the cracker be more careful about avoiding
such signs? Would they balance out?
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Soft
Congratulations on the new release.
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use Ekiga or an ordinary phone call
Congratulations on the new release.
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use Ekiga or an ordinary phone call
Congratulations on this one too.
Since what version has the security vulnerability existed?
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
Use Ekiga or an ord
> Rather, one GNU package could drop support for ordinary Make, and see
> how users react. If the level of complaint is not too high, then
GCC dropped support for non-GNU make in version 3.4 (April 2004).
We could see how users reacted to that.
--
Dr Richard Stallman
Pre
I agree the reason becomes less compelling as more capable systems
become more commonplace, but I do not agree ancient RISC boxes are no
longer an interesting target for current NTP builds.
The machine I use (and many of us, too) has a MIPS-like chip, the
Loongson.
--
Dr Richard
nux" hurts our work, so please make an effort to learn a
different habit.
Meanwhile, GNU newbies are not "Unix newbies" because GNU's Not Unix.
Anyway, rather than making speculative arguments about what users
want, let's find out -- by asking thenm and by small experiments,
s?
I mean GNU-like. GNU is our main target, but if another system is
similar enough to GNU, support for it is not much extra work.
--
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org www.gnu.org
Skype: No way! That's nonfree (freedom-
Congratulations! Are you handing out cigars? ;-).
> It could be that we should tell people to use Bash to build
> GNU packages if their native shells have trouble handling the
> job. That would be a smaller change and perhaps worth doing.
How is `bash' built?
People can probably get pre-built binaries of Bas
You need to be able to compile the bootstrap packages in minimal
environments, in order to get a very basic GNU environment.
I don't think we should do this at all. The smallest version of the
GNU system need not be "minimal", and making it so would be extra
work, so we should not.
B
Here's a quote from "another list" that illustrates a problem with the
auto* approach to release mgt:
> I'm looking at trying to get autoconf to detect the right version of
> BDB (need to export some SVN_FS_GOT_DB_MAJOR variants), and getting
> the checks
Well, for grins I looked to see how you license your modules. Your
license/copyright statement is in the README, not the POD so after the
module is installed, the license statement disappears [ unless the user
keeps the source dir around ]. The user, in the future will either need
Personally, I don't care if people use the GPL, AL, BSD or make up their
own... it is open source and it is not demo
or commercial-ware, etc.
I think you and I are talking at cross purposes--addressing two
different questions. This miscommunication has continued through
several mssa
What could we do to make 'unless stated otherwise, CPAN modules and
distributions are covered by the GPL and AL. When in doubt, email the
author.' more clear?
That is not what it actually says. Thanks to Akim, I now see
what it actually says:
http://www.cpan.org/misc/cpan-faq.
*>Also, for the sake of eliminating doubt, I urge the maintainers of
*>CPAN to adopt a policy that each module must explicitly state its
*>license or licenses. Even if this is only applied for new and updated
*>modules, over time it would do a lot of good.
There is currently
"Yes. With rare exception, the Perl distribution is covered by both the
Artistic License or the GPL, whichever is more appropriate for your needs
and it doesn't sound like you would be in conflict with either of them."
These are the words that were not clear--they say that exceptions
That I can answer: Dean Roehrich, then called Class::Template, license
Perl 5's dual Artistic/GPL (as it was contributed directly to Perl's
core as a standard module). Later renamed to Class::Struct and
modified by Jim Miner, then Damian Conway (the damian of the CC list),
the
We would like to have some advice from you about a license issue. In
short, we would like to use a modified version of a Perl core module,
which means we need it to be GPL.
I don't understand the scenario clearly, so I don't know the answer.
Who initially wrote this module? What li
Unless specifically stated in the module itself, core modules are licensed
under the same terms as Perl itself, i.e. you may use either the GPL or
the AL, whichever suits your needs best.
Someone pointed out that the statement of CPAN policy could be made
more explicit by changing a c
34 matches
Mail list logo
