[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora review



On 7/23/05, Thilo Pfennig <tp alternativ net> wrote:
> So yumex must be escluded from fedora extras because it can import
> Repos? That can't be it.

take a good long hard look at the yumex in extras. It no longer
provides a  static list of additional 3rd party repos in its install.

> Why? Can't a Fedora application use the Google API to get the results?

1) Use of google's api is for personal use only and requires users
obtain a license key from Google unless the you can get written
consent from Google to do something different. The restrictions google
places on access to its web api is pretty impractical for any open
source client.

2) While Google is pretty good, its not fool-proof. I would absolutely
not trust pulling system configs directly from a list of websites
Google returns without human review.
And well.. if you are going to do human review.. you might as well
just open up a browser and use google.  If someone does attempt to
make a tool that scrapes Google outout for webpages with system
configs and repo definitions.. I will delibrately try to create a
false website that gets highly ranked to disrupt the tool's use of
google.

> A tool to help to find repos must be Ok, we also provide
> browser that know Google - and Google is also a tool to find such repos.
> There must be at least some solution?

Google is a tool to find anything... anywhere. A local user must
initiate the communication with Google and must ask Google explicitly
for things to search for.
A tool designed only to find information about repos to help users
obtain items we can't legally ship.. automatically... is totally
different.

> Well then we should not provide network access or browsers at all... and
> no support for cd drives...

Feel free to be as flippant as you want.. thats not going to change
the fact that there are real legal issues here that Red Hat as the
managing entity needs to be careful of.  If you can't take this
seriously.. then please.. just be quiet.  Contributory infringement,
involves a delibrate intent to knowingly aid others to infringe. I
think its pretty damn clear that adding any tool that delibrately help
users find additional repos and instantly configure them falls into
the definition of contributory infringement.  A tool that just handles
repo configs is very narrowly defined, its not a general use tool.
Most if not all of the popular 3rd party repos out there are popular
specifically because they provide material that Fedora can not.

- and
> this google search gives the result of a rpm-package that enables toe
> possibility for enabling more repositories. (not to make it
> complicated ... ;-) ) So the information is not on the CD and not at the
> official Fedora site. A google search result can easily be interated
> into an application. 

I don't think you can get away with a pre-defined google search.  Even
if it was legally okay to do that, i think you can trust the accuracy
of the pre-defined google search over the lifetime of a release.  I'm
pretty sure I'm not the only one who would delibrately attempt to
corrupt the dynamic list of results to that google search, and I'm
pretty sure the other people would put in pages far more malicious
than mine.

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]