Pristine source archive

Dale E Martin dmartin at cliftonlabs.com
Mon Apr 15 15:03:47 UTC 2002 

> Does this respect the letter of the GPL and not just the spirit?
> We distribute binaries and rely on a third party to distribute source?
> Or are we a member of that third party, making that okay?
> 
> Just wondering...

The GPL says that the source code has to be available.  It doesn't say
anything about who or where from.  So if the source is truly pristine,
(centralized or not) upstream availability qualifies.  Distro-specific
patches would need to be available, which was part of the suggestion.

My thoughts about this proposal in general:

1) Distros won't want to upgrade simultaneously, so you'll end up with many
versions of each application in the upstream repository.  I.e. the union of
all of the current archives (minus the duplication, of course, which is the
current "problem" in the proposer's view.)

2) Not every distro uses the same set of tools, so you might end up with a
bunch of different upstreams of the same applications.  Certain tools (like
"procps") seem like they have wide variance between distros - perhaps
even being totally different upstream.

3) The upstream repository would need more bandwidth than any current
distro's source repository, since it would be getting mauled by the users
of all of the distros.

4) The source repository is a critical bit of infrastructure to any distro,
and you'd be taking it out of their control.  I'm thinking most of the
distros would not like that, particularly the commercial ones.

5) The current distributed nature is a benefit in many ways - redundancy
being one of them...

One of the things that would be cool about the proposal would be that the
baseline tools common to all distros might be agreed upon, and then
security auditing might be easier.  Basically if everyone agreed that
"sysvinit" version 2.84 was golden within some time period, then each
distro could have some resources dedicated to security audits of the code.
The proposed arrangement might make it easier to see the common codebases
and track the usage...

Later,
	Dale
-- 
Dale E. Martin, Clifton Labs, Inc.
Senior Computer Engineer
dmartin at cliftonlabs.com
http://www.cliftonlabs.com
pgp key available

More information about the Spi-general mailing list