#archlinux32 | Logs for 2018-12-15

Back
[00:06:19] -!- guys has quit [Ping timeout: 250 seconds]
[00:33:19] -!- alexandre9099 has quit [Quit: ZNC 1.7.1 - https://znc.in]
[00:35:32] -!- alexandre9099 has joined #archlinux32
[01:18:43] <thePiGrepper> apparently the https://git.archlinux32.org certificate expired. has something changed?
[01:19:07] -!- MrBIOS has quit [Quit: MrBIOS]
[01:54:59] -!- woshty has quit [Ping timeout: 268 seconds]
[02:02:56] -!- MrBIOS has joined #archlinux32
[02:09:27] <thePiGrepper> bill-auger: sorry, I just read your msg. hm, well, if there's a distro concerned with licences and wouldnt make a mistake like that, is debian, right? and they link to openssl1.1, so maybe it's just a mistake and should be reported.
[02:09:51] <bill-auger> just did
[02:10:06] <bill-auger> https://bugs.archlinux.org
[02:10:07] <phrik> Title: FS#61080 : [wpa_supplicant]: metadata discrepencies (at bugs.archlinux.org)
[02:10:15] <thePiGrepper> nice, thx
[02:11:40] <bill-auger> debian has it as BSD-3 https://metadata.ftp-master.debian.org
[02:12:43] <bill-auger> that will propogate to arch32 automatically if they make the change ?
[02:35:12] <thePiGrepper> if they change their PKGBUILD, yeah, eventually will stream down to arch32
[02:38:48] <thePiGrepper> let's hope they do because, looking at the openssl-1.0 package https://packages.archlinux32.org , there're 15 packages which apparently require that old version of openssl.
[02:38:50] <phrik> Title: Arch Linux 32 - openssl-1.0 1.0.2.q-1.0 (i686) (at packages.archlinux32.org)
[02:38:58] <bill-auger> what strike me is that, wpa_supplicant is probably as old as arch - surprising no on noticed it before
[02:39:24] <thePiGrepper> you mean the license thing? yeah, really weird
[02:39:41] <bill-auger> yea the URL changing i can understand not being notices
[02:40:16] <thePiGrepper> I have the whole package repo cloned, let's see when that changed
[02:40:23] <bill-auger> frankly, i dont think many arch devs are aware that openssl is not compatible with the GPL
[02:41:32] <bill-auger> when they removed gnutls-openssl all packages that used it switched to openssl, many of which were GPL programs
[02:42:13] <bill-auger> i did not look into it too far - maybe arch did the right thing mostly but the AUR ... forget it
[02:44:40] <thePiGrepper> the license in the openssl PKGBUILD says 'custom:BSD', why the 'custom' part?
[02:46:19] <bill-auger> because it is not exactly the BSD it is "the openSSL license" - very similar though
[02:46:39] <bill-auger> the conflicting part os the 4th clause - the one that the BSD-3clause does not have
[02:47:04] <bill-auger> i researched the hell out it it and wrote an entire article about it back then
[02:48:02] <thePiGrepper> hmm. I see. and what are the implications of this?
[02:49:06] <bill-auger> it means any GPL program that links to openSSL is illegal
[02:49:59] <bill-auger> *unless* the upstream can add an explicit exception allowing it
[02:50:11] <bill-auger> you can read all about it if you are interested https://libreplanet.org
[02:51:19] <bill-auger> problem being that it requires all authors to agree to do that
[02:51:42] <bill-auger> openssl is trying now to re-license it to apache2 - that would solve the conflict
[02:51:54] <bill-auger> but it could take years or never to get everyone to agree
[02:52:08] <thePiGrepper> Im reading this https://www.openssl.org is this it?
[02:53:35] <bill-auger> yes thats it
[02:53:54] <thePiGrepper> yeah I've just read that, from openssl3.0 forward
[02:54:46] <thePiGrepper> the 4th clause of that license, regarding promotion of the names w/o permission
[02:55:15] <bill-auger> its all in that article - i cited 32 references
[02:55:32] <thePiGrepper> that would be the 'additional restriction' the GPL talks about, right? hmm
[02:57:15] <bill-auger> this is the FSF statement on it https://www.gnu.org
[02:57:17] <phrik> Title: Various Licenses and Comments about Them - GNU Project - Free Software Foundation (at www.gnu.org)
[02:58:14] <bill-auger> it does not say how the combination of the 2 licenses are incompaible, but the advertising clause is enough - that is the one that is similar to the BSD-4clause
[02:59:09] <bill-auger> that is explained here https://www.gnu.org
[02:59:11] <phrik> Title: BSD License Problem - GNU Project - Free Software Foundation (at www.gnu.org)
[03:02:24] -!- MrBIOS has quit [Quit: MrBIOS]
[03:13:32] -!- MrBIOS has joined #archlinux32
[03:15:21] <thePiGrepper> well, I just read most of the links. and Im not too sure about how it all works(or not works). however, Im wondering, is it the same if you have a GPL project linking to a 4clause licence project, than if you have a 4clause license project and you're linking to a GPL project. Im asking this, because I get the feeling that most of this issues come from the GPL in the latter scenario, not the
[03:15:28] <thePiGrepper> former. or maybe it's the same either way, Im not sure
[03:20:42] <thePiGrepper> but I do _kinda_ understand that, if you want a project licensed with the GPL, and are linking to something as the 4clause-BSD license, then you'd be imposing two contradictory restrictions on the licensee, the 4clause, and the one in which further modification cannot be done to the license
[03:21:50] <bill-auger> i asked that - with the GPL linkage works both directions - it does not matter which is the main program and which is the library
[03:22:58] <bill-auger> linkage is anything running in the same memory space
[03:24:20] <bill-auger> there are luckily not many 4clause project still in use
[03:24:34] <bill-auger> openssl is the only notable one i know of
[03:25:29] <bill-auger> in other words, anyone who started a project after 1999 and used the BSD-4clause was using a licence that even berkeley did not endorse
[03:25:46] <bill-auger> it was essentially "deprecated" in 1999
[03:27:46] <thePiGrepper> then, regarding arch32(or any other distro actually), how many GPL projects are linking to openssl?!
[03:28:01] <bill-auger> i did not bother to count them
[03:29:32] <thePiGrepper> at the very least, wpa_supplicant is not one of them, lol(?)
[03:29:33] <bill-auger> should be a rather simple taskl though - something like: $echo pacman -Si) | grep GPL| grep openssl
[03:31:36] <thePiGrepper> you'd need to maybe put each package info in a single line after the first grep, or something similar to that
[03:32:42] <bill-auger> yea that works
[03:32:42] <bill-auger> echo $(pacman -Si wpa_supplicant) | grep GPL| grep openssl
[03:32:57] <bill-auger> found another too
[03:32:57] <bill-auger> echo $(pacman -Si elinks) | grep GPL| grep openssl
[03:33:24] <bill-auger> but again the upstream may add an exception to allow it - that would need to be verified for each apparent conflic
[03:34:52] <thePiGrepper> upstream in this case being openssl itself? or what?
[03:37:25] <thePiGrepper> now Im starting to see the genius behind going with libressl lol
[03:37:47] <bill-auger> no the project - like elinks
[03:39:11] <thePiGrepper> hm, ok, but what could the project do? besides removing openssl and using other library?
[03:39:29] <thePiGrepper> I dont see how the project could do anything license-wise
[03:40:19] <bill-auger> theu can add an exception to the GPL allowing the program to link with openSSL
[03:40:38] <thePiGrepper> they are already in a bad spot because they are not the original project,they are mere licensees, and have to live with the consequences right?
[03:40:43] <thePiGrepper> ok, I see what you mean
[03:40:57] <thePiGrepper> but that'd stop being the 'real' GPL
[03:40:59] <bill-auger> that is explained here with an example https://www.gnu.org
[03:41:01] <phrik> Title: Frequently Asked Questions about the GNU Licenses - GNU Project - Free Software Foundation (at www.gnu.org)
[03:41:29] <bill-auger> it looks like debian tracks such packages formally https://lintian.debian.org
[03:41:35] <phrik> Title: Lintian Tag: possible-gpl-code-linked-with-openssl (at lintian.debian.org)
[03:42:03] <bill-auger> presumable the packager gets an email complaining about it
[03:47:40] <thePiGrepper> I just read the exception part. hmm, I have more questions. for instance. that part where it says that anyone modifying your program is not forced to apply the same exception to their copy. wouldnt that break the point of the GPL itself?
[03:48:58] <thePiGrepper> if Im getting this right, the exception is precisely the part where it says, you cannot make further modifications to the license, but, this library uses a different license so you can link to that if you want, and follow that license
[03:49:31] <thePiGrepper> but, without that exception there, wouldnt that make it impossible to even distribute it further?
[03:50:10] <thePiGrepper> I dont really understand this whole 'ppl who fork your project dont need to put this exception' part
[03:50:32] <thePiGrepper> as I see this, the exception _has_ to be there for the whole thing to even work
[03:51:17] <bill-auger> the exception is not viral - its not part of the GPL
[03:52:05] <bill-auger> it is an extra permission - the GPL allows that
[03:53:17] <bill-auger> you are correct though - the exceptin does need to be there
[03:53:45] <thePiGrepper> ok, but then. I have a simple question: what would happen if I have a GPL licensed project linking to openSSL, and I dont add the exception. what are the legal consequences of that?
[03:54:25] <bill-auger> the thing that is not obvious is that the GPL (and any software license really) only deals with distribution
[03:54:27] <thePiGrepper> exactly, that's what Im thinking. because that's the whole deal with the exception. if it werent there, nothing would work. there's a legal contradiction between licenses
[03:54:44] <bill-auger> users can do whatever they want with it
[03:54:47] <MrBIOS> they take you to a federal pound-you-in-the-ass penetentiary
[03:55:13] <bill-auger> the GPL only kicks in when the program is compiled and the binaries are distributed
[03:55:38] <bill-auger> so thats: distros
[03:55:46] <thePiGrepper> bill-auger: sure, but that's pretty obvious right? even 'distribution' is relative. I dont know if using a tool inside a company would be considered 'distribution'
[03:55:58] <bill-auger> AFAIK you can distribute the sources regardless
[03:56:27] <bill-auger> yea thats probably a grey area im not sure
[03:56:46] <thePiGrepper> bill-auger: ohhhh...
[03:56:47] <bill-auger> distribution does not mean "publishing on the web" though
[03:57:04] <bill-auger> it literally just means you giving anyone a copy in any form
[03:57:22] <thePiGrepper> hehe, you're right. I never thought about that
[03:57:23] <thePiGrepper> the distros are the ones to blame when this license issue happens
[03:57:47] <bill-auger> a compiled binary that is - i think you can give them the sources and its all good if each user compiles their own binary
[03:57:48] <thePiGrepper> the _only_ ones to blame, if some sh*t like this one for example isnt correctly handled
[03:58:25] <bill-auger> well the upstream is at least partially to blame - they are the ones who setup that trap
[03:58:57] <thePiGrepper> those bastards of gentoo.. (just joking..)
[03:59:19] <thePiGrepper> legally, I dont think they are
[03:59:24] <thePiGrepper> wow.
[03:59:29] <thePiGrepper> let's hope that never happens
[03:59:48] <bill-auger> no legally the upstream done no worng unless they dostribute binaries themselves
[04:00:53] <thePiGrepper> some developer messed up with his license, link the wrong library. it becomes popular, and someone does a PKGBUILD and puts it in the AUR, who's at fault? the server owner, the random guy who pckaged it?
[04:12:24] <bill-auger> whoever distributes the binary is the one that distributes illigitamately
[04:13:48] <bill-auger> i suppose in this case it would be the packager - unless the distro is a legal entity - the packager would be an agent
[04:14:48] <bill-auger> thats not really important - i dont think anyone wants to go to court over it - probably the frst thing that would happen is a take-down notice
[04:15:01] <bill-auger> and only the upstream copyright holder can do that
[04:15:32] <bill-auger> probably the first thing a judge would ask is "did you ask them to delete it?"
[04:18:33] -!- MrBIOS has quit [Quit: MrBIOS]
[04:20:34] <bill-auger> why does 2 hours of user support drain me more than 20 hours of programming
[04:22:18] <bill-auger> lol sry wrong window
[04:22:37] <thePiGrepper> haha. I was asking myself now if that's what we were doing right now. quite confused
[04:23:06] <bill-auger> no that aws in parabola
[04:23:23] <thePiGrepper> but yeah, this only matters if the copyright owner complains
[04:23:43] <bill-auger> it can be difficult when some people dont english very well and dont understand compuers well
[04:24:06] <thePiGrepper> and that wouldnt happen with free software by definition. it's good that this whole legal stuff is only an additional protection against companies
[04:24:44] <thePiGrepper> you can have one of those and handle it well enough, but not both at the same time. I get it
[04:25:59] <thePiGrepper> I couldnt do that kind of job. I just dont have the right profile for it. Id get depressed _quickly_
[04:27:24] <bill-auger> no its not depressing just frustrating givin support on IRC
[04:28:38] <thePiGrepper> are there ppl on IRC nowadays who arent good with computers?
[04:28:43] <bill-auger> that 2 hour session should have taken about 30 minutes in person - and thats because he had to download the ISO
[04:28:52] <thePiGrepper> id think that at the very least that would imply a certain level of expertise
[04:29:08] <bill-auger> aside from that, if i were sitting at his computer i could have resolvd the problem in about 5 minutes
[04:29:33] <bill-auger> text communication is very inefficient like that
[04:29:57] <thePiGrepper> you should ask all those ppl 'do you want the 5min way or the hard long way? if former, go install teamviewer'
[04:31:01] <bill-auger> no the 5 mintes would have been "move over - i sit at your idesk - i fix problem - you just watch"
[04:31:54] <bill-auger> explaingin evrey single step to take to someone else drag it out double or tripple the time
[04:33:28] <thePiGrepper> hm, well that's not possible, is it? it'd be great though
[04:33:33] <bill-auger> oh does teamview have remote desktop control? - that could work
[04:33:38] <thePiGrepper> yeah, it does
[04:34:01] <bill-auger> its also proprietary - we are literally not allowed to recommend anyone use it
[04:34:13] <thePiGrepper> hahaha. right
[04:34:34] <bill-auger> x2go or good VNC is in the repos though
[04:34:35] <thePiGrepper> it's really simple to use. like braindead level simple
[04:34:54] <bill-auger> x2go is fairly user-friendly
[04:35:07] <thePiGrepper> I havent used it. it is?
[04:35:22] <thePiGrepper> what are the requirements?
[04:35:37] <bill-auger> but then you need to explain firewalls, unPnp, and NAT to even begin that conversation
[04:36:11] <thePiGrepper> and that's why I said that teamviewer is way simpler
[04:36:19] <bill-auger> x2go is a front end for a bunch of remote X protocols VNC, RDP, X forwarding
[04:36:51] <thePiGrepper> teamviewer is 'you see that number in the window, send it to me' 'ok, now accept the connection' done
[04:37:13] <bill-auger> it looks kinda like virtualbox but remote sessions instead of VMs
[04:39:07] <thePiGrepper> yeah, good comparison
[04:40:28] <thePiGrepper> and I can understand how getting started with VMs could be simpler if you used something like Vbox over lets say QEMU
[04:44:23] <thePiGrepper> btw, what's the irc channel?
[05:28:34] -!- MrBIOS has joined #archlinux32
[05:28:54] <bill-auger> no idea - i just found it in the repos one day
[06:12:46] -!- DepositePirate_ has quit [Remote host closed the connection]
[06:13:13] -!- DepositePirate_ has joined #archlinux32
[06:37:31] -!- bill-auger has quit [Remote host closed the connection]
[06:38:58] -!- bill-auger has joined #archlinux32
[06:49:07] -!- MrBIOS has quit [Quit: MrBIOS]
[06:55:46] -!- ofara has quit [Ping timeout: 250 seconds]
[07:12:13] -!- NoobAlice has quit [Quit: Leaving.]
[08:29:42] -!- oaken-source has joined #archlinux32
[08:38:33] -!- woshty has joined #archlinux32
[09:06:18] -!- ofara__ has quit [Ping timeout: 245 seconds]
[10:05:33] -!- ofara has joined #archlinux32
[10:13:09] <buildmaster> i686/startdde is broken (says nlopc46).
[10:50:01] -!- abaumann has joined #archlinux32
[10:50:02] <buildmaster> Hi abaumann!
[10:50:02] <buildmaster> !rq abaumann
[10:50:03] <phrik> buildmaster: <abaumann> works. I receive my personal spam now ;-)
[10:50:10] <abaumann> https://bugs.archlinux.org and https://bugs.archlinux.org
[10:50:11] <phrik> Title: FS#61081 : [transcode] PLEASE ENTER SUMMARY (at bugs.archlinux.org)
[10:50:28] <abaumann> *sigh* this feels like a bug reporting system of a big company, not of an open source group..
[10:51:47] <abaumann> elibrokeit: so, my first bug gets closed because of no summary, ok. I cannot fix the summary in any way. So the bug gets closed. I request a reopen. Not a reason for reaopening. Then I create a new bug, the bug is now a duplicate and gets closed again. This is not funny..
[10:52:08] -!- abaumann has quit [Client Quit]
[10:56:28] -!- abaumann has joined #archlinux32
[10:56:28] <buildmaster> Hi abaumann!
[10:56:28] <buildmaster> !rq abaumann
[10:56:29] <phrik> buildmaster: <abaumann> * abaumann wonders if raind is a good name for a system daemon..
[10:57:31] <abaumann> tyzoid/deep42thought: the certificate on git.archlinux32.org expired and it is no longer reachable via IPv6 from the buildmaster, I set /etc/hosts again to IPv4 for git.archlinux32.org on the buildmaster.
[10:57:39] -!- abaumann has quit [Client Quit]
[11:47:05] -!- abaumann has joined #archlinux32
[11:47:05] <buildmaster> Hi abaumann!
[11:47:05] <buildmaster> !rq abaumann
[11:47:06] <phrik> buildmaster: <abaumann> "anywhere is anywhere for all values of anywhere"
[11:47:32] <abaumann> elibrokeit: aha, transcode also got fixed, so.. never mind.. all is well. :-)
[11:47:37] -!- abaumann has quit [Client Quit]
[12:17:24] <buildmaster> i686/transcode is broken (says eurobuild3).
[13:44:10] -!- ofara__ has joined #archlinux32
[15:26:12] -!- AndrevS has joined #archlinux32
[15:51:15] <buildmaster> i686/intel-gmmlib is broken (says eurobuild3).
[15:56:44] <thePiGrepper> abaumann: is the git.archlinux32.org cerficate still invalid?
[16:00:04] -!- deep42thought has joined #archlinux32
[16:00:04] <buildmaster> Hi deep42thought!
[16:00:04] <buildmaster> !rq deep42thought
[16:00:05] <phrik> buildmaster: <deep42thought> doesn't one usually try to avoid rust on metals?
[16:00:24] <deep42thought> thePiGrepper: most probably yes, tyzoid hasn't answered on my email(s) yet
[16:04:31] <thePiGrepper> besides git.archlinux32.org, other urls are affected?
[16:08:38] <deep42thought> tyzoid's znc interface
[16:09:05] <deep42thought> https://ssl.tyzoid.com
[16:09:11] <phrik> Title: SSL Certificate Check (at ssl.tyzoid.com)
[16:09:31] <deep42thought> interestingly, git.archlinux32.org is not on that list
[16:09:48] <deep42thought> abaumann: other workaround would be to use git2.archlinux32.org
[16:10:08] <deep42thought> but I'm afraid, the urls are not 100% compatible
[16:11:44] -!- thePiGrepper has quit [Ping timeout: 250 seconds]
[16:13:48] -!- thePiGrepper has joined #archlinux32
[16:33:47] -!- deep42thought has parted #archlinux32
[18:40:56] -!- MrBIOS has joined #archlinux32
[19:44:15] <buildmaster> i686/gitlab is broken (says eurobuild3).
[21:11:00] -!- thePiGrepper has quit [Ping timeout: 246 seconds]
[21:12:51] -!- thePiGrepper has joined #archlinux32
[21:22:21] -!- ofara has quit [Quit: ofara]
[21:23:15] -!- ofara has joined #archlinux32
[21:46:33] -!- AndrevS has quit [Remote host closed the connection]
[23:19:23] -!- thePiGrepper has quit [Quit: leaving]
[23:28:06] -!- oaken-source has quit [Ping timeout: 250 seconds]