[sldev] GPL issues....

Robin Cornelius robin.cornelius at gmail.com
Sun Aug 17 01:33:48 PDT 2008


Marine Kelley wrote:
> In an ideal world, an open-source dev releases their binaries AND the
> EXACT source code and makefiles to reproduce the EXACT same binary. Why
> ? Just so the end-user can check that the binaries they downloaded are
> exactly what is advertised with an MD5 hash or some other signature. It
> is all too easy to distribute flawed binaries (with a little keylogger
> here, a short dial home there) and clean source code along with it. Most
> people tend to think that "this is ok" to download a binary if the
> provided source code seems clean, but it's like agreeing to buy a house
> just from the pictures.
> 
> Unfortunately this is not possible with the SL viewer. Far too clumsy,
> maintaining a custom viewer over different SL versions is already quite
> tedious. Some parts of the SL viewer are not even open-source, and a
> full viewer compressed is 60Mb compared to just 6Mb for just a
> compressed exe (which is only what the user needs). So try to enforce
> that and the number of custom viewers around will be dramatically
> reduced. Only companies would be able to maintain that, and to me it's
> the contrary of the goal of open-sourcing a product.

I completely disagree, I maintain my git tree in sync with my binary
releases. At any given instant i can tarball an exact release version.

In fact when i push a binary i automaticly push a debianised source as
well and i know for a fact that some of my users pull the source file
and build themselves. I also GPG sign the sources and the binaries so it
is known that I created it.

I maintain patches using a patch management system so its quick and easy
to remove,update, add patches to the build and also reference the clean
upstream source

I could not work the other way around.

The problems are caused by the tools used, git, quilt, pristine tar and
friends make maintaining multiple custom viewer versions alongside
upstream versions simple add in the debian package management tools and
it becomes a breeze.

I guess windows and visual studio does not really have these tools
unless you either use cygwin to use the unix tools or use some clumsy
front end to the tool.

I also offer FULL downloads of a complete viewer package (minus the non
free bits, which i strip in my build process).

Oh and BTW i am not a company, i'm just a Debian package maintainer.


Robin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20080817/b5ec9ee4/signature.pgp


More information about the SLDev mailing list