[packagekit] Packagekit and Ubuntu

Richard Hughes hughsient at gmail.com
Wed Sep 16 01:08:20 PDT 2009


2009/9/16 Sebastian Heinlein <sebi at glatzor.de>:
> The problem is how to detect a debconf question that is an EULA? This
> could be done using a whitelist or by a naming convention. But it
> would require to extract and get the information from the package file
> outside of APT.

Well, can you detect it's a EULA when it's been installed? Could you
install the package, and just defer the processing of the postinst
scripts for the "second" stage of the install? I appreciate that the
package would be half-installed at this stage, but the fact that
you're asking the pre-install EULA question /after/ you've installed
the package sounds legally dubious anyway.

> By the way the Debian Policy even discourages to use debconf for EULA
> questions. But I am not sure if there will be a change in Debian to
> introduce an EULA mechanism at all - since this helps to propagate
> proprietary software.

That's insane. If you Debian don't introduce a standard way to do
this, then packages will abuse other mechanisms (either hijacking
other parts of debconf or asking for random stdin) -- you certainly
can't fix the world by deliberately omitting a method from a packaging
system.

> But the best solution would be to just show the EULA at the first
> start to each user. Can a sys admin agree to an EULA for another user?

Depends on the EULA. Most EULAs legally should be per-user, where you
agree to how you're using the software on first run, repeated for each
logically different user.

For installing, a Licence Agreement (the End User part is not relevant
for admins installing) is something the person installing the software
would agree to, and typically would agree to a prompt before the
package is downloaded and installed, not after the package has been
installed. It's important for a packaging system to identify that a LA
!= EULA.

> But this requires changes by upstream.

Sure, at the moment I would argue that Debian is breaking the letter
of the law putting a EULA in a post-inst action, even if it's in the
spirit of the law by asking in the first place.

I don't disagree that doing things properly is hard. I don't disagree
that doing things properly takes more time than a quick bodge. I
certainly do think that it's worth doing, as quick bodges are not a
way to build a sustainable ecosystem.

> Oh, it's not only an Ubuntu thing. PackageKit isn't currently
> available in Debian. There are strong feelings against PackageKit
> in the Debian community - PackageKit per se would violate the
> Debian Policy.

Because of the lack of a VTE when installing or for more political reasons?

Richard


More information about the PackageKit mailing list