[IAEP] Distributing Scratch - a summary

Jonas Smedegaard dr at jones.dk
Sat Nov 8 14:22:38 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Nov 09, 2008 at 01:01:48PM +1800, David Farning wrote:
>Again, we had a productive thread about packaging Scratch on Linux 
>Distributions.

The main thread was on Squeak in general - which means both Scratch, 
EToys and other Squeak images.

As related but isolated from the other thread, the issue of recently 
changed license for Scratch specifically showed up.


>1. License.

For Squeak generally this is an old, resolved issue.

For Scratch specifically, this is a new issue - which do *not* block the 
older Scratch 1.2.1 from being distributed, only the newer "forked" 1.3.


>1. Availability of source code.

This is an old misunderstanding. I believe noone currently think that 
source in unavailable - the issue is how to handle the available source 
(see below)


>2. Maintainability of code by downstream.
>3. Security.

This is really same issue: Noone claims that Squeak is insecure. 
Security fixes is just an obvious example of theoretic need for 
maintainance by each downstream distributor.

This issue of distributor unfamiliarity with Squeak source is the issue 
still standing. It is very real:

It is no "misunderstanding" that e.g. Debian ftpmasters (on behalf of 
Debian security team) admit that they are unfamiliar with patching 
Squeak objects and thus not confident that they can do so reliably.

It is also no "misunderstanding" that Debian (and most probably 
distributions in general) want the ability to apply fixes to their 
maintained code independently from upstream.

I believe this is not an issue of mistrust of upstream - simply one of 
avoiding the _need_ for strong ties between upstream authors (who 
obviously knows their own code best) and downstream distributors (who 
may choose to do things slightly different, or in a different pace).


>Action Item.
>Flesh out, and move this discussion to debian-devel at lists.debian.org.  
>I will start that discussion with the participants of this thread cc:ed 
>later this week.

Excellent!


I believe what needs discussion at debian-devel is only the single issue 
3) above - the other issues only need briefing, if mentioning at all (to 
avoid unnecessarily keeping alive old misunderstading).


Kind regards,

  - Jonas

- -- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkV5v4ACgkQn7DbMsAkQLgiuQCdHj3VxQontj4b/QqSxfkrgyuW
xV0An31pPJJsEyXaB/7k4bsml/N117p2
=mG5I
-----END PGP SIGNATURE-----


More information about the IAEP mailing list