Many thanks for taking the time to clarify some points.
No problem at all. The article has now fallen off the front page, so I'm not sure how many people are still reading this, but you deserve a response.
It's fairly easy to show people the fruits of desktop Linux - pop in just one Ubuntu (or Mepis or whatever) CD and leave an hour later with a machine humming away nicely and in the case of Ubuntu very good online user forums to help with the many questions. The user doesn't know it's all based on Debian and may never know. Debian will be mentioned, but probably not that visibly unless you dig around for it.
That's true, but it's not a problem trademark law can solve. Remember that a trademark only protects a mark (logo or word). We could slap all the acknowledgement requirements we like on our trademark license, but it's still easy to avoid them by simply not using the mark except buried in footnotes, as some derivative distributions do.
What you seem to be after is more like the BSD advertising clause, which the FLOSS community has more or less rejected as a bad idea.
I think the solution lies more in Debian advocates and evangelists spreading the word that these derivatives really are in fact derived from Debian. Trying to promulgate something really heavy-handed will probably fail, as RMS's attempt to get people to call their Linux-kernel-based OSes "GNU/Linux" largely has. It's hard to force people to use a label of your choosing, but you can try to educate the marketplace. The results are more difficult to measure, but that doesn't render the exercise worthless.
I wonder if it would make sense for the Debian website to have a "good neighbors" page that identifies derived distributions that prominently acknowledge their Debian heritage and cultivate a good relationship with us.
Regarding the notion that Debian might not want to "have a trademark at all," they really don't have any choice, strictly speaking.
Of course Debian has a choice. Our mark is in fact registered with the USPTO, but we could always deliberately choose not to exercise our privileges under registration or common-law trademark. I.e., we can pretend there's no such thing as trademark law for us and let the chips fall where they may. We may reach a consensus that that's not a wise option, but it remains one nonethless. Many small businesses in the U.S. don't fool take effectively this approach, particularly if the name of their firm is mundane (think "Bob Smith's Tax Service").
Sorry for any typos and missing link tags in the above. I'm in a bit of a rush as there's a flight I've got to catch in about 45 minutes, and I need to wander back over to the gate area. (Useful WiFi coverage in U.S. airports appears to be a task for future generations).
To answer the question in your subject, I'm right here. Where've you been?:)
This doesn't bode well for the future of Debian.
To be fair, the imminent death of Debian was predicted steadily for years before I became Project Leader, was again immediately upon my election, has been again today (by you), and, I'm confident, will continue to be well after I'm gone. I hope you'll forgive me if I therefore cannot find the substance in remarks like the above.
Leaving aside squalid arguments about whether a local user group is entitled to use the term "Debian" when organizing a whip round for a barbeque (yes, a real example from the Debian mailing lists),
Well, a whip round that involved constituting a formal organization under UK law, yeah.
I presume you're referring to this thread, in which, rather than pontificating like a gasbag, I actually, er, granted the Debian UK Society a license to use Debian's name so they can continue to get themselves set up while their critics make whatever case they're going to make about the organization's shortcomings. The issue seems to largely to have burned itself out at this point, and I expect the Project will continue to tolerate this particular usage of its name as long as the Debian UK Society behaves itself.
the real question is how and whether Debian reacts to the commercial pressures now being placed on it from other software outfits (some of whose guiding lights are themselves long-time Debian players).
I agree. That's an important question. I wouldn't call it "the real question" because that just puts us in a reactive mode. Our trademark policy needs to be founded on some concrete notions of what we want to accomplish. The ad hoc policy of 6 years ago, as I discussed in the message you seem to be disparaging, is no longer sufficient to guide our actions. Years ago, VA Linux Systems and Progeny slapped the Debian name on retail boxed OS products (incidentally, both were derivations of Debian GNU/Linux, not official versions). Back then that didn't raise much of a fuss. Things of changed. I think we should develop a coherent concept of what "trademark" means to us. With that coherent concept, we can establish a policy that can be efficiently and fairly enforced. Without one, we risk being perceived as capricious. As a hypothetical, "it's okay for DCC Alliance to use the Debian marks, but SLX Debian Labs and Ubuntu are right out." Any given user with a bit of analytical reasoning ability should be able to look at a trademark policy page on the Debian website, and given sufficient knowledge of an organization's activities, deduce whether or not their usage of Debian's mark meets with out approval.
For example, the new DCC Alliance seems to have gone right ahead as it pleased, helping themselves to Debian's good name with a contemptous "and what are you gonna do about it?" Not much, it would appear (or, at least, not much that's been made public).
The defeated party could ask for the decision to be reheard en banc (by the entire set of 9th Ciruit judges instead of just a panel of three); that would add another step of appeals before the Supreme Court.
IANAL, so I don't know if an en banc hearing is *required* before moving on to the Supreme Court.
[alioth hasn't updated its 3.4.1 packages since early June, long before Branden submitted X.org into Sid.]
Correction: I didn't upload the X.Org X11 packages to unstable (sid). David Nusinow did. David has taken the lead on X.Org X11 responsibilities, as I have recently acquired others.
Doesn't stop me from helping out and doing commits, but I've been distancing myself from the actual package uploads over the past year or so. For example, Fabio Massimo Di Nitto handled most of the XFree86 4.3.0 uploads.
1) Software in the Public Interest, Inc. (SPI), has held roughly the same amount of money (USD 40,000) in trust for Debian since as far back as the middle of the year 2001 (when I became SPI Treasurer and began receiving the monthly and quarterly statements from the financial institutions where that money is kept). It is therefore difficult to conclude any more of a cash crisis for Debian now than there was four years ago.
2) SPI is not the only organization that holds assets in trust for Debian. As noted in my first DPL report (linked from the/. article body), I am currently surveying the developers to establish the details of what other organizations are holding monies for the Project. My report triggered a flurry of replies within hours. There are assets in Brazil, the U.K., Germany, Italy, and France, at least. Generally speaking, because it's a good idea and because regulations typically make it difficult for large amounts of currency to leave a country, Debian keeps its money close to where it's needed. Debian is a global organization; we have hardware, developers, and conferences all over the world.
3) People should read the internetnews.com article, also linked from the/. article body. But why don't I just go ahead and quote from the IRC interview, which I still have in scrollback:
12:43 INTERVIEWER: In your Debian Project Leader report for 2005-04-24, you provide status on the state of Debian's assets. On the surface it doesn't look like debian has "much" in the way of cash assets now - is that a problem for Debian? If so, how will you try and "fix" the problem?
12:44 ME: can you clarify the question? "much" relative to what?:)
12:45 INTERVIEWER: by "much" i'm refering to the fact that commercial distros (Red Hat etc) have xx millions in the bank - so in comparison it doesn't look (to a layperson) like Debian has "much" in terms of cash assets
12:45 INTERVIEWER: does that help?
12:45 ME: ah, compared to a commercial interest.
12:45 ME: yes, it does help.
12:47 ME: Because Debian is a non-commercial, not-for-profit entity which derives most of its value from the donated labor of hundreds of individuals, I think it stands to reason that our books wouldn't look like those of a publicly-traded, incorporated body which has labor and capital expenditures.
12:48 ME: I think there are several reasons Debian doesn't have much in the way of cash assets relative to a for-profit Free Software company, though.
12:49 ME: 1) Debian has no source revenue apart from fund-raising, which to date has been regularly undertaken at trade shows, to those who happen to pass by our booth.
12:49 ME: s/source/& of/
12:50 ME: 2) Debian tends to spend its cash assets, at least in the United States, approximately as fast as they come in.
12:51 ME: 3) There have been conflicting ideas among Debian developers in the past over whether Debian *should* attempt to accumulate a war chest of cash reserves.
12:51 ME: An argument in favor of that is that we should do so in the event we, or one of our developers, is sued for doing something we consider legitimate, like offering freely-modifiable software gratis to the world.
12:51 ME: s/is sued/are sued/
[the interviewer moved on, but we came back to this subject at the end of the interview]
13:03 ME: okay. Reasons *not* to build up a war chest...
13:04 ME: Two arguments against building up a "war chest" are 1) actually having a large quanitity of liquid assets is felt to make us a more inviting target for lawsuits, because there is the possibility of damages on top of injunctions;
13:05 ME: 2) People who donate us money, by and large, seem to expect us to put the money to work for us in the near term, not towards establishing an endowment.
For those few who don't know. Branden (often mispelled as Brandon:-) has historically been the Debian X developer (and has since built up a team to work on X) and is the current DPL (Debian Project Leader).
Slight correction: I am the Debian Project Leader-Elect. My term of office does not begin until 17 April. There is still time for me never to have been DPL: one never knows when a heavy safe will fall out of a nearby fourth-floor window and squash one's skull like a grape.:)
Now here's my concern: I have no idea who Deadbeast is (There isn't a top level page -- which is wierd), how do I know it's not just wishful thinking?
Well, I'm Branden Robinson, and deadbeast.net is my vanity domain. If you're easily amused, you may want to look up deadbeast's WHOIS record.:)
I'm glad the pointer to the FAQ helped. I admit I didn't foresee that sarge would take this long to release when advocating that Debian stick with the tried-and-true XFree86 4.3 (even if hacked up and patched to support more hardware than stock 4.3 does), but the trouble is, the longer the sarge release drags on, the more disruptive it would be to try to cut over to X.Org. So I continue to believe that the best solution to this problem, as with many others, is to kick sarge out of the nest so we can focus our full attention on disrupting the hell out of unstable for a few months.:)
Because the XFree86 relicensing came at a time when Debian was trying to stabilize its XFree86 packages for the sarge release, there was some question among Debian's X Window System package maintenance team (the "X Strike Force") -- and much speculation among Debian's users -- as to what direction Debian would take.
There was never a serious proposal to attempt to ship anything other than XFree86 4.3.0 in sarge, so work on that continued while discussion on the debian-x mailing list took place. The following represents the consensus reached by the X Strike Force, without objection from the mailing list subscribers (among whom number many interested Debian developers and users).
In June 2004, Fabio Massimo Di Nitto, the XFree86 package release manager for Debian sarge and sid, started a thread to discuss the future of X Window System packages in Debian for an open discussion between users and the Debian package maintainers.
The discussion spanned nearly one hundred messages from over a dozen participants, practically all of it constructive and very useful to the Debian maintenance team. The outcome of the thread was farly clear to everyone: Debian will move away from the XFree86 tree as soon as possible after the upcoming stable release due to its license issues (see above).
The XFree86 package maintainers are committed to providing support and assistance to the Debian Security Team for the XFree86 4.3.0-based packages than Debian will ship in sarge. That is, our abandonment of the XFree86 Project, Inc., as an upstream source of code does not mean that we will abandon our commitment to the users of our production release.
Futhermore, there was near-consensus that Debian should switch to the X.Org source tree, with the goal of migrating to the modularized tree over time. We expect that the monolithic X.Org distribution will be modularized in a piecewise fashion; as that happens, we will "switch off" the building of packages from the X.Org monolithic tree in favor of the modularized components that become available from freedesktop.org.
While moving from XFree86's monolithic tree to X.Org's is a relatively simple technical transition of itself, the transition to a fully-modularized set of packages will take longer -- indeed, an unknown amount of time which depends on the speed of upstream's progress -- but we expect the process will bring the packages' quality to a higher level, thanks to the introduction of a fast release cycle for each single component. We expect to "modularize" two parts of the X.Org distribution immediately: XTerm and Xprt (the XPRINT server). XTerm is independently maintained by Thomas Dickey, and the xprint.org version of Xprt is already separately packaged in Debian.
With these changes, it will also be easier for the Debian user community to have a broader choice in X servers. At present, the Debian XFree86 package maintainers intend to support only the XOrg X server (which is based on XFree86's). The X Strike Force does not plan to discourage other people from packaging others. Debian developers that file intent-to-package notices (ITPs) for other X servers are asked to strictly cooperate with the X Strike Force to maintain similar packaging standards, simplify the bug handling on shared components (like X libraries) and discuss future changes and improvements.
As of this writing (March 2005), packaging of the X.Org X11 distribution is underway in the X Strike Force's xorg-x11 Subversion repository.
Well, I'd like to thank Senator Hatch for elevating the level of the discussion.
We might just have to forcibly lobotomize congressmen for writing unconstitutional legislation, the President for signing it, the officers of various agencies for enforcing it, and the justices of the Supreme Court for refusing to strike it down. Only then might they begin to understand their oaths of office.
But probably not. How often will the people in charge of detaining me indefinitely and without counsel think of their oaths, or of the meaning of the Consitutional rights that we are all supposed to enjoy, when I have been flushed down the memory hole for uttering these remarks?
Joey Schulze is stepping down as Vice-President,
but that doesn't mean he is giving up his position as a member of the SPI Board of Directors. The
bylaws do not require him to do so, and we have
clarified this on the SPI Board mailing list today. To the relief of the active Board members, Joey's current intention does appear to be to remain on the Board. We'll need his energy and input.
This article did do at least one good thing, in that it apparently prompted Ian Jackson to check his SPI Board email...
Also, SPI can be strengthened with regular memberships as well (yes, I know the SSL cert needs to be renewed). Historically, only SPI's Board has been particularly active, and sometimes not even that. If you'd like to change SPI for the better, we sure could use your help.
Thanks for listening; I hope we can turn this disappointment into an opportunity for SPI to improve. We need your help to do it.
[Sorry, repost. I had cookies turned off in this browser so my login didn't work. Please mod down the Anonymous Coward version as redundant, not this one; thanks.]
Progeny Linux comes to mind as a commercial Linux distribution company whose Linux product met with good reviews, but couldn't remain in business.
I guess I have Santa Claus to thank for the paychecks I've been getting every two weeks for the past 2 years plus, then.
Progeny did discontinue
its Progeny Debian product, but we remain in business and continue to do interesting things, IMO.
it's been seized upon and made front page news (particularly on the Left Coast) to make the Bush administration seem inept and disorganized.
Oh, I don't think the Bush administration needs any help in that department, especially since they're already receiving so much from Jerry Falwell and other cross-burning conservatives who use phrases like "Left Coast".
As for XFree86 4.2, Branden's been too busy with fixing up 4.1.x to do 4.2.x well. XFree86 is one of those dead core packages that need to just WORK every single time, and cannot screw up. There was never enough time to give it the thrashing it needs; I think that having XF4.1.x in a stable series is a pretty sweet effort; Branden deserves a pat on the back.
Well, I myself am not exactly thrilled that woody won't have 4.2 in it, but:
As you said, I've been busy with getting 4.1.x stable. For Debian, this means much more than it does for some vendors. In woody, we support 11 architectures: alpha, arm, hppa, ia64, i386, m68k, mips, mipsel, powerpc, s390, and sparc. For how many of these machine architectures do Slackware, Mandrake, or Red Hat have 4.1.x, let alone 4.2, available? XFree86 themselves don't test or prepare distribution tarballs for several of these architectures. Debian is the de facto portability laboratory for XFree86 on Linux. Sure, I'll grant you that a lot of people, the kinds with the overclocked Pentium 4's and the latest GeForce card, really don't care about portability, or supporting architectures they've never heard of. But portability is important to me and it's important to Debian. I refuse to treat non-i386 users like second-class citizens. Those who want CVS HEAD, are best advised to learn how to check it out and type "make World". I'm sure that Pentium 4 overlocked to 3 GHz will compile the X source tree pretty quickly.:-) The single most amazing thing about all the hate mail I've received for not having 4.2 Debian packages ready -- aside from the fact that I started receiving it about two days after it was tagged upstream -- is that people seem to be laboring under the delusion that I have some kind of secret tools locked away in a vault, and that I am the only person who has the power to create packages. Sure, I'm probably better at doing XFree86 debs than most people, since I've been doing it for so long, but there's no great secret. I'm sure that with half an hour of manpage reading, a reasonably intelligent person can learn everything he needs to produce XFree86 4.2 debs for himself that will work well enough to satisfy his impatient self. Hey, I like to see the latest and greatest of everything, too -- that's why I use apt-listchanges, but I don't go haranguing the Debian developers to package up a new upstream version when I can clearly tell that they're working on other things for the project.
On a related note, 4.2 just plain won't work on some of Debian's supported machines because we need the PCI Domain support, which is currently a branch in XFree86 CVS and did not make it into the 4.2 release. So for us, releasing 4.2 doesn't just mean releasing 4.2. It means releasing 4.2 plus some very large patches in very critical parts of the server code. You really, really want a good long opportunity to shake that sort of thing out, since Debian's 4.2 may not behave exactly as XFree86's 4.2 does.
I don't just package the thing tagged xf-4_2_0 and leave it at that. I track hotfixes commited both to the latest release's branch and to HEAD, and incorporate them into Debian's packages if they work and if they make the packages better from a quality standpoint. Ask ATI video card users about 4.2.0 and "composite sync" sometime. (This isn't to dog the XFree86 Project. Software has bugs. Software releases with bugs. But, knowing about the default composite sync issue which affects so many users, it would be irresponsible of me to ignore it.)
I didn't expect it to take until May for woody to release. Back in January, I felt sure that there was no way Anthony Towns would accept 4.2 into woody; when I sounded him out at the time about it he sounded kind of skeptical. Needless to say, the longer it takes woody to release, the worse a decision this is, but I don't have control over the release process. (Strictly speaking, Anthony doesn't either -- meaning, he can declare a release, sure, but he can't force people at gunpoint to fix the remaining release critical bugs. And Debian's philosophy has been to release when "it's ready", not when some marketroid tells us to, and thus just live with whatever whopper bugs happen to be in the release that day.)
Yea
h - PGI is an excellent installer, but why wasn't I given the option to run it when I boot the ISO?
I don't understand what you mean. ISOs that the pgi-build
command creates are, in fact, bootable. Are you
using an IA-64 system? In our experience we have
to tell the EFI shell to boot from the CD-ROM
manually, but conceptually this isn't too different
from changing the boot device order in an i386's BIOS.
If you're having problems getting PGI ISOs to
boot, please consult the users' manual and/or file a bug report. We'd like to know
what we can do to make PGI more reliable.
Thanks for trying PGI out! With help from the community we can reach 1.0 sooner; we're currently at version 0.9.6.
On SPI's site for example, I can't find any record of how much of donations go to administration or how much the leaders of the organization are paid.
You don't find any such information on SPI's site because at present there is no policy for paying SPI officers ("leaders") anything at all. There isn't even yet a formal policy for SPI charging member projects (such as Debian) anything either, not even domain registration fees when SPI personal take care of such things.
The current proposal is for SPI to charge member projects 5% of any funds deposited on a member project's behalf, and for the cost of any expenses accrued on a member project's behalf when SPI acts under the direction of that member project.
There are no plans to pay SPI officers any sort of salary, stipend, or other form of compensation. SPI officers and board members are volunteers.
I acknowledge this stuff should be up on the website. Once the SPI Board has voted on such a policy and made it official, it will be. Our next Board Meeting is scheduled for January 26th, and this subject is on the agenda.
Members of the Free Software community are invited to express their views on policies like this to the SPI Board of Directors. Just send mail to "board" at "spi-inc.org".
With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.
Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.
I never have quite figured that one out.
Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?
The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.
Is anyone interested in this stuff?
Typical knee-jerk spite from people who don't read
on
The LDP and Debian
·
· Score: 3, Insightful
Personally, I wouldn't lose any sleep if the LDP documents were granted a temporary reprieve from their DFSG problems long enough to get into woody. It also won't bother me if 2/3 of them have to go into non-free. The documentation will be available to those who want it, either way.
But I see more than little irony in all the hysterical chest-thumping going on in the replies to this message from people who admit they haven't even read the DFSG, or even the GPL, and then bitch about Debian's "hysterical chest-thumping", of which I can find none. David Merrill and Colin Watson have been perfectly civil with each other and everyone else on this issue. Whatever crisis there is here is being manufactured, Katz-like, by armchair developers who don't appear to have any notion of the practical matters behind operating a free software project. Both Colin and David have this understanding, which is probably why they don't have a problem with each other.
Get caught up on the issues, first, mmmkay? The DFSG wasn't sprung on people last week. It's been around for years. So has the OSD. So has the FSF's definition of free software. People who need a slashdot story to bring the fact that free licenses permit modification to their attention don't get any sympathy from me.
What happened in this situation was clearly just misfortune. Neither the LDP documentation maintainer or the Debian package maintainer were aware of this situation until recently. Maybe they should have, but that's spilt milk. The simple truth is that Debian didn't schedule its freeze to screw the LDP. And, having watched the situation develop on the debian-legal list, I don't think the LDP will get screwed. Everybody with an actual stake in this who has spoken up wants to make this work. Some folks just used a bad license for their documentation. That's too bad. You live and you learn. You either relicense it or you don't. Debian will continue to welcome freely licensed documentation with open arms.
You know, for the life of me I can't imagine why anyone would want the freedom to modify technical documentation. It's not like software ever changes, right? I mean, none of us own any books on computers or software that say things like "Second Edition" or "Third Edition", right? And certainly such fundamental, landmark works as The Art of Computer Programming have never required the scarcest revision, let alone a rewrite to switch from MIX to MMIX...right?
I DONT NOW WHAT UR TALKING ABOUT D00D. 1VE ONLY MADE 1 POST 1N THAT
WHOLE STUPID DEB1AN NEW WINDOWZ (1T RULEZ MAN!!!) THREAD + THATZ RIGHT
HURE
SORRY IF MY L33T JARGON TURMZ L1KE "MONIKUR" ARE 2O MUCH 4 UR FEEBLE
BRANE. IN THE FUTURE 1L TRY 2 TALK 1N S1MPLE LANGUAGE + RUN ON
SENTENCEZ LIKE THIZ THAT U CAN UNDURSTAND AFTUR AL 1 WOULDNT WANT 2
CAUSE A STACK OVURFLOW 1N UR CUREBRAL CORTEX OH SHIT THURE I GO AGAIN
WITH THE üBUR KEWL HACKUR D00D!!!!! WANNABE SLANG CUZ GOD NOWZ IM A WANNABE
WATCH UR X SURVUR 4 TROJANZ. D00FUZ!!!!!! BWA HA HA HA HA HA HA HA HA
[Reader points out that blank CDs sell for about $0.35 per in bulk]
Attaining high production quality of a CD with something on it is much more time consuming and expensive than doing the same to the contents of a blank CD.
And yet motion pictures, most of which cost staggeringly more to produce than the typical music album (I routinely buy movies for less than $15 per, and often $9.99, and these are well known titles with decent extra features and good transfers), are approaching price parity with music CD's, despite the even greater economies of scale at work on music CD's, and despite the fact that the mastering process for DVD's is far more involved than that for CD's. (This doesn't necessarily mean that the profit margin on the typical video DVD isn't also quite generous.)
The only way this argument could stand is if you entertain the idea that intellectual property is monetarily worthless even with regards to the assumption that people were paid to produce the contents of the CD.
No, the argument could stand because the record industry cartel is artificially inflating the price of music CD's. There's room for a lot of play between $15.99, $17.99 -- I even saw a new single-disc CD, not remarkable in any way, priced at $19.99 the other day -- and thirty-five cents. The kind of a play that a free market permits. But as the record company execs dare not tell the Republicans to whose campaigns they donated extraordinary sums of cash, the record industry is not a free market.
Your sort of straw-man argument really annoys me, and I can lay just as much claim to progressive views on intellectual property and freedoms as you can. Unlike yourself, apparently, I also think it's a good idea to try to understand economics instead of just mindlessly rubberstamping the self-serving rhetoric of market manipulators.
Joel's real name was no secret to Debian developers; it appeared on every e-mail he sent to our mailing lists, in the control data of his packages, in the Debian PGP/GPG keyrings, and in his/whois information on IRC.
Debian does not permit entrance to our project by people who do not establish their real identity.
While the phemomenon you describe may be a problem in some circles, I do not perceive it as one within the Debian community.
That said, I answer both to "Branden" and "Overfiend"...:)
I personally miss Joel a great deal, and saw and spoke with him almost daily on IRC for about two years. He had a great sense of humor and appreciated the value of a good flame. I would periodically ask him if he was coming to the next Linux convention, and he'd always very adroitly manage to avoid the issue. I never suspected the nature of what was preventing his attendance. Joel kept up maintenance on glibc until literally a few days before his death; his dedication to the Debian project honors all of us, and our dedication of Debian 2.2 is a fitting memorial.
In fact, though I dislike UCITA, there are several passages in it affirming 'unconscionable terms'
Such passages are meaningless. Witness the section of the DMCA that states that no part of the Act may be interpreted as a restriction on Fair Use. Now take a look at MPAA v. 2600.
These laws are bought and paid for, and you can be sure that while they may have "consumer-friendly" feel-good language in them, anything with statutory force is slanted in favor of the purchaser of the law.
Slashdot Mirror
Many thanks for taking the time to clarify some points.
No problem at all. The article has now fallen off the front page, so I'm not sure how many people are still reading this, but you deserve a response.
It's fairly easy to show people the fruits of desktop Linux - pop in just one Ubuntu (or Mepis or whatever) CD and leave an hour later with a machine humming away nicely and in the case of Ubuntu very good online user forums to help with the many questions. The user doesn't know it's all based on Debian and may never know. Debian will be mentioned, but probably not that visibly unless you dig around for it.
That's true, but it's not a problem trademark law can solve. Remember that a trademark only protects a mark (logo or word). We could slap all the acknowledgement requirements we like on our trademark license, but it's still easy to avoid them by simply not using the mark except buried in footnotes, as some derivative distributions do.
What you seem to be after is more like the BSD advertising clause, which the FLOSS community has more or less rejected as a bad idea.
I think the solution lies more in Debian advocates and evangelists spreading the word that these derivatives really are in fact derived from Debian. Trying to promulgate something really heavy-handed will probably fail, as RMS's attempt to get people to call their Linux-kernel-based OSes "GNU/Linux" largely has. It's hard to force people to use a label of your choosing, but you can try to educate the marketplace. The results are more difficult to measure, but that doesn't render the exercise worthless.
I wonder if it would make sense for the Debian website to have a "good neighbors" page that identifies derived distributions that prominently acknowledge their Debian heritage and cultivate a good relationship with us.
Regarding the notion that Debian might not want to "have a trademark at all," they really don't have any choice, strictly speaking.
Of course Debian has a choice. Our mark is in fact registered with the USPTO, but we could always deliberately choose not to exercise our privileges under registration or common-law trademark. I.e., we can pretend there's no such thing as trademark law for us and let the chips fall where they may. We may reach a consensus that that's not a wise option, but it remains one nonethless. Many small businesses in the U.S. don't fool take effectively this approach, particularly if the name of their firm is mundane (think "Bob Smith's Tax Service").
Sorry for any typos and missing link tags in the above. I'm in a bit of a rush as there's a flight I've got to catch in about 45 minutes, and I need to wander back over to the gate area. (Useful WiFi coverage in U.S. airports appears to be a task for future generations).
To answer the question in your subject, I'm right here. Where've you been? :)
This doesn't bode well for the future of Debian.
To be fair, the imminent death of Debian was predicted steadily for years before I became Project Leader, was again immediately upon my election, has been again today (by you), and, I'm confident, will continue to be well after I'm gone. I hope you'll forgive me if I therefore cannot find the substance in remarks like the above.
Leaving aside squalid arguments about whether a local user group is entitled to use the term "Debian" when organizing a whip round for a barbeque (yes, a real example from the Debian mailing lists),
Well, a whip round that involved constituting a formal organization under UK law, yeah. I presume you're referring to this thread, in which, rather than pontificating like a gasbag, I actually, er, granted the Debian UK Society a license to use Debian's name so they can continue to get themselves set up while their critics make whatever case they're going to make about the organization's shortcomings. The issue seems to largely to have burned itself out at this point, and I expect the Project will continue to tolerate this particular usage of its name as long as the Debian UK Society behaves itself.
the real question is how and whether Debian reacts to the commercial pressures now being placed on it from other software outfits (some of whose guiding lights are themselves long-time Debian players).
I agree. That's an important question. I wouldn't call it "the real question" because that just puts us in a reactive mode. Our trademark policy needs to be founded on some concrete notions of what we want to accomplish. The ad hoc policy of 6 years ago, as I discussed in the message you seem to be disparaging, is no longer sufficient to guide our actions. Years ago, VA Linux Systems and Progeny slapped the Debian name on retail boxed OS products (incidentally, both were derivations of Debian GNU/Linux, not official versions). Back then that didn't raise much of a fuss. Things of changed. I think we should develop a coherent concept of what "trademark" means to us. With that coherent concept, we can establish a policy that can be efficiently and fairly enforced. Without one, we risk being perceived as capricious. As a hypothetical, "it's okay for DCC Alliance to use the Debian marks, but SLX Debian Labs and Ubuntu are right out." Any given user with a bit of analytical reasoning ability should be able to look at a trademark policy page on the Debian website, and given sufficient knowledge of an organization's activities, deduce whether or not their usage of Debian's mark meets with out approval.
For example, the new DCC Alliance seems to have gone right ahead as it pleased, helping themselves to Debian's good name with a contemptous "and what are you gonna do about it?" Not much, it would appear (or, at least, not much that's been made public).
As mentioned at the very beginning of the message I wrote which you seem to be disparaging, I've delegated the specific task of handling DCC Alliance's usage of the Debian mark to another Debian developer, because I personally work for a DCC Alliance member corporation and want to avoid any appearance of a conflict of interest. I've been communicating with Don reguarly, and on 19 September he posted a status message to the debian-project mailing list. Don and I both wish things were moving more swiftly, but he seems to be stuck mainly on the mail-response latency of the corporate executive types he's dealing with. He doesn't feel he's been jerked around y
I only saw three judges' names on the PDF.
The defeated party could ask for the decision to be reheard en banc (by the entire set of 9th Ciruit judges instead of just a panel of three); that would add another step of appeals before the Supreme Court.
IANAL, so I don't know if an en banc hearing is *required* before moving on to the Supreme Court.
[alioth hasn't updated its 3.4.1 packages since early June, long before Branden submitted X.org into Sid.]
Correction: I didn't upload the X.Org X11 packages to unstable (sid). David Nusinow did. David has taken the lead on X.Org X11 responsibilities, as I have recently acquired others.
Doesn't stop me from helping out and doing commits, but I've been distancing myself from the actual package uploads over the past year or so. For example, Fabio Massimo Di Nitto handled most of the XFree86 4.3.0 uploads.
The submitter seems to be a little breathless.
/. article body), I am currently surveying the developers to establish the details of what other organizations are holding monies for the Project. My report triggered a flurry of replies within hours. There are assets in Brazil, the U.K., Germany, Italy, and France, at least. Generally speaking, because it's a good idea and because regulations typically make it difficult for large amounts of currency to leave a country, Debian keeps its money close to where it's needed. Debian is a global organization; we have hardware, developers, and conferences all over the world.
/. article body. But why don't I just go ahead and quote from the IRC interview, which I still have in scrollback:
:)
Here are a few facts:
1) Software in the Public Interest, Inc. (SPI), has held roughly the same amount of money (USD 40,000) in trust for Debian since as far back as the middle of the year 2001 (when I became SPI Treasurer and began receiving the monthly and quarterly statements from the financial institutions where that money is kept). It is therefore difficult to conclude any more of a cash crisis for Debian now than there was four years ago.
2) SPI is not the only organization that holds assets in trust for Debian. As noted in my first DPL report (linked from the
3) People should read the internetnews.com article, also linked from the
12:43 INTERVIEWER: In your Debian Project Leader report for 2005-04-24, you provide status on the state of Debian's assets. On the surface it doesn't look like debian has "much" in the way of cash assets now - is that a problem for Debian? If so, how will you try and "fix" the problem?
12:44 ME: can you clarify the question? "much" relative to what?
12:45 INTERVIEWER: by "much" i'm refering to the fact that commercial distros (Red Hat etc) have xx millions in the bank - so in comparison it doesn't look (to a layperson) like Debian has "much" in terms of cash assets
12:45 INTERVIEWER: does that help?
12:45 ME: ah, compared to a commercial interest.
12:45 ME: yes, it does help.
12:47 ME: Because Debian is a non-commercial, not-for-profit entity which derives most of its value from the donated labor of hundreds of individuals, I think it stands to reason that our books wouldn't look like those of a publicly-traded, incorporated body which has labor and capital expenditures.
12:48 ME: I think there are several reasons Debian doesn't have much in the way of cash assets relative to a for-profit Free Software company, though.
12:49 ME: 1) Debian has no source revenue apart from fund-raising, which to date has been regularly undertaken at trade shows, to those who happen to pass by our booth.
12:49 ME: s/source/& of/
12:50 ME: 2) Debian tends to spend its cash assets, at least in the United States, approximately as fast as they come in.
12:51 ME: 3) There have been conflicting ideas among Debian developers in the past over whether Debian *should* attempt to accumulate a war chest of cash reserves.
12:51 ME: An argument in favor of that is that we should do so in the event we, or one of our developers, is sued for doing something we consider legitimate, like offering freely-modifiable software gratis to the world.
12:51 ME: s/is sued/are sued/
[the interviewer moved on, but we came back to this subject at the end of the interview]
13:03 ME: okay. Reasons *not* to build up a war chest...
13:04 ME: Two arguments against building up a "war chest" are 1) actually having a large quanitity of liquid assets is felt to make us a more inviting target for lawsuits, because there is the possibility of damages on top of injunctions;
13:05 ME: 2) People who donate us money, by and large, seem to expect us to put the money to work for us in the near term, not towards establishing an endowment.
13:05 ME: In my years on the SPI Board and as
For those few who don't know. Branden (often mispelled as Brandon :-) has historically been the Debian X developer (and has since built up a team to work on X) and is the current DPL (Debian Project Leader).
Slight correction: I am the Debian Project Leader-Elect. My term of office does not begin until 17 April. There is still time for me never to have been DPL: one never knows when a heavy safe will fall out of a nearby fourth-floor window and squash one's skull like a grape. :)
Thanks for your support!
Now here's my concern: I have no idea who Deadbeast is (There isn't a top level page -- which is wierd), how do I know it's not just wishful thinking?
Well, I'm Branden Robinson, and deadbeast.net is my vanity domain. If you're easily amused, you may want to look up deadbeast's WHOIS record. :)
I'm glad the pointer to the FAQ helped. I admit I didn't foresee that sarge would take this long to release when advocating that Debian stick with the tried-and-true XFree86 4.3 (even if hacked up and patched to support more hardware than stock 4.3 does), but the trouble is, the longer the sarge release drags on, the more disruptive it would be to try to cut over to X.Org. So I continue to believe that the best solution to this problem, as with many others, is to kick sarge out of the nest so we can focus our full attention on disrupting the hell out of unstable for a few months. :)
Here's a link that may help, straight into the Subversion repository where Debian's XFree86 packages are developed:
What are Debian's plans with respect to X.Org and XFree86?
The current text of that FAQ entry follows.
Well, I'd like to thank Senator Hatch for elevating the level of the discussion.
We might just have to forcibly lobotomize congressmen for writing unconstitutional legislation, the President for signing it, the officers of various agencies for enforcing it, and the justices of the Supreme Court for refusing to strike it down. Only then might they begin to understand their oaths of office.
But probably not. How often will the people in charge of detaining me indefinitely and without counsel think of their oaths, or of the meaning of the Consitutional rights that we are all supposed to enjoy, when I have been flushed down the memory hole for uttering these remarks?
Joey Schulze is stepping down as Vice-President, but that doesn't mean he is giving up his position as a member of the SPI Board of Directors. The bylaws do not require him to do so, and we have clarified this on the SPI Board mailing list today. To the relief of the active Board members, Joey's current intention does appear to be to remain on the Board. We'll need his energy and input.
This article did do at least one good thing, in that it apparently prompted Ian Jackson to check his SPI Board email...
Anyway, SPI is currently soliciting self-nominations for positions on the SPI Board of Directors. If you're a member of the Free Software and/or Open Source Software communities, and find that you share the goals listed in SPI's bylaws (see section two), you may want to submit yourself for consideration.
Also, SPI can be strengthened with regular memberships as well (yes, I know the SSL cert needs to be renewed). Historically, only SPI's Board has been particularly active, and sometimes not even that. If you'd like to change SPI for the better, we sure could use your help.
Thanks for listening; I hope we can turn this disappointment into an opportunity for SPI to improve. We need your help to do it.
Branden Robinson, SPI Treasurer
[Sorry, repost. I had cookies turned off in this browser so my login didn't work. Please mod down the Anonymous Coward version as redundant, not this one; thanks.]
Progeny Linux comes to mind as a commercial Linux distribution company whose Linux product met with good reviews, but couldn't remain in business.
I guess I have Santa Claus to thank for the paychecks I've been getting every two weeks for the past 2 years plus, then.
Progeny did discontinue its Progeny Debian product, but we remain in business and continue to do interesting things, IMO.
it's been seized upon and made front page news (particularly on the Left Coast) to make the Bush administration seem inept and disorganized.
Oh, I don't think the Bush administration needs any help in that department, especially since they're already receiving so much from Jerry Falwell and other cross-burning conservatives who use phrases like "Left Coast".
As for XFree86 4.2, Branden's been too busy with fixing up 4.1.x to do 4.2.x well. XFree86 is one of those dead core packages that need to just WORK every single time, and cannot screw up. There was never enough time to give it the thrashing it needs; I think that having XF4.1.x in a stable series is a pretty sweet effort; Branden deserves a pat on the back.
Well, I myself am not exactly thrilled that woody won't have 4.2 in it, but:
So, that's why XFree86 4.2 isn't in woody.
Yea h - PGI is an excellent installer, but why wasn't I given the option to run it when I boot the ISO?
I don't understand what you mean. ISOs that the pgi-build command creates are, in fact, bootable. Are you using an IA-64 system? In our experience we have to tell the EFI shell to boot from the CD-ROM manually, but conceptually this isn't too different from changing the boot device order in an i386's BIOS.
If you're having problems getting PGI ISOs to boot, please consult the users' manual and/or file a bug report. We'd like to know what we can do to make PGI more reliable.
Thanks for trying PGI out! With help from the community we can reach 1.0 sooner; we're currently at version 0.9.6.
-- Branden Robinson, PGI Project Lead
On SPI's site for example, I can't find any record of how much of donations go to administration or how much the leaders of the organization are paid.
You don't find any such information on SPI's site because at present there is no policy for paying SPI officers ("leaders") anything at all. There isn't even yet a formal policy for SPI charging member projects (such as Debian) anything either, not even domain registration fees when SPI personal take care of such things.
The current proposal is for SPI to charge member projects 5% of any funds deposited on a member project's behalf, and for the cost of any expenses accrued on a member project's behalf when SPI acts under the direction of that member project.
There are no plans to pay SPI officers any sort of salary, stipend, or other form of compensation. SPI officers and board members are volunteers.
I acknowledge this stuff should be up on the website. Once the SPI Board has voted on such a policy and made it official, it will be. Our next Board Meeting is scheduled for January 26th, and this subject is on the agenda.
Members of the Free Software community are invited to express their views on policies like this to the SPI Board of Directors. Just send mail to "board" at "spi-inc.org".
-- Branden Robinson, SPI Treasurer
With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.
Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.
I never have quite figured that one out.
Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?
The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.
Is anyone interested in this stuff?
Personally, I wouldn't lose any sleep if the LDP documents were granted a temporary reprieve from their DFSG problems long enough to get into woody. It also won't bother me if 2/3 of them have to go into non-free. The documentation will be available to those who want it, either way.
But I see more than little irony in all the hysterical chest-thumping going on in the replies to this message from people who admit they haven't even read the DFSG, or even the GPL, and then bitch about Debian's "hysterical chest-thumping", of which I can find none. David Merrill and Colin Watson have been perfectly civil with each other and everyone else on this issue. Whatever crisis there is here is being manufactured, Katz-like, by armchair developers who don't appear to have any notion of the practical matters behind operating a free software project. Both Colin and David have this understanding, which is probably why they don't have a problem with each other.
Get caught up on the issues, first, mmmkay? The DFSG wasn't sprung on people last week. It's been around for years. So has the OSD. So has the FSF's definition of free software. People who need a slashdot story to bring the fact that free licenses permit modification to their attention don't get any sympathy from me.
What happened in this situation was clearly just misfortune. Neither the LDP documentation maintainer or the Debian package maintainer were aware of this situation until recently. Maybe they should have, but that's spilt milk. The simple truth is that Debian didn't schedule its freeze to screw the LDP. And, having watched the situation develop on the debian-legal list, I don't think the LDP will get screwed. Everybody with an actual stake in this who has spoken up wants to make this work. Some folks just used a bad license for their documentation. That's too bad. You live and you learn. You either relicense it or you don't. Debian will continue to welcome freely licensed documentation with open arms.
You know, for the life of me I can't imagine why anyone would want the freedom to modify technical documentation. It's not like software ever changes, right? I mean, none of us own any books on computers or software that say things like "Second Edition" or "Third Edition", right? And certainly such fundamental, landmark works as The Art of Computer Programming have never required the scarcest revision, let alone a rewrite to switch from MIX to MMIX...right?
I DONT NOW WHAT UR TALKING ABOUT D00D. 1VE ONLY MADE 1 POST 1N THAT WHOLE STUPID DEB1AN NEW WINDOWZ (1T RULEZ MAN!!!) THREAD + THATZ RIGHT HURE
SORRY IF MY L33T JARGON TURMZ L1KE "MONIKUR" ARE 2O MUCH 4 UR FEEBLE BRANE. IN THE FUTURE 1L TRY 2 TALK 1N S1MPLE LANGUAGE + RUN ON SENTENCEZ LIKE THIZ THAT U CAN UNDURSTAND AFTUR AL 1 WOULDNT WANT 2 CAUSE A STACK OVURFLOW 1N UR CUREBRAL CORTEX OH SHIT THURE I GO AGAIN WITH THE üBUR KEWL HACKUR D00D!!!!! WANNABE SLANG CUZ GOD NOWZ IM A WANNABE
WATCH UR X SURVUR 4 TROJANZ. D00FUZ!!!!!! BWA HA HA HA HA HA HA HA HA
[Reader points out that blank CDs sell for about $0.35 per in bulk]
Attaining high production quality of a CD with something on it is much more time consuming and expensive than doing the same to the contents of a blank CD.
And yet motion pictures, most of which cost staggeringly more to produce than the typical music album (I routinely buy movies for less than $15 per, and often $9.99, and these are well known titles with decent extra features and good transfers), are approaching price parity with music CD's, despite the even greater economies of scale at work on music CD's, and despite the fact that the mastering process for DVD's is far more involved than that for CD's. (This doesn't necessarily mean that the profit margin on the typical video DVD isn't also quite generous.)
The only way this argument could stand is if you entertain the idea that intellectual property is monetarily worthless even with regards to the assumption that people were paid to produce the contents of the CD.
No, the argument could stand because the record industry cartel is artificially inflating the price of music CD's. There's room for a lot of play between $15.99, $17.99 -- I even saw a new single-disc CD, not remarkable in any way, priced at $19.99 the other day -- and thirty-five cents. The kind of a play that a free market permits. But as the record company execs dare not tell the Republicans to whose campaigns they donated extraordinary sums of cash, the record industry is not a free market.
Your sort of straw-man argument really annoys me, and I can lay just as much claim to progressive views on intellectual property and freedoms as you can. Unlike yourself, apparently, I also think it's a good idea to try to understand economics instead of just mindlessly rubberstamping the self-serving rhetoric of market manipulators.
Will the Progeny OS installer be ported to Woody?
Yes. Work is currently underway to do this, after which the Progeny installed will be submitted to Debian as a new package.
Freely licensed, of course.
You can't challenge it without going to Virginia, and if you are challenged, it will by by the laws of Virginia.
Ah yes, down home Virginia, where UCITA is law...
I think you meant to say:
*THE REASONING* behind this is that by specifying who's laws apply, we will use a venue in which the GPL can't be enforced *at all*...like Virginia.So thanks for clearing that up. It appears Bob Kahn's, and CNRI's, motives are obvious in light of recent legislative history.
Joel's real name was no secret to Debian developers; it appeared on every e-mail he sent to our mailing lists, in the control data of his packages, in the Debian PGP/GPG keyrings, and in his /whois information on IRC.
Debian does not permit entrance to our project by people who do not establish their real identity.
While the phemomenon you describe may be a problem in some circles, I do not perceive it as one within the Debian community.
That said, I answer both to "Branden" and "Overfiend"... :)
I personally miss Joel a great deal, and saw and spoke with him almost daily on IRC for about two years. He had a great sense of humor and appreciated the value of a good flame. I would periodically ask him if he was coming to the next Linux convention, and he'd always very adroitly manage to avoid the issue. I never suspected the nature of what was preventing his attendance. Joel kept up maintenance on glibc until literally a few days before his death; his dedication to the Debian project honors all of us, and our dedication of Debian 2.2 is a fitting memorial.
In fact, though I dislike UCITA, there are several passages in it affirming 'unconscionable terms'
Such passages are meaningless. Witness the section of the DMCA that states that no part of the Act may be interpreted as a restriction on Fair Use. Now take a look at MPAA v. 2600.
These laws are bought and paid for, and you can be sure that while they may have "consumer-friendly" feel-good language in them, anything with statutory force is slanted in favor of the purchaser of the law.