Hello,
On Mon, 27 Aug 2012 19:21:22 +0200 Zygmunt Krynicki zygmunt.krynicki@linaro.org wrote:
[]
We have provided a script which can download stuff for you in lp:linaro-license-protection (license_protected_file_downloader inside tests/ directory - should be moved to scripts/ though).
This has been present for a while now, and has been a recommended way to download binaries from snapshots.l.o. (Or, if you are doing this from a static IP, we've got support for allowing that through if it's an automated service [we do that for eg. validation.linaro.org].)
We will look into providing a nicer API, but until we do, any interface we've got is going to be unstable and internal.
IMHO this is utter lunacy, is there any oversight on how we do this?
If we offer both the "protected", click through, EULA, downloads and the tools to download them without seeing any license then I cannot see how this is any more legally fine than just ignoring the whole damn mess.
That was my original concern during initial implementation of EULA protection in December. Over time, we came to conclusion (?, I wish I saw more general discussion and approval by stakeholders) that doing something like:
./download-linaro --accept-license <url>
, where --accept-license is mandatory, should have equivalent meaning to willfully clicking a button on a page. For extra "safety", we can also make HTTP param/cookie sent in this case be explicitly named like "accept_license=yes". I guess that gets as good as it can to allow some automation while clearly communicating other's party license acceptance.
The stuff we are doing here feels like DRM but it is even more insane as we are the senders and recipients and we _still_ cannot get it right!
Recipients can be anyone, and well, that's what our members (corporations) (and their lawyers) want...
Maybe it's time to write an RFC on the "eula compliance" bit, get a new HTTP header defined, offer a patch for wget and couple of other tools and not reinvent the download tools over and over.
Frustrated ZK
PS: In Linaro we _wrote_ code that generates, displays, enforces, avoids and side-steps licenses. We have scripts that send magic cookies. We have tools that click or type "I ACCEPT". I wonder how much time was wasted on this, instead of, say, writing better kernel code, or LAVA, or whatever...