X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; q=dns; s=default; b=N0Z22 Q9OQ/Ji1Q8lWYA66vJogEnNu62ikVCG5MIXaKdLUWSHSf3P8NpwBgRKRjo30n/g/ mRaxfj+ChIK+MpplhQ0RJu97TrklMtoe+BQSZzHkzMWgGIKGCTbPhm0+gQ+47Jyb OqgAddhOezfOHnSmsu+ythXmjm/lZAGpnk8iL4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:references:date:in-reply-to :message-id:mime-version:content-type; s=default; bh=ENOb7kJTIS+ 9koUqsVkiwx0zC5Q=; b=y4SmuBq+bRPsPjvpB0jn8ogUinQ9kkoFn9nJzpZFgBv hJObFCQMg/udsU+idiAYFmLoZJXNBcRkA5ILv7gKhaGALHnWUTopGhCMhTqeD2Km DriJX9Rsyq/eMridaF06DkR8FEbZun03P6kmtZVp9YxouPo77pUBhFCedLL9QUB8 = Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_05,KAM_NUMSUBJECT,SPF_PASS autolearn=no version=3.3.1 spammy=downloading, Achim, achim, violation X-HELO: mx009.vodafonemail.xion.oxcs.net From: Achim Gratz To: cygwin AT cygwin DOT com Subject: Re: [ANN] Cygwin-OpenSSH 8.2.2.2 References: <87sgiwedci DOT fsf AT Otto DOT invalid> <87imjrj21y DOT fsf AT Rainer DOT invalid> <0853870f-74de-8ab5-835e-d97b310fcd91 AT SystematicSw DOT ab DOT ca> Date: Sun, 01 Mar 2020 12:53:34 +0100 In-Reply-To: (Bill Stewart's message of "Fri, 28 Feb 2020 07:51:23 -0700") Message-ID: <87pndwgukh.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Bill Stewart writes: > I have removed the package. (The phrase "no good deed goes unpunished" > comes to mind.) I don't think anybody assumed any bad intentions on your part and it just was to make you aware of the licensing problem and ask you to fix it. The GPL's stated purpose istp protect the freedom of the user, not necessarily the convenience of the distributor (or even the user). > I will put up a separate package later that does not contain any cygwin > binaries and write a script instead that can download the needed binaries > and sources using the cygwin setup tool (that the user will have to > download themselves). In this way I will be hosting no binaries and will > not be in violation of any license. Unless you are using setup.exe to do that, please ensure that you use a secure method for downloading the setup.ini file and the signature, actually check the validity of the signature and then proceed to checksum the downloaded files before installation. https://cygwin.com/faq.html#faq.setup.install-security https://cygwin.com/faq.html#faq.setup.increase-install-security https://cygwin.com/install.html If you so use setup.exe, note that it is GPLv2 licensed. Since there is no source package, you will instead have to point your installer to get a Git snapshot if the user requests the source. Again, if you use that binary, please use a secure transport and check it against the signature, also obtained via secure transport. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple