From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 45399 invoked by alias); 1 Mar 2020 11:53:46 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 45392 invoked by uid 89); 1 Mar 2020 11:53:45 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-0.6 required=5.0 tests=AWL,BAYES_05,KAM_NUMSUBJECT,SPF_PASS autolearn=no version=3.3.1 spammy=downloading, Achim, achim, violation X-HELO: mx009.vodafonemail.xion.oxcs.net Received: from mx009.vodafonemail.xion.oxcs.net (HELO mx009.vodafonemail.xion.oxcs.net) (153.92.174.39) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 01 Mar 2020 11:53:42 +0000 Received: from vsmx002.vodafonemail.xion.oxcs.net (unknown [192.168.75.192]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTP id C36DE604D81 for ; Sun, 1 Mar 2020 11:53:39 +0000 (UTC) Received: from Gertrud (unknown [91.47.60.226]) by mta-6-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 960306044BF for ; Sun, 1 Mar 2020 11:53:37 +0000 (UTC) From: Achim Gratz To: cygwin@cygwin.com Subject: Re: [ANN] Cygwin-OpenSSH 8.2.2.2 References: <87sgiwedci.fsf@Otto.invalid> <87imjrj21y.fsf@Rainer.invalid> <0853870f-74de-8ab5-835e-d97b310fcd91@SystematicSw.ab.ca> Date: Sun, 01 Mar 2020 11:53:00 -0000 In-Reply-To: (Bill Stewart's message of "Fri, 28 Feb 2020 07:51:23 -0700") Message-ID: <87pndwgukh.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2020-03/txt/msg00003.txt Bill Stewart writes: > I have removed the package. (The phrase "no good deed goes unpunished" > comes to mind.) I don't think anybody assumed any bad intentions on your part and it just was to make you aware of the licensing problem and ask you to fix it. The GPL's stated purpose istp protect the freedom of the user, not necessarily the convenience of the distributor (or even the user). > I will put up a separate package later that does not contain any cygwin > binaries and write a script instead that can download the needed binaries > and sources using the cygwin setup tool (that the user will have to > download themselves). In this way I will be hosting no binaries and will > not be in violation of any license. Unless you are using setup.exe to do that, please ensure that you use a secure method for downloading the setup.ini file and the signature, actually check the validity of the signature and then proceed to checksum the downloaded files before installation. https://cygwin.com/faq.html#faq.setup.install-security https://cygwin.com/faq.html#faq.setup.increase-install-security https://cygwin.com/install.html If you so use setup.exe, note that it is GPLv2 licensed. Since there is no source package, you will instead have to point your installer to get a Git snapshot if the user requests the source. Again, if you use that binary, please use a secure transport and check it against the signature, also obtained via secure transport. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple