Return-Path: X-Original-To: apmail-corinthia-dev-archive@minotaur.apache.org Delivered-To: apmail-corinthia-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9EB4EC176 for ; Sun, 21 Dec 2014 18:49:13 +0000 (UTC) Received: (qmail 4795 invoked by uid 500); 21 Dec 2014 18:49:13 -0000 Delivered-To: apmail-corinthia-dev-archive@corinthia.apache.org Received: (qmail 4769 invoked by uid 500); 21 Dec 2014 18:49:13 -0000 Mailing-List: contact dev-help@corinthia.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@corinthia.incubator.apache.org Delivered-To: mailing list dev@corinthia.incubator.apache.org Received: (qmail 4758 invoked by uid 99); 21 Dec 2014 18:49:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Dec 2014 18:49:13 +0000 X-ASF-Spam-Status: No, hits=-1997.8 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Sun, 21 Dec 2014 18:49:12 +0000 Received: (qmail 4621 invoked by uid 99); 21 Dec 2014 18:48:52 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 21 Dec 2014 18:48:51 +0000 Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 2C7B81A0237 for ; Sun, 21 Dec 2014 18:48:48 +0000 (UTC) Received: by mail-la0-f47.google.com with SMTP id hz20so2988584lab.6 for ; Sun, 21 Dec 2014 10:48:44 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.112.99.71 with SMTP id eo7mr18508717lbb.26.1419187723990; Sun, 21 Dec 2014 10:48:43 -0800 (PST) Received: by 10.112.10.16 with HTTP; Sun, 21 Dec 2014 10:48:43 -0800 (PST) In-Reply-To: <002e01d01d46$3eda3b30$bc8eb190$@apache.org> References: <002e01d01d46$3eda3b30$bc8eb190$@apache.org> Date: Sun, 21 Dec 2014 19:48:43 +0100 Message-ID: Subject: Re: [PROPOSAL] White-Box Releases Only From: jan i To: "dev@corinthia.incubator.apache.org" , "orcmid@apache.org" Content-Type: multipart/alternative; boundary=001a113488a2288453050abe640f X-Virus-Checked: Checked by ClamAV on apache.org --001a113488a2288453050abe640f Content-Type: text/plain; charset=UTF-8 On Sunday, December 21, 2014, Dennis E. Hamilton wrote: > I am not clear on to what degree Corinthia Source releases will allow > building of binaries that are end-user meaningful and working in anything > more than console sessions. This proposal is intended to anticipate the > prospect of the code being compilable to store "apps" and GUI-based > end-user applications on many form factors and platforms. This proposal is > particularly relevant to cases where forks will compete for monetization, > including via embedded advertising and also sales through search-engine > optimization and purchased ad placement. Terminology is important here. We will only have source releases, but we will have several convenience binaries: - dfformat library to be embedded in other projects - dfconvert an appl to convert files - dftest, is more internal - editor which hopefully is the appl used most. all these should be made available on all platforms we support. I do however not see that as white box or black box, which are terms more related to test. > > PROPOSAL > > Corinthia project source code releases and the source-code repository > shall build to "white box" binaries and distributions/deployments with > default branding as unsupported Corinthia development editions (stable or > otherwise). Provisions for branding of a distribution (and distributions > of forks) will be incorporated and given default settings. This also > extends to producing digitally-signed versions designed to satisfy > certification requirements for introduction into software "app" stores. > There may be instructions for how to successfully build a branded and > supported authentic distribution, but one should not be directly obtainable > using the stable source without modification. If we use digital signing then it for sure will be a branded product. In general I am in favor for branded applications and non-branded libraries and source. > > [There is no time-limit on this proposal. Let's see the discussion first.] > > DISCUSSION > > If there are to be convenience binaries that are branded as authentic > Apache Corinthia (incubating) distributions, there must be an arrangement > where the branded builds are accomplished in an auditable way without > releasing the branding materials to the public. These builds cannot be > part of the Apache Release process, but there would have to be arrangements > that demonstrate the integrity of the resulting code. +1 we do want to repeat the problems from AOO. > > Note: This is not intended to prevent commercial derivatives of Corinthia > source code, whether closed source or with licensed open source code. It's > just about misidentification of authentic origins. > > ADDRESSING A PROBLEM > > It must not be easy to produce a fake product that trades on "Corinthia" > and its Apache project status as a way of obtaining sales and abdicating > any support obligations by passing-off to the Corinthia project. Fakery > can be innocent/careless, it can be willful (it has to be at least that > much in the case of this proposal), and it can be malicious. All of these > are seen with impersonation of "Open Office" and it can be expected in the > current mobile space "Wild West" equivalent of patent-medicine nostrums. here we only talk about dfconvert and the editor. It would be nice to have digital signing for those....and knowing the signing process (with my infra hat) this is not difficult. thanks for starting this discussion. rgds jan i. > > An example of the situation is on this thread: > < > http://mail-archives.apache.org/mod_mbox/openoffice-dev/201412.mbox/browser > >. > > > > > -- Sent from My iPad, sorry for any misspellings. --001a113488a2288453050abe640f--