On 2018-09-26, Mark Milhollan <mlm@pixelgate.net> wrote:
On Tue, 25 Sep 2018, Job Snijders wrote:
We really need to bring it back down to "apt install rpki-cache-validator"
You say this as if no packager has a way to display and perhaps require approval of the license nor any way to fetch something remote as part of the installation process, e.g., the Microsoft "freely" supplied TTF files ...
# zypper install fetchmsttfonts [...packager stuff...] (1/1) Installing: fetchmsttfonts-11.4-42.28.noarch .........................................[done] Running: fetchmsttfonts-11.4-42.28-fetchmsttfonts.sh.txt (fetchmsttfonts, /var/adm/update-scripts) EULA: END-USER LICENSE AGREEMENT FOR MICROSOFT SOFTWARE
IMPORTANT-READ CAREFULLY: This Microsoft End-User License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and [...] andale32.exe (https://sourceforge.net/projects/corefonts/files/the%20fonts/final/andale32....): Fetching ... done Extracting ... done [...]
I bet apt, dnf, pacman, pkg_add, yum, etc., do as well -- actually I know some of those do.
Some do, some don't. As far as OpenBSD is concerned, pkg_add will install signed packages distributed by OpenBSD, they can only do that if free redistribution is possible. For things like the Microsoft fonts, they can be installed, but by a different process which is a lot more work. There's a big difference between this and something like the Microsoft fonts in your example: the fonts are clearly creative work and copyrightable. A generated integer in an RFC-specified format? That seems less likely.