RFC: On-demand package installation API in kdelibs

Martin Sandsmark sandsmark at samfundet.no
Wed Jul 28 23:47:17 BST 2010

On Thu, Jul 29, 2010 at 12:19:28AM +0200, Thomas Lübking wrote:
> No "we" are not.
> By Lubos proposal the distros implement the handler for a weak dependency, 
> i.e. amarok says "need some codec" and the distro says either:
> […]

But in the case of, say, libdvdcss, we would have to require the user to
install something that we know breaks copy protection.

And what if we ask the distro to install something we know there are no legal
solutions for (like playing some WMA files)?

> The "technicality" is actually what matters - not the appearance, since then 
> KDE would be to blame even if distro xyz would just use kdialog to ask you to 
> "break" the DMCA (which is btw. an insult on the human brain - sorry)

No, it's the intent that matters (AFAIK).

> Providing an abstract API does not get you into any response and since you 
> lost control downstream, even constructs like the german "Störerhaftung" (if 
> you run a forum, you're -maybe- held responsive for insults placed there) 
> won't apply.

Well, the application installation API isn't the problem itself, it's the
usage of it, for example in DragonPlayer asking to install libdvdcss, or
Amarok asking to install mp3 plugins for Xine.

> Such an approch would not even hit amarok, as it simply says "need some 
> dependency" - what is just a fact. What the disto makes out of this is out of 
> amarok's control & response.

Well, but it's still Amarok that's asking the user to install something, the
distribution just provides the user with the means for installing it
(probably suable in itself, unless they don't provide it, in case this whole
API is useless).

> Yes it would.
> The nature of such API is clearly to resolve weak deps - not to break any law. 
> Such deduction would fail as there can be -and are quite some- weak deps that 
> do not break any law but just bypass installation overhead.
> Whether it can be used to do evil stuff in a particular case does not matter. 
> By such model the NRA would btw. be responsive for every shootout victim, 
> since weapons _can_ be used to kill ppl.

Yes, the API can be used for only legally innocent stuff, but then it isn't
very useful.

> The legal issue would then as mentioned be on the distros side, depending on 
> how they actually resolve this dependency in pot. illegal cases (by checking 
> locales, bypassing some server locations or just avoid installation) and thus 
> out of k-c-d scope :-)

No, since it's we, KDE, who are asking the user to install something that
clearly isn't legal.

> Cheers,
> Thomas - who asked one of our attorneys and listened to a harsh tirade on 
> silly US law excesses... first time i heard a lawyer saying all lawyers should 
> be killed =D


Martin Sandsmark 

More information about the kde-core-devel mailing list