[squeak-dev] Smalltalk images considered harmful

Colin Putney cputney at wiresong.ca
Thu May 22 02:06:41 UTC 2008


On 21-May-08, at 2:34 PM, Bert Freudenberg wrote:

> Etoys was being considered to get into Debian. Now it may be  
> rejected, because an image file is not "transparent enough" (see  
> below). It was suggested to discuss this issue on the debian-devel  
> list.
>
> Do any of you have ideas how to respond? Are there perhaps other  
> Debian packages that have a similar issue of accountability?

I think it's important to establish what level of transparency Debian  
is looking for. Apparently they want to be able to compare different  
versions of the package and see what has changed. In reviewing those  
changes, what would they be looking for? Objectionable content?  
Malware? Copyright violations? Material that carries a license  
incompatible with the GPL? Insecure code? Bugs? Spelling mistakes?  
Depending on what they want to know we might be able to provide a way  
to provide that information.

Also, Andreas is right - it's probably possible to distribute Etoys  
such that it can be "built" by filing "source code" into a base image  
of some kind. If the base image didn't include Etoys itself (as  
distinct from Squeak) that would provide the kind of transparency that  
Debian is used to, at least as far as Etoys is concerned. That would  
make the debian version be different from the upstream distribution,  
which would presumably still be based on images.

Or it could be done in reverse - Etoys would be distributed as an  
image, but would have a way of spitting out textual representations  
that could be fed into the debian process. That might mean more than  
just filing out Smalltalk code. It could also mean spitting out files  
that represent other types of media: images, sounds, hierarchies of  
Morphs, whatever is deemed important.

Colin



More information about the Squeak-dev mailing list