MNT (Pocket) Reform Security PSA:
- yesterday, @xtaran disclosed to me that `/etc/apt/sources.list.d/mntre.sources` had world writable permissions (666) on our default system
- @josch immediately fixed the issue in `reform-system-image` and `reform-tools`
- to fix the issue, do `sudo apt update` followed by `sudo apt install reform-tools`
@skedarwarrior @mntmn @xtaran No, MNT has its own Debian repository which ships the package. But that being said, the plan is to get reform-tools into Debian (non-free) as well.
| R.I.P Natenom @skedarwarrior @josch @mntmn: According to /usr/share/doc/reform-tools/copyright it's due to the file mnt-icon-font/MNTIcons.sfd being licensed by MNT Research GmbH
under CC-BY-NC-4.0, where NC stands for "non-commerical" which Debian considers to be non-free.
Interestingly multiple other files in the package are being licensed under the DFSG-free CC-BY-SA-4.0 license.
I'd be curious what's the reason behind that single file having a different, non-free license. Maybe its designer disagreed?
@xtaran @skedarwarrior @mntmn Hi, my understanding is that MNT wants to prevent companies from abusing their logo and they want to use copyright law and not trademark law to do so. I read a couple of threats on debian-legal@ and IIUIC, then MNT could also use a libre license for their logo (just like debian or mozilla or many others do) and use trademark law if anybody is abusing their logo instead of copyright law. But then IANAL...
@xtaran @skedarwarrior @mntmn Because of the last bit (I'm not a lawyer) I also feel ill equipped to advice MNT with what license they should choose for their logo. So instead of trying to push this matter with them, I just accepted things as they were chosen to be licensed. But no, it's not a designer disagreement.
@josch @skedarwarrior @mntmn: Thanks for the explanation! Interesting move.