licensing infos for dependency ltc_scrypt

[ulrichard]

I slowly started to package the dependencies of encompass for debian.
But for ltc_scrypt I didn't find neither licensing nor contact information.
The only license info I found is in the c file that is probably copied from elsewhere.
Do you have any information on the author, so that I could ask him to include a license?

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[guruvan]

@ulrichard I think it's pooler, I could check with him and see who the original author is if not him.

[guruvan]

@ulrichard Also, we'd like to recommend that most users should use the binary release that we provide - and that is what should be packaged for various distributions. The release file is a self-extracting tarball, and small shell script, and a few files like icons. It'd be nice to have that all in a slick debian package, but with the way that debian will install dependencies via apt, and not via pip, it may cause some issues.

The binary release installed via apt would be excellent.

[ulrichard]

What issues do you expect? The only two dependencies that were missing when I run it from the github working copy were ltc_scrypt and darkcoin-hash.

[guruvan]

If you installed via github source, the instructions are to use pip to install the other dependencies listed in requirements.txt - the versions found in apt are horrendously out of date, while the pip versions are not. We specify versions of each dep to run correctly with Encompass, and those are often not available via apt. Your mileage may vary, but we put out the binary release to avoid this issue.

[guruvan]

@ulrichard It' should be of note that the binary release is a universal 64bit linux installation, and can be packaged for any distro as such, along with desktop icons and other items for proper desktop installation. The exceptions would be Arch and Gentoo - arch PKGBUILD is provided by vertoe, and we will provide an ebuild for gentoo in the next release.

[ulrichard]

I will have a look. But in general, debian packages are not allowed to contain stuff that is already contained in other packages, nor run scripts that would fetch stuff from the internet.
If there are old versions packaged, we might convince the maintainers to package more recent versions.

[guruvan]

As it's open source, all I can do is recommend against this. In doing so, we create yet another possible way to run Encompass, which makes debugging, support, and all the related more complex.

What is the reason for wanting to package for debian in this way? Is there are reason to prefer this over the produced releases?

[guruvan]

Also, as time permits, a GUI installer will be provided for the linux universal - at this time it's a simple shell script because time was short.

[guruvan]

@ulrichard just spoke with pooler - and he's got no idea about the ltc_scrypt licensing. - we're looking into the p2pool code to see if the answer is there, or at least who might be the right person to talk to. ForrestV of p2pool might have more info.

[ulrichard]

Ok, let's compare the following two scenarios:

A) I tell my mother in law that electrum is a cool wallet software for BitCoin

• She opens the ubuntu software center like for any other program she might want to install
• She searches for electrum, and clicks install.
• In the background, apt knows that it also has to install the following packages,
  and thus tells her that 19MB have to be downloaded : electrum libhidapi-hidraw0 libhidapi-libusb0
  libqtassistantclient4 python-ecdsa python-electrum python-hidapi python-mnemonic
  python-pbkdf2 python-protobuf python-qt4 python-sip python-slowaes python-trezor
  python-usb python-btchip
• she clicks ok, and a few moments later she can use the program.

Since it runs over apt, I know the following:

• It is easy to check what files are installed, and where they go.
• It can easily be uninstalled without leaving the system in a mess.
• Once an updated package becomes available she gets notified, and can install it along with all the other system components.
• Since packages are built on the same build farm as the rest of the system, I have the same confidence that the binaries really contain what is in the sources. With the upcoming debian binary reproducible builds, this guarantee becomes even stronger.
• Signatures are verified automatically.

B) I tell my mother in law that encompass is very similar to electrum, but with more features, and she should give it a try.

• She opens the ubuntu software center like for any other program she might want to install
• Since it's a fork of electrum, I would assume that most components can be shared, and the download should be a few MB at most.
• She searches for encompass, and doesn't find it.
• So she asks me how to install.
• I send her an exact URL by email where she can download a monolithic installer package. She would have no chance finding out herself which one of the 44 files on the release page she needs.
• She downloads the 104MB !!! file, and even if she knows where it was stored, she doesn't know what to do with it.
• The first thing to do would be to also download the signature file and verify the download. But who would like to guide my mother in law through this process?
• So I tell her to make the file executable by ... and then execute it.
• After a while she can use the program.

But even if we did verify the signature, we would have some concerns:

• What did the installer do to her system?
• How can she uninstall it, and will it uninstall cleanly?
• How will she get notified of new versions?
• Who exactly packaged the binary monolith? Hopefully he is trustworthy.
• Since the installer was run by her user, the files are user writeable. So my kids or a trojan could modify them, making the program send the BitCoins their way.

I'm for option A)

[Kefkius]

I'd like there to be a package for encompass, definitely. But as for licensing on ltc_scrypt:

The package itself here comes with no license info. I don't see an easy way around this.