Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!hellgate.utah.edu!cs.utexas.edu!uunet!ucscc.ucsc.edu!gorn!filbo
From: filbo@gorn.santa-cruz.ca.us (Bela Lubkin)
Newsgroups: comp.sys.amiga
Subject: WB 1.3.2 distribution
Summary: FTP and archive-servers should satisfy "unsolicited" license problem
Message-ID: <21.filbo@gorn.santa-cruz.ca.us>
Date: 8 Sep 89 03:42:02 GMT
References: <7850@cbmvax.UUCP>
Organization: R Pentomino
Lines: 44
X-Claimer: I >am< R Pentomino!

In article <7850@cbmvax.UUCP> Andy Finkel writes:
>But, on one of the "dollar drains" its not coming to your system unsolicited.
>(a copyright is still valid in that case, but a license probably isn't..
> like a letter, the sender still holds the copyright on the contents,
> the reciever owns the media.) So the answer is yes, its more valid
>or enforcable when posted on one of those "dollar drains" then when
>posted here.  Whether or not it is valid or enforcable at all I have
>no personal opinion on; but it is less so on Usenet.

There are at least two well-established methods of >solicited< distribution
on Usenet/Internet.  One is FTP, useful only for IP-connected sites; the
other is a mailable archive server, useful for all Usenet-connected sites.
In both cases the user must explicitly request a file in order to receive
it.  Yes, either could be spoofed.  I believe that CI$ or any of the other
"dollar drains" could also be spoofed -- more effort would be involved, but
it could be done.  I suggest that Commodore contact several trusted FTP and
archive server sites, give them permission to act as primary distribution
points for 1.3.2, and give them correct copies.  One of the uiuc sites would
be good for FTP; I don't know of any Amiga archive servers but suspect that
someone who runs one for PClones would be willing to act as a secure site
for a single important Amiga file.

>3) You'd like virus writers and Usenet mail spoofers to be defeated
>   by a byte count and checksum.
>   (so would I, but I don't think it has a chance.)

Sure.  But let's not be overly paranoid.  If someone really wants to get a
virus into people's machines, there are lots of routes by which to do it.
Any particular machine's protection against viruses is only as good as the
weakest part.  FTP or archive-server access to a known site is a little
unsafe, but so is buying a disk at a dealer [which might have been a floor
demo, exposed to viruses, then re-shrink-wrapped in the back].  If a
particular >user< believes FTP/archive-server to be unsafe, they can still
get it from CI$ or a dealer.

Personally, I would trust CI$ slightly more than FTP from uiuc -- but not $3
worth more.  >Bela<

>andy finkel		{uunet|rutgers|amiga}!cbmvax!andy
>Commodore-Amiga, Inc.

Bela Lubkin     * *   filbo@gorn.santa-cruz.ca.us   CIS: 73047,1112
     @        * *     ...ucbvax!ucscc!gorn!filbo    ^^^  REALLY slow [months]
R Pentomino     *     Filbo @ Pyrzqxgl (408) 476-4633 & XBBS (408) 476-4945