On Sun, Jun 19, 2011 at 02:41:43PM +0800, Paul Wise wrote: > Now, my question is; what should Debian do about this if anything? I'm for "name-and-shame", as proposed by Neil. Of course, in spite of the colorful expression, it should be done in a constructive way. After all, I doubt that any Debian derivative out there is doing that on purpose or trying to deliver patched packages whose sources are unknown. It's more likely they do not realize that there is a problem, e.g. by assuming that given that Debian has the sources anyhow they are fine. Now, as how to do the name-and-shame, I don't think we should go too heavy on that (i.e. no way we're going to use -news for this). It's the kind of thing where an official Debian blog would come handy, but we don't have one (yet). How about writing something to be posted on the blog of one of the people active on -derivatives and then pointing to it via debian's identi.ca account, getting it on DPN, etc? Paul, given you've done the work, I think doing that on your own blog would be appropriate, but I'm sure people on this list will be happy to work on a draft, myself included. Aside, on the derivative guidelines we should mention clearly that not providing sources is not OK and likely to get derivatives into trouble. Thanks for this investigation! Cheers. -- Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7 zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/ Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
Attachment:
signature.asc
Description: Digital signature