On Sun, Jun 19, 2011 at 02:41:43PM +0800, Paul Wise wrote:
> Now, my question is; what should Debian do about this if anything?
I'm for "name-and-shame", as proposed by Neil. Of course, in spite of
the colorful expression, it should be done in a constructive way. After
all, I doubt that any Debian derivative out there is doing that on
purpose or trying to deliver patched packages whose sources are
unknown. It's more likely they do not realize that there is a problem,
e.g. by assuming that given that Debian has the sources anyhow they are
fine.
Now, as how to do the name-and-shame, I don't think we should go too
heavy on that (i.e. no way we're going to use -news for this). It's the
kind of thing where an official Debian blog would come handy, but we
don't have one (yet). How about writing something to be posted on the
blog of one of the people active on -derivatives and then pointing to it
via debian's identi.ca account, getting it on DPN, etc?
Paul, given you've done the work, I think doing that on your own blog
would be appropriate, but I'm sure people on this list will be happy to
work on a draft, myself included.
Aside, on the derivative guidelines we should mention clearly that not
providing sources is not OK and likely to get derivatives into trouble.
Thanks for this investigation!
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
Attachment:
signature.asc
Description: Digital signature