Le mardi, 11 mars 2014, 19.02:55 Ian Jackson a écrit :
> Thomas Goirand writes ("Re: jquery debate with upstream"):
> > In one of my package, I had openssl.dll in the source tarball (it
> > was of course removed later on).
> >
> > Would you consider it ok as well to have it in a source package, as
> > long as it's not used during the build? And what about a windows
> > .exe? Is it different from having a minified .js that is also not
> > in use?
> Yes, I think all of these things are tolerable, so long as the files
> are in fact redistributable (which depending on the licence they might
> not be).
I disagree: I don't think it's tolerable to ship a .exe freeware [0] in
a source package in main, just because it happens to be redistributable;
in my reading, considering that the "source package" _is_ a component of
the Debian system, doing so violates at least SC§1 and DFSG§2. I don't
think there should be a standards' difference between our source and
binary packages.
That said, the "minified .js" case is slightly different iff it can be
proved that it can be recreated from DFSG-free sources, which should
then really be actually done in the build phase.
Now, if the problem is that "stripping out non-free stuff from upstream
archives is boring work", then that's the thing to solve using smart
tools rather than bending our standards.
Cheers,
OdyX
[0] And that's without speaking of actively harmful executables…Attachment:
signature.asc
Description: This is a digitally signed message part.