Le mardi, 11 mars 2014, 19.02:55 Ian Jackson a écrit : > Thomas Goirand writes ("Re: jquery debate with upstream"): > > In one of my package, I had openssl.dll in the source tarball (it > > was of course removed later on). > > > > Would you consider it ok as well to have it in a source package, as > > long as it's not used during the build? And what about a windows > > .exe? Is it different from having a minified .js that is also not > > in use? > Yes, I think all of these things are tolerable, so long as the files > are in fact redistributable (which depending on the licence they might > not be). I disagree: I don't think it's tolerable to ship a .exe freeware  in a source package in main, just because it happens to be redistributable; in my reading, considering that the "source package" _is_ a component of the Debian system, doing so violates at least SC§1 and DFSG§2. I don't think there should be a standards' difference between our source and binary packages. That said, the "minified .js" case is slightly different iff it can be proved that it can be recreated from DFSG-free sources, which should then really be actually done in the build phase. Now, if the problem is that "stripping out non-free stuff from upstream archives is boring work", then that's the thing to solve using smart tools rather than bending our standards. Cheers, OdyX  And that's without speaking of actively harmful executables…
Description: This is a digitally signed message part.