Op woensdag 7 mei 2014 20:14:50 schreef Ben Finney: > Wouter Verhelst <wouter@debian.org> writes: > > Op vrijdag 2 mei 2014 15:58:37 schreef Paul Tagliamonte: > > > If you were to 'update' the image, how would you do it? What things > > > would you need? Include that. Think about what you'd need when you > > > fork the project. > > > > Does that mean I should include "wget"? > > I'm sure you know this, and I am having difficulty interpreting your > question in good faith. But in case you actually don't know:
I was speaking with tongue in cheek here. Of course I know.
The point is, I'm having a hard time buying the argument that if the minified _javascript_ was unmodified, and if the non-minified _javascript_ library is in the archive (or a version of said _javascript_ library which will function in exactly the same way), that the minified _javascript_ is suddenly non-free because it does not contain the non-minified version in the *same* source tarball.
The source is there. For the very same reason we accept built-using and *-source packages, I don't see a problem with having a minified _javascript_ library in a source tarball *as long as the source is in Debian*, somewhere.
The point of freedom is to allow people to make changes, not to have a pedantically correct version of every bit of source "out there". So long as people can make such changes without too much effort (and I submit that in the case of minified _javascript_ libraries without non-minified version, they can), I don't see what the problem is.
[...] > > Most minified externally-produced _javascript_ files are just downloaded > > verbatim off the web. > > How can we verify which ones are verbatim copies, automatically for > every release of the source package?
If you must, you could take a checksum and build a database of known-unmodified versions. I'm not convinced that's actually useful, however.
[...] > > I agree with the sentiment that we should provide source "in Debian" > > for everything that's actually useful for our users. > > Do you agree that nobody except the recipient gets to decide what they > find useful? > > Or would you arrogate to the Debian project the power to deny the fact > that a recipient may find a Debian source package useful in itself? > > > If a dependency and a symlink exists, however, it's clear that the > > maintainer meant to say "source is over there". > > The maintainer may intend that to be true. Without independent automated > verification, we are merely guessing and hoping.
We are merely guessing and hoping that most of the code in Debian is actually under the license terms as specified in the debian/copyright file, too. Yes, with machine-parseable copyright files you can make verifications as to whether the copyright file matches the copyright header in the file. That's still not a proof.
> How can we verify > independently that no such assertion is false? I've described a means > that is certain and simple: discard the non-source form from the source > package.
It is certainly a certain way of doing that, yes. It is also annoying for the maintainer involved, and should not be necessary.
-- It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
|