Re: Non-source Javascript files in upstream source
Op woensdag 7 mei 2014 23:18:00 schreef Ben Finney:
> Wouter Verhelst <w@uter.be> writes:
> > The point is, I'm having a hard time buying the argument that if the
> > minified javascript was unmodified, and if the non-minified javascript
> > library is in the archive (or a version of said javascript library
> > which will function in exactly the same way), that the minified
> > javascript is suddenly non-free because it does not contain the
> > non-minified version in the *same* source tarball.
>
> No-one AFAIK is making that argument, so that hopefully sets your mind
> at ease.
>
> > For the very same reason we accept built-using and *- source packages,
> > I don't see a problem with having a minified javascript library in a
> > source tarball *as long as the source is in Debian*, somewhere.
>
> Agreed, if that can be known with confidence at least as good as the
> very simple and reliable method of removing the non-source form out of
> the Debian source package.
>
> > The point of freedom is to allow people to make changes, not to have a
> > pedantically correct version of every bit of source "out there".
>
> The point of freedom is more than merely to make changes; it is the
> freedom to inspect the work and see what it does, it is the freedom to
> share the work with others in the same freedom as the original.
Yes, that too.
My point was that we should consider *why* we want source. If the source is
elsewhere available, then it is available, and it does not matter that it is
not available in the "current" source package.
> > So long as people can make such changes without too much effort (and I
> > submit that in the case of minified javascript libraries without
> > non-minified version, they can), I don't see what the problem is.
>
> So that I understand your position: You're saying a recipient of Debian
> who obtains, from the Debian source package, a minified JavaScript file
> *without* corresponding source, has effective freedom to modify that
> work?
No. But I agree that my above sentence could have been written with some more
care; I should have cleared up my braindump a bit better. Allow me to
rephrase:
I submit that in the case of minified javascript libraries that are *already
available* in Debian, and that are symlinked (in the way as described before)
but ship in a source tarball as convenience copies *which are not used*, they
can.
It is easy to verify whether such minified javascript libraries are used: if
the binary package does not ship with them, they are not used, even if they
are in the source package.
> > [...]
> >
> > > How can we verify which [non-source JavaScript libraries] are
> > > verbatim copies [from a work for which we demonstrably have source],
> > > automatically for every release of the source package?
> >
> > If you must, you could take a checksum and build a database of known-
> > unmodified versions. I'm not convinced that's actually useful,
> > however.
>
> If you must, that could work. That's more complex and less reliable than
> simply omitting the non-source form of the work.
They need not be removed from the source package, IMO.
[...]
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
Reply to: