Re: Programs contain ads - acceptable for packaging for Debian?
Simon McVittie writes ("Re: Programs contain ads - acceptable for packaging for Debian?"):
> On Thu, 20 Jun 2019 at 13:15:26 +0700, Bagas Sanjaya wrote:
> > Suppose that an upstream has released a program which its license conforms
> > to DFSG (named ZZZ), but when I test it, ads placed by the upstream appear
> > (such as pop up ads). Since ads can affect user experience of ZZZ, but at
> > the same time the upstream get paid by ad networks which he place the ads
> > into ZZZ, would it acceptable to package ZZZ for Debian?
>
> Personal opinion only:
>
> If the ads give a third-party ad network the opportunity to track the
> users of ZZZ, then I'd consider that to be an important bug, and it
> would not be appropriate to package ZZZ without removing them (assuming
> the license allows for that, which it should if it is DFSG-compliant).
I agree. This applies to any program which downloads ads from the
network at runtime. Serious problems with this:
* We don't know what ads might be displayed and whether we would
think them inappropriate, offensive, legally risky, or whatever.
* Downloading ads at runtime is a security risk: it exposes the
software which has to display them to a very wide array of actors.
This is a bad idea (and one reason why you should run your web
browser with a good adblocker).
* Downloading ads at runtime is a privacy violation, because it
allows the ad server to see who is using the program.
(This is the concern mentioned by Simon.)
So I think ZZZ should be patched to not download ads from the network.
It would be polite to have a conversation with upstream about this,
and we in Debian would always strive to be polite, but if ZZZ is free
software then we do not need upstream's permission.
Ian.
--
Ian Jackson <ijackson@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Reply to: