Re: Bug#937234: pam-python: Python2 removal in sid/bullseye

To: 937234@bugs.debian.org
Cc: debian-edu@lists.debian.org
Subject: Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
From: Russell Stuart <russell-debian@stuart.id.au>
Date: Mon, 10 May 2021 09:03:47 +1000
Message-id: <[🔎] 6539f757-9ae7-4e32-adfb-79fe0e0b7e4c@stuart.id.au>
In-reply-to: <[🔎] 20210508200841.Horde.2xqFFw0rximiEhb1FJUwJgV@mail.das-netzwerkteam.de>
References: <E1i3bM8-00059T-MX@paradis.debian.org> <20210504220806.acks5sj4ojznyzio@frifot> <E1i3bM8-00059T-MX@paradis.debian.org> <[🔎] 20210505145506.tz4ck7ybrxclg7hx@frifot> <[🔎] f0fd02bf-a2ac-73ac-1d5c-92eb5563bddb@stuart.id.au> <[🔎] 20210508200841.Horde.2xqFFw0rximiEhb1FJUwJgV@mail.das-netzwerkteam.de>

On 9/5/21 6:08 am, Mike Gabriel wrote:

That is not the point. E.g., if we spot a security issue with a
package, maybe you as the maintainer / upstream developer (afaik, you
are upstream and downstream for pam-python, Russel, right?) but also
maybe someone in the security team (or any other third person) might
apply a fix to the package and do an e.g. stable-security upload.


Yes, OK.  I hadn't thought of that perspective.  So far pam-python's

one security release was done by myself, and it was done upstreambeforehand.

No, see my previous mail for more details. Debian offers a verystandardized way of obtaining the exact source code that thelibpam-python bin:pkg has been built from. Period. Done. Licensecompliance accomplished.


It's pretty clear Debian does an exemplary job of source distribution.
It was just the "prominent notice" bit.

Commercial products (eg, the phones), in some ways do this better(!)
than Debian does.  They collect them all in an About page, which is easy
to find.  If the commercial products added a "and you can download the
source from here..." link, it would be job done for the AGPL.

Debian does a much better job of all the hard parts: collecting those
licences, organising them into a database and ensuring they always
present on the machine, providing working downloads links - but making
it all findable by a normal GUI user - not so good.  It needs an easily

findable GUI clicky thingy that displays them. Having that would putthe "AGPL prominent notice" requirement to bed for good.


Even just adding a copyright and download pages to Synaptic might
suffice.  For a CLI user a "apt-get licence" would do the job.

Furthermore, I agree with Nik, that AGPL for a non-web project (asthat's where AGPL really makes sense) is disputable and you don't
loose anything if you switch over to GPL-3+ instead of AGPL-3+.


That's correct.  It's just laziness on my part.  It's easier to copy &
paste the same licence into all my projects.  As the exception clause
illustrates I put some thought into choosing one that seemed to fit
best.  I guess I could add another exception that changes "prominent
notice" to something like "easily discoverable notice", if people have
an issue with the word prominent.

The reason I use the AGPL is it seems to me software as a service
reduces copyleft licences to something about of strong as MIT licences.
If I was happy with a MIT licence that is what I would have used, but
I'm not.

Reply to:

Follow-Ups:
- Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

References:
- Re: pam-python: Python2 removal in sid/bullseye
  - From: Dominik George <natureshadow@debian.org>
- Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Content and translation status for the debian-edu-buster manual
Next by Date: Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
Previous by thread: Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
Next by thread: Re: Bug#937234: pam-python: Python2 removal in sid/bullseye
Index(es):
- Date
- Thread