Re: clementine: installs non-free plugin at runtime
(from Jonas Smedegaard <dr@jones.dk> via the bug):
> One of several functions of Clementine is to stream audio from cloud
> service Spotify. Initially selecting that function triggers a routine
> where Clementine (asks for concent and then) downloads and installs a
> non-free binary driver.
>
> Policy 2.2.1 states that "None of the packages in the main archive area
> require software outside of that area to function."
>
> Clementine should either be moved to contrib, or the Spotify function be
> removed.
I suggest this isn't a Policy violation. Clementine functions without
the Spotify plugin; e.g., it'll happily play local music files, or from
any of the non-Spotify streaming sources.
Compare to, for example, all web browsers except lynx (and similar).
They all happily and automatically download and execute non-free code
(JavaScript), without any warning whatsoever. And if you turn off
JavaScript, they lose quite a bit more functionality than Clementine
does (I'd go so far as to say they become fairly useless — quite a bit
of the web doesn't work w/o JavaScript).
Many of them have their own plugin services (at least both Firefox and
Chromium do) that happily install and execute non-free code, again
without any warning (the only warnings they give are about access to
data, browsing history, etc., nothing about freedom).
Further, Debian understands software broadly (including, e.g.,
data—basically, "not hardware"), not just executables. If this bug
report's reading of policy were correct, Clementine would need to
disable most of streaming music services as the music they provide
doesn't follow DFSG. (And even lynx would have to be removed.)
I think it'd be reasonable to make the confirmation dialog explicitly
say that the plugin is not free software. But other than that, which
does not warrant severity: serious, I think this bug should be closed as
not a bug.
Reply to: