Hi Aryan, On Mon, 2025-07-21 at 07:24 +0530, Aryan Karamtoth wrote:The exact restrictive policy of the license is given below: "Human protect patch: The program and its derivative work will neither be modified or executed to harm any human being nor through inaction permit any human being to be harmed."This undoubtedly makes the license and by extension the software non- free. [...]Hence, this is an important package that needs to be in Debian. I need advice on how to proceed with this package as its a very important one and the downstream packages of this upstream package are very useful tools that need to be in Debian.I see you've already asked the author to reconsider, which is a good first step. v1.0.0 is the last version that uses the Expat (MIT) license unmodified and is therefore free, so you can package that version of itertree without issue and upload to main (though you won't be able to update it further). You might have to adapt rdeps or patch it to be suitable though. -- Maytham IANAL
Yes, I'm hoping me and the author can come to a conclusion about this. I noticed that the downstream package only uses it for tests hence I temporarily excluded those tests. It's not really a very important package now but if the author can reconsider their license decision, I'll proceed with the packaging.
Yes, the v1.0.0 might be packaged but I do not see any value in it as I don't feel to go against the author's wish and like you said, it won't be updated further.
I was also suggested by people on debian-mentors to consider adding it to non-free sources but it wouldn't make any sense for a python library to be a non-free package when the sole purpose of it is to be used by other dependent packages which might be free.
-- Regards, Aryan Karamtoth Debian Contributor IRC: SpaciousCoder78 GPG Fingerprint: 7A7D 9308 2BD1 9BAF A83B 7E34 FE90 07B8 ED64 0421
Attachment:
OpenPGP_0xFE9007B8ED640421.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature