Re: RFS: ps2eps (updated package)

To: Matteo Cypriani <mcy@lm7.fr>
Cc: debian-mentors@lists.debian.org
Subject: Re: RFS: ps2eps (updated package)
From: Kilian Krause <kilian@debian.org>
Date: Wed, 29 Jun 2011 20:54:35 +0200
Message-id: <[🔎] 20110629185435.GC4340@mx.verfaction.de>
In-reply-to: <[🔎] 201106291836.06322.mcy@lm7.fr>
References: <[🔎] 201106291541.57890.mcy@lm7.fr> <[🔎] 201106291751.43870.mcy@lm7.fr> <[🔎] 20110629161414.GB4340@mx.verfaction.de> <[🔎] 201106291836.06322.mcy@lm7.fr>

Hi Matteo,

On Wed, Jun 29, 2011 at 06:36:05PM +0200, Matteo Cypriani wrote:
> Le mercredi 29 juin 2011 18:14:14, Kilian Krause a écrit :
> > On Wed, Jun 29, 2011 at 05:51:28PM +0200, Matteo Cypriani wrote:
> > > Yes, I though this was not an issue because the binary are small.
> > > I will try to negotiate with upstream a binary-free tarball, and if
> > > possible with the source DocBook file to generate the manpages, instead
> > > of including the useless PDF and HTML versions.
> > > If it is not possible for upstream, I'll repack
> > 
> > it's not about "small" or "useful". It's about license and copyright.
> 
> The license should be satisfied, since the source is shipped, no? It seems to 
> me that it is a problem only if the binaries come from a modified, unshipped 
> source (which I admit is not easily provable).

You may be right that the license is the same as the source. Yet it's a
derived work that *may* be licensed differently depending on who did the
build and what license he put onto his binary. That's why this has to be
clarified for each and every file in a source package - even pictures,
fonts, audio/video files and documentation like PDF have to have a license.
Moreover that's why GFDL and others were written to overcome the problem
that plain GPL does have with binary stuff - because the GPL more than
others has a problem adressing non-source code as it was never formulated to
cover binaries (at least GPL-2).

So the problem may in fact be that the binary is GPL but that cannot be
satisfied with the formulation of the GPL terms.

> > Always. And sometimes about security and trustability.
> 
> The binaries are not in the final package, so why would it be a security issue 
> for the end-user?

And new upstream releases may consider it a wise thing to put certain
wrappers in and make the install target ship one of the prebuilt binary
blobs which keeps the user's view totally untouched. Yet your package just
got broken wrt. the DFSG. Would you notice?

Not to mention users who download the source and would believe the "other"
binary is so much better than the one from the deb. How do you make sure
this one does not have any backdoors compiled in?

The latter issues were more of illustrating nature though and not
specifically with this case in mind.

-- 
Best regards,
Kilian

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- RFS: ps2eps (updated package)
  - From: Matteo Cypriani <mcy@lm7.fr>
- Re: RFS: ps2eps (updated package)
  - From: Matteo Cypriani <mcy@lm7.fr>
- Re: RFS: ps2eps (updated package)
  - From: Kilian Krause <kilian@debian.org>
- Re: RFS: ps2eps (updated package)
  - From: Matteo Cypriani <mcy@lm7.fr>

Prev by Date: Re: RFS: phing (another try)
Next by Date: Re: mrim-prpl sponsorship
Previous by thread: Re: RFS: ps2eps (updated package)
Next by thread: Re: RFS: lebiniou, lebiniou-data
Index(es):
- Date
- Thread