Bug#587279: debian-policy: section 2.2.1 needs some tweaking

To: 587279@bugs.debian.org
Subject: Bug#587279: debian-policy: section 2.2.1 needs some tweaking
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Tue, 13 Mar 2012 23:13:29 -0400
Message-id: <[🔎] CANTw=MNLFB5VuhOW74WXfU47T+M7u9CKJBRWUu_9D9D8X2rk-A@mail.gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 587279@bugs.debian.org
In-reply-to: <[🔎] 8762e7evva.fsf@windlord.stanford.edu>
References: <201006261829.48353.geissert@debian.org> <87zke2m589.fsf@windlord.stanford.edu> <[🔎] CANTw=MO7eCCVwa6XR1te4ahHvyBczBRCoQqT1ZCGNfVXMMbf9A@mail.gmail.com> <[🔎] 8762e7evva.fsf@windlord.stanford.edu>

On Tue, Mar 13, 2012 at 10:53 PM, Russ Allbery <rra@debian.org> wrote:
> Michael Gilbert <michael.s.gilbert@gmail.com> writes:
>
>> This is a bit off-topic for the bug report, but while you're thinking
>> about rewording this section, it may be prescient to consider
>> non-explicit dependencies.
>
>> For example, the getweb script in foo2jzs fetches non-free firmware
>> files, yet seems to be currently permissible in main given the current
>> policy wording since there is no "Depends or Recommends: <external
>> firmware files>" anywhere in the control file.
>
> This concern is addressed by the paragraph three higher, at the start of
> the section.
>
>    The main archive area comprises the Debian distribution. Only the
>    packages in this area are considered part of the distribution. None of
>    the packages in the main archive area require software outside of that
>    area to function.
>
> The non-free firmware fetched from elsewhere is clearly "software outside
> of that area."

I understand this section very well, and even with that lead-in
wording, I contend that sufficient ambiguity remains that additional
clarity is needed.  Otherwise, it wouldn't have been so difficult to
deal with bug #449497, which essentially turned into a wontfix.

The problem is that even though the lead-in uses the term "software",
the actual "must" requirements use the term "package".  Thus, a
liberal reading of policy leads to the conclusion that if there isn't
an explicit dependency on a package, then it's ok to have a script or
plugin in main that makes use of non-free.  I think that
interpretation violates the spirit of the policy.  Clearer wording
could fix this.

I would propose

--- a/text
+++ b/text2
@@ -1,4 +1,5 @@
-must not require or recommend a package outside of main for compilation or
+must not require or recommend software (including packages, plugins,
firmware, etc.)
+outside of main for compilation or
 execution (thus, the package must not declare a "Pre-Depends", "Depends",
 "Recommends", "Build-Depends", or "Build-Depends-Indep" relationship on a
-non-main package),
+non-main package and must not include utilities that fetch non-main files),

Best wishes,
Mike

Reply to:

Follow-Ups:
- Bug#587279: debian-policy: section 2.2.1 needs some tweaking
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#587279: debian-policy: section 2.2.1 needs some tweaking
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Bug#587279: debian-policy: section 2.2.1 needs some tweaking
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#587279: debian-policy: section 2.2.1 needs some tweaking
Next by Date: Bug#587279: debian-policy: section 2.2.1 needs some tweaking
Previous by thread: Bug#587279: debian-policy: section 2.2.1 needs some tweaking
Next by thread: Bug#587279: debian-policy: section 2.2.1 needs some tweaking
Index(es):
- Date
- Thread