On Mon, Sep 07, 2009 at 09:01:04PM +0900, Charles Plessy wrote: > in one of the packages I mainatain, upstream left some zlib and ncurses static > libraries for Win32 in the source tarball. Without the copy of the zlib and > ncurses sources. > Now I will have to add a lot of stuff to debian/copyright, make a “dfsg” > tarball, provide a get-orig-source target in debian/rules, and write a > README.source file to comply with the Policy, and do the repackaging dance at > each new upstream release. This is not the way I have fun. Why would you have to add anything to debian/copyright? debian/copyright is for describing the copyright and license of things in the package. You don't need to put information here about things that are explicitly *not* in the package. "make a dfsg tarball" - surely once you've written the get-orig-source target, this is trivial. README.source - Policy only requires use of this file... [if] running `dpkg-source -x' on a source package doesn't produce the source of the package, ready for editing which is not the case here. So really, the only requirement is that you repack the source tarball, with or without the help of a get-orig-source target to do this for you automatically in the future. This is unpleasant - I don't think anyone finds this kind of maintenance overhead to be enjoyable - but not particularly onerous. I don't think there's any reason to be lenient here, and plenty of reason to be strict: it's much simpler for someone to audit the distro if we have a simple rule, "binaries without corresponding source are disallowed", than if we have to examine the license and further examine the package build rules to see if anything from these binaries is copied into the binary package (which would give us binary packages in clear violation of the DFSG). > Alternatively, I can of course ask Upstream to remove the Windows binaries, > but how can I convince him that we hurt our users by leaving these files in > the Debian source packages, while the sources of zlib and ncurses are > actually distributed by Debian together with the sources of his program? How about the "bloat" argument? There really should not be any need for him to provide these libraries in the source package - Linux users don't need them at all, Windows users who are in a position to compile the package from source can also get ahold of those libraries by other means (and probably already have). So it adds to the size of the source tarball for no reason. > I really wish that we could open a discussion on the possibility to ignore some > legally redistributable source-less files that are in the .orig.tar.gz upstream > archive, provided that we do not include them in our binary packages nor use > them at build time. This could also include source-less PDF files, which are > another time sink in the field where I do my packaging. Sourceless PDF files are not a violation of the Social Contract / DFSG. If you are having to sink time into finding source for such files, let's put an end to this - give me the details and I'll propose a GR that reaffirms what's stated already in our founding documents, that source code is only mandatory for programs. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature