On Fri, Jan 30, 2015 at 09:54:14AM +0000, Anthony Towns wrote: > On Mon, Jan 26, 2015 at 02:15:22PM +0000, Sam Hartman wrote: [snip] > > However, we'll probably find that if > > we tried to automate something we'd discover legal problems. > > The fact that CPAN, PyPI and others exist and function puts an upper > bound on the problems that there are to be discovered. It's something > they can manage, so it's something we could manage too. Just a minor note: at least in the Debian Perl group there has been more than one case when it turns out that a CPAN module may not be packaged (until the author is contacted and a new release is pushed, but sometimes this takes months) because there is simply no license at all on some of the more important files :) And, yes, this is indeed a wild exception rather than anything commonplace; just thought I'd mention that cases like this exist. There is AFAIK no mechanism at all on CPAN for approval of new module releases, so in theory one could conceive a case when somebody willingly puts up a non-redistributable module, waits for the automated Debian packaging tools to put something up on some server that is part of the official Debian infrastructure and then raises all kinds of public havoc. Not that I think it will really happen, but then who knows... > It's entirely possible that having two levels of vetting would be valuable > to our users -- ie, our current level of NEW checking for "main", and > a CPAN/PyPI/etc "minimal effort" level of checking for "extras". That's > not much different to the main vs non-free split we already have, except > that in this case it'd still be all about promoting free software. Yes, some minimal level of checking might work, although I'm not sure if it would be very effective when the number of packages does go up into the thousands. > > We'd > > discover confirming DFSG status difficult if we tried and that there are > > probably packages out there our users want that really when you look at > > it aren't actually even redistributable. > > That already happens occassionally with stuff in main, cf: > > http://snapshot.debian.org/removal/ > > Cheers, > aj G'luck, Peter -- Peter Pentchev roam@ringlet.net roam@FreeBSD.org p.penchev@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: Digital signature