[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#747032: RFS: libjs-zxcvbn/1.0+dfsg.1-1

Hi again.

I did new tests and the package, when building, downloads lots of
files from http://en.wiktionary.org/wiki/Wiktionary.

The download files at build time is discouraged because:

1. The package can be afected by a worm or can act as a spyware.

2. The package can't be built offline. Maybe it will make the package
non-free, because now we can have discrimination against persons that
no have Internet access (see DFSG[1]). The Debian Policy §2.2.1 says:

"2.2.1 The main archive area
The main archive area comprises the Debian distribution. Only the
packages in this area are considered part of the distribution. None of
the packages in the main archive area require software outside of that
area to function.
[...]
In addition, the packages in main:
  - must not require or recommend a package outside of main for
compilation or execution
[...]".

3. The buildd system, that builds packages in Debian, don't have
access to the Internet.

4. The "injected" files can violate the original license of the
upstream source code.

Cheers,

Eriberto


2014-09-10 12:50 GMT-03:00 Eriberto <eriberto@eriberto.pro.br>:
> Please, ignore it:
>
>> 1. d/changelog: remove the word 'bug'.
>
> Cheers,
>
> Eriberto
Reply to: