On November 23, 2014 7:18:04 AM EST, Wouter Verhelst <wou...@debian.org> wrote: >On Sat, Nov 22, 2014 at 12:08:38PM -0500, Scott Kitterman wrote: >> On November 22, 2014 5:57:56 AM EST, Wouter Verhelst ><wou...@debian.org> wrote: >> >On Fri, Nov 21, 2014 at 07:12:53AM -0500, Scott Kitterman wrote: >> >> Your analysis is rather different than that of the FTP Team. See >> >> >> >>https://lists.debian.org/msgid-search/1948618.u6YZvnFvaf@scott-latitude-e6320 >> >> >> >> Please readjust the severity back to serious. That is the correct >> >value. >> > >> >I have explained my opinion in >> ><https://lists.debian.org/debian-devel/2014/05/msg00191.html>: the >> >source *is* in Debian, just in a different source package. The >actual >> >code, used by the package when installed, is used from that >different >> >source package. This is no different from something using the >> >"Built-Using" header. >> > >> >The minified javascript library is a convenience copy of free >software, >> >but can be exchanged by another copy or implementation of the exact >> >same >> >functionality, as I assert by symlinking the actually-used file from >> >the >> >file system. >> > >> >I remain unconvinced that removing something from a source package >that >> >is shipped identically elsewhere in Debian is useful to our users, >our >> >upstreams, our maintainers, or free software in general. >> > >> >Please explain to me how it is, before asserting that I'm wrong. >> >> Just to make sure I understand you correctly: >> >> The way I read what you are saying is that you believe binary only >artifacts >> used for the upstream build system as embedded convenience copies are >okay as >> long as some version of the source for it exists somewhere in the >archive? >> >> Is that right? > >Close, but not entirely. > >First of all, I wouldn't call minified javascript a "binary". I agree >that it's not source, but that doesn't imply it's a binary (that is >orthogonal to my point, but I want to point that out). > >Obviously what is in main needs to be DFSG-free; that implies it needs >to have source available. > >But nowhere in the DFSG do I see a strict requirement that the said >source is part of the same source package. The fact that we have >"Built-Using" would suggest the same; it shows that there are other >cases where a source package does not contain the full source to a >program. > >This case is the same as when we deal with a convenience copy of a >library that ships with a program: you don't need to remove the >convenience copy, but you do need to ensure it isn't used. > >That's what I'm doing here, too: the convenience copy remains, but the >binary package does not use it. So in my reading of our rules, that's >fine.
Thanks. Of course we do require preferred form of modification, so whether it's strictly binary or not doesn't affect the analysis. What package has the preferred form of modification for this minified JavaScript and how can someone tell this (recalling Helmut's point that built-using is about binaries, not source)? The FTP Team statement I linked to is very specific that DFSG applies to source packages. Scott K P. S. How significant this is and how worth it is spending time on fixing it is a completely separate issue in my opinion from is it a policy violation. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
