On Wed, Aug 11, 2010 at 03:41:17PM +0200, Gerfried Fuchs wrote:
> Package: flashplugin-nonfree
> Version: 1:2.8.1
> Severity: serious
>
> Hi!
>
> The package contains a fixed URL to downloadurl from
> http://people.debian.org/~bartm/flashplugin-nonfree/ which isn't
> accessible by any other DD than bartm himself. Furthermore, it includes
> pubkey.asc which only contains a single key which is (hopefully) only
> shared amongst bartm himself:
>
> pub 4096R/3B5821CC 2009-06-15
> uid Bart Martens <ba...@knars.be>
> uid Bart Martens <ba...@debian.org>
> sub 4096R/270D1D5B 2009-06-15
>
> This makes the package almost impossible to update for others without
> changing the downloadurl (and creating a special space for it) and the
> included pubkey, to update for e.g. a new flash player version or
> anything else.
>
> I don't think this is what can be considered to match the DFSG and thus
> the package itself should go to non-free instead.
I disagree. In a NMU you could just as well point the download URL
to a different download page and sign it with your own key. The
requirements imposed by the signed download are technically
inherent and not a violation of the DFSG.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
