On Wednesday 28 June 2006 21:25, Santiago Garcia Mantinan wrote: > Package: kiax > Version: 0.8.51.dfsg-1-1 > Severity: serious > > Hi!
Hello, > We had a package that we knew was dfsg compliant, I had removed the lib > stuff which had several license problems because of that and then renamed > it to dfsg as we had agreed that it was dfsg compliant, now... > > I found of a bad taste that a new "dfsg" package was uploaded, as I had > objected to the DFSGness of this new package, today I have looked at it > more carefully and I found out what had been said before, please somebody > correct me if I'm wrong, but... Unfortunaly there was a bug in the sed'ish code which was not ready to cope with dfsg-[0-9]-[0-9]. I've just fixed that in svn. That last 0.8.51.dfsg-1-1 changelog entry caused that repackaing faulire and failed tarball sanitization because we did realized (hi Mark ;-) we need a new dfsg tarball version (-1-1) after the upload has been rejected by debian installer because of the md5sum mismatch: http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/2006-June/005126.html That was not intended, that was a programming mistake. > 1- the echo cancellation stuff doesn't have a license we can use to say > it's free, this has been discussed before (see Emil Stoyanov [1] message to > the list) and I didn't read anybody saying that it was no longer like that aec_nlms directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz > 2- the iLBC stuff is stil non-free as it used to be that way and it hasn't > changed its license. iLBC directory is now properly deleted from kiax_0.8.51.dfsg-2.orig.tar.gz The rest of kiax/lib/ is really LGPL'ed. > Other than that, having a program include on its sources at least 4 of our > already packaged libs and use those sources to compile them statically > instead of using our tested libs seems a really bad way of packaging > something. That's true, but kiax is not ready to use these our libs as of yet. We have 3 choices: * keep it as it is with iLBC and aec_nlms removed from upstream tarball. This is: 2a4d5266f5d312ac3f4ba6cea807f2e0 kiax_0.8.51.dfsg-2.orig.tar.gz in that case we have Echo Cancellation. * revert to the version in testing - no Echo Cancellation, but our libs are used. * remove kiax from the archive ;-) > So... after having a package that could go into Debian because it was free, > we have now come back to the sources that our ftp masters had rejected > because they were non-free. > > This really seems nonsense to me, I don't know if I have to take this as a > joke or what, who didn't read the list or didn't at least didn't look at > the sources that he was packaging, or... I just can't explain this, please > somebody explain this for me. I had to check twice that what I was looking > at were the sources coming from > cc39dab9cb55afbe9722a6f4ad2bb5f0 kiax_0.8.51.dfsg-1.orig.tar.gz > and not from the old non-free version we used to have, and in fact all > non-free stuff is in there. the correct one should have been: 2a4d5266f5d312ac3f4ba6cea807f2e0 kiax_0.8.51.dfsg-2.orig.tar.gz > I hope I'm missing something with all this, otherwise I don't know what we > are playing at, this seems completely nonsense and a Debian developer > should be more cautious with what he uploads at least once he knows there > are problems with licenses on some parts of a software. Really this was not intended. I hope that now it is really properly corrected. -- pub 4096R/0E4BD0AB 2003-03-18 <people.fccf.net/danchev/key pgp.mit.edu> fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
