-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 26/04/14, 06:20pm, Peter Samuelson escribió: > > [Manuel A. Fernandez Montecelo] > > If you agree that "source-is-missing" also applies in those cases, do > > you also think that we should immediately declare all source packages > > in Debian containing a 'configure' script as somehow non free (unless > > we can check unambigously that they were generated by the .ac) > > There's 2 reasons to care if configure was built from the configure.ac > in the tarball. The immediately practical reason is to ensure that if > we or our users need to patch it, we can patch the actual source, and > still be able to build correctly. (These things do tend to bitrot if > you don't watch them.) Basically that means always rebuilding from > source - which is already a best practice in Debian. Not every package > does it, but IMO every package _should_. > > The other reason to care is of course to comply with our free software > guidelines. For that purpose, I think it's entirely reasonable to > assume good faith in upstream. If we find out that some upstream > intentionally tricks us by shipping a mismatching configure, just so > they can point and laugh at the DFSG violation, the solution is very > simple: remove the package from Debian, because such upstreams clearly > can't be trusted not to trick us in more malicious ways. >
I think is unfair to compare `configure` files with minified JavaScript, starting by the fact that you can't read the minified JavaScript and distinguish if is doing something wrong compared with the source of the same un-minified JavaScript. I think is fine to ship these minified JS files as long as you have a reproducible way to show that is the same as the source. Maybe a dh script should be born for this and my head says the prototype may look like `dh_js_minify_reproduc --source source.js --output min.js - --rules-should-apply='--with-license --with-copyright' and throw an error if it's a mismatch. Kind regards. > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140426232014.gd4...@p12n.org > - -- Jose Luis Rivas -- GPG: 0xB9AC8C43 http://www.joseluisrivas.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlNcQeUACgkQOKCtW8rKsRhndwCfWOT9rNfsvyf9A+wNRH3G1xJr 03IAoL8NazLacbwzqYqjIqQxLlKu2EIR =z0qp -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140426233149.gc12...@arya.ghostbar.co