Ian Jackson wrote on 03/12/2019: > Paride Legovini writes ("remote logo inclusion in package documentation"): >> Hello debian-legal, >> >> The latest upstream version of a package I maintain (libmseed) ships >> with HTML documentation. The HTML documentation fetches a remote logo, >> and this triggered the privacy-breach-logo lintian tag [0]. >> >> The logo is explicitly made available for usage by the institution >> developing the software [1], but I couldn't find its terms of use. The >> IRIS Wikipedia page includes the logo and lists it as CC BY-SA, but I'm >> not certain this information is correct. >> >> Do you think the HTML documentation fetching the IRIS logo can be >> included in Debian main? > > No. The lintian warning is correct. Downloading logos in docs like > this is not only a privacy breach, but also a practical problem. > I have been on a train with no internet, trying to read some docs > which I had deliberately pre-installed, and found that each page would > take 30s to load because it had to wait for an attempted logo fetch to > time out. > > If you can't establish that the logo is OK to include, you should > replace it. > > In practice if you write an email to upstream they will probably > explicitly confirm the CC-BY-SA information from Wikimedia. Have you > tried that ?
Thanks Ian, Yeah I wrote them an email, let's see what they say. I also filed an upstream bug asking to ship a local copy of the logo with the documentation instead of relying on a remote resource. If what they come up with is less than ideal I'll drop the logo, it is not necessary at all to consult the documentation. Paride