-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Aug 05, 2017 at 09:38:45AM -0400, Paul Wise wrote: > > No, at worst this is misuse of Debian resources for commercial gain - > > i.e. using long description field for advertising a non-free service. > > I got the impression that Faidon is not involved with SSLMate so this > and the relevant DMUP clause does not seem to apply in this case.
While perhaps not strictly against the letter of any of our rules, that doesn't make it any less an advertisement for a non-free service and that certainly is against the spirit. Similarly to not adding a Recommends: from a package in main to one in non-free, we should not recommend non-free services either IMO. I don't think that is controversial? I would make an exception for source files from upstream. If they want to advertise a non-free service, they can do that. For Debian, IMO we should remove such advertisements as part of packaging the software. That means it should not be in the binary package at all. > In this case, the advertisement is also present on the upstream github > page, via the README, which is also in the Debian package, so removing > it from the Debian package description will not remove the > advertisement entirely. Personally I'd prefer to not have it present > in any of the locations, but leaving it in the README in Debian and > upstream seems like a reasonable compromise. Agreed; I would remove it from the program itself or its upstream-written manpage if it would have been there (and of course it should definitely not be in a manpage created by a maintainer), and while removing it from the source (or its documentation) would be nice, I think it's acceptable to leave it there. Then again, it's similar to having non-free software in a release tarball, and we do repackage the source for that. So perhaps that would be the preferred way to handle it. Thanks, Bas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJZhr4gAAoJEJzRfVgHwHE6jTwQAJGgJL0vKRlcGj70YhjoDDrR /pQiDALVRq0wiQqx+9MNy0px2OeA89TgTtfvm6fh+ibSI+9cC/+FO8GruqGPrxjK NKgyUVUvVNqvSupIzEpbnLQE1QVzi31dvYVzir+lLjJB8sN4oUbNOtTjUWlO4rhT XH8ixzLADqT3VWC30TPUoE8UJ+Nf82eHF67h/4sEwrZWMZgfVfqPR3qTAF0AZsnS ezOtkHl8a3E/QlxOGeMZJ/g2zLVlcRnXU7svEAWdhuSZUT7D9t9I3m5KGwwE1ZLj Kzmlly59DdhyWkqsvWdpifo97avQXlIna4MJeGZW9U8JRdw0V0taWxv1oZ1auprA Cm3hWi/X8DTtvUwOVqEW4aarvvC26dk1uyIz7Z+qHqKF5amir7HxfG81cGNiryyz bBjp6MJAYnnfUeYnn1ZM4qlnJFPNqYSUgoZ/S0uLtOwZGTjaBQsqwewPWKr5pON9 hlG+at1u6wcxTfYJ3guzhB04bp4cISL5Ze3WZwXH3nmTPJi5Rnd7dXaQvkwdzziJ DVcGjZqb3G1LQKABpWmwCxGEXiEgfjki/DmlSDaonX0SUN1lvtfsQ9COcp7kczU1 gb+jcJCR3uerLHvNnmKT8RowQe7j4AHpFGDJuPKid1B+fdYqpNO8/yqE7kScpI97 82ed9JaRCIbFYfXoL+YT =YnvG -----END PGP SIGNATURE-----