François-Régis <f...@miradou.com> writes: > Hi Ben, > > Le 31/03/2014 00:03, Ben Finney a écrit : > > * How do we know – and demonstrate to anyone who asks – the truth of > > the assertion that the source is actually the corresponding source > > of the exact non-source file? > > Before asking how do we know, we should ask do we need to know (and > this in fact the question of the thread).
You're asserting that there is some set of works received from upstream where: * (for example) ‘foo.js’ and ‘foo.min.js’ are distributed together; and * the Debian maintainer claims ‘foo.js’ in the source package is the corresponding source for ‘foo.min.js’ in the source package, thereby satisfying the Social Contract requirement to provide the source for every work in Debian. Yes? (If you're not claiming there is such a set of works, then I don't see the point of discussing what to do about them. So I'll continue on the assumption that you claim there really *are* some such works to which the discussion applies.) In order for the Debian package maintainer to claim that file ‘foo.js’ is the corresponding source for the non-source file ‘foo.min.js’, we should require that the claim is true about those specific files. That seems to make it clear that the question quoted above – “how do we know?” – is prior to the question you're posing – “based on that knowledge, what should we do?”. Or are you saying that it's acceptable for a Debian package maintainer to make a claim about the freedoms of the source package's recipient, without a sound reason for claiming it? > > My answer to this is: Currently, we don't know that at all. We > > take upstream's word for it, though upstream frequently has no > > incentive to guarantee that to us and can easily make mistakes in > > ensuring it. > > You're right so we take care to which is pristine upstream and which > is provided in binary package. And people using debian source packages > outside debian should take care of it, but can check that upsream > tarball is the same as debian tarball. That's an entirely separate question: whether what Debian provides is the same file as provided by upstream. That question is not at issue. What is at issue is whether *what upstream provides* is actually corresponding source for a non-source file. Whether, for example, the file ‘foo.js’ is the corresponding source for ‘foo.min.js’. The fact that upstream provided both of them is no help in determining the answer to that question. So the provenance of a file, while important for other questions, is of no help in answering the question at issue here. > The question here is to accept minified versions of files that have > sources in orig tarball, Before that question even makes sense, a necessary prior question is: *Is it true* the sources for those minified files are actually in the orig tarball, and *how* does any recipient verifiably know that? > I just try to have responses to the question I've adressed "Should we > remove from source tarball minified versions of source files existing > in tarball". The response may depends on context but please deatails > which kind of contest. I hope this makes it clearer. -- \ “Don't be afraid of missing opportunities. Behind every failure | `\ is an opportunity somebody wishes they had missed.” —Jane | _o__) Wagner, via Lily Tomlin | Ben Finney _______________________________________________ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel