Bug#856139: [pkg-go] Bug#856139: Bug#856139: certspotter: long description advertises commercial service
❦ 7 août 2017 18:12 GMT, "Dr. Bas Wijnen": >> We have all kind of software advertising non-free services. Search for >> "Google" or "Amazon". The comparison is even unfair as the service >> advertised here is available as free software (not the case for most >> services from Amazon and Google we advertise). > > If other packages are worse, that means they should be fixed, not that this > should be allowed. > >> Example: [s3cmd] > > How is this not in contrib? This software is useless without the non-free > service (which is also software, and it is not in main) from Amazon. Policy > even mentions as an example for things in contrib: wrapper packages or other > sorts of free accessories for non-free programs. That's exactly what > this is. > > I didn't know that this was in main, and I expect most others to not know > either. But I don't think they should be. I wouldn't expect this to be > controversial, but it seems that it is, given that you suggest they obviously > belong in main? > > To be clear: the sort of software (of this type) I expect in main is like > mumble: it connects to a server, and you can connect to a commercially hosted > server if you want to, but you can also run your own server, because it's free > software. If the mumble server would not be free, and the only way to use the > client was to connect to a commercial server, mumble should not be in main. > > As I wrote, I expected there to be consensus on this. Am I incorrect about > that? In this case, free S3 implementations exist (like Swift, available in Debian). However, it is easy to find other packages interacting with proprietary services without a free implementation. For example, any package interacting with Google Cloud (golang-google-cloud package). -- Your manuscript is both good and original, but the part that is good is not original and the part that is original is not good. -- Samuel Johnson signature.asc Description: PGP signature
Bug#856139: certspotter: long description advertises commercial service
On Tue, Aug 8, 2017 at 2:12 AM, Dr. Bas Wijnenwrote: >> Example: [s3cmd] > > How is this not in contrib? This software is useless without the non-free > service (which is also software, and it is not in main) from Amazon. Policy > even mentions as an example for things in contrib: wrapper packages or other > sorts of free accessories for non-free programs. That's exactly what this is. Maybe some off topic here. The description of s3cmd is outdated. It's *not* useless without AWS. It can be used with self-hosted S3 protocol compatible service, such as Ceph RGW, minio[1]. Both are free softwares, and Ceph is in our main archive. [1] https://github.com/minio/minio -- Best regards, Shengjing Zhu
Bug#856139: [pkg-go] Bug#856139: certspotter: long description advertises commercial service
On Sun, Aug 06, 2017 at 02:15:17PM +0200, Vincent Bernat wrote: > ❦ 4 août 2017 20:03 +0200, Jonas Smedegaard: > > No, at worst this is misuse of Debian ressources for commercial gain - > > i.e. using long description field for advertising a non-free service. > > We have all kind of software advertising non-free services. Search for > "Google" or "Amazon". The comparison is even unfair as the service > advertised here is available as free software (not the case for most > services from Amazon and Google we advertise). If other packages are worse, that means they should be fixed, not that this should be allowed. > Example: [s3cmd] How is this not in contrib? This software is useless without the non-free service (which is also software, and it is not in main) from Amazon. Policy even mentions as an example for things in contrib: wrapper packages or other sorts of free accessories for non-free programs. That's exactly what this is. I didn't know that this was in main, and I expect most others to not know either. But I don't think they should be. I wouldn't expect this to be controversial, but it seems that it is, given that you suggest they obviously belong in main? To be clear: the sort of software (of this type) I expect in main is like mumble: it connects to a server, and you can connect to a commercially hosted server if you want to, but you can also run your own server, because it's free software. If the mumble server would not be free, and the only way to use the client was to connect to a commercial server, mumble should not be in main. As I wrote, I expected there to be consensus on this. Am I incorrect about that? Thanks, Bas signature.asc Description: PGP signature
Bug#856139: certspotter: long description advertises commercial service
Quoting Paul Wise (2017-08-05 09:38:45) > On Fri, Aug 4, 2017 at 2:03 PM, Jonas Smedegaard wrote: > > > Am I alone in finding it wrong to promote commercial services in long > > descriptions of packages n Debian main? > > In general, I think we should avoid doing that. > > In this case, the advertisement is also present on the upstream github > page, via the README, which is also in the Debian package, so removing > it from the Debian package description will not remove the > advertisement entirely. Personally I'd prefer to not have it present > in any of the locations, but leaving it in the README in Debian and > upstream seems like a reasonable compromise. > > > No, at worst this is misuse of Debian resources for commercial gain - > > i.e. using long description field for advertising a non-free service. > > I got the impression that Faidon is not involved with SSLMate so this > and the relevant DMUP clause does not seem to apply in this case. For the record, I did not mean to imply that Faidon would gain anything. I apologize for such accidental accusation! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#856139: [pkg-go] Bug#856139: certspotter: long description advertises commercial service
Hi, > We have all kind of software advertising non-free services. Search for > "Google" or "Amazon". The important distinction here is not that that we mention services that commercial (or even non-free), but rather between descriptive and (quasi-) objective phrases such as: Cert Spotter is also available as a hosted service and clauses that are bordering on advertising: … and requires zero setup I am uncomfortable with the latter appearing in long descriptions. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#856139: [pkg-go] Bug#856139: certspotter: long description advertises commercial service
❦ 4 août 2017 20:03 +0200, Jonas Smedegaard: > Am I alone in finding it wrong to promote commercial services in long > descriptions of packages n Debian main? I agree with Faidon on this one. Just saying that because the way you ask the question is more likely to get the opposite answers. >> At worst, this is "irrelevant" as you put it, > > No, at worst this is misuse of Debian ressources for commercial gain - > i.e. using long description field for advertising a non-free service. We have all kind of software advertising non-free services. Search for "Google" or "Amazon". The comparison is even unfair as the service advertised here is available as free software (not the case for most services from Amazon and Google we advertise). Example: Description: command-line Amazon S3 client Command-line tool to upload, retrieve and manage data in Amazon S3 service (http://www.amazon.com/s3/), designed for use in scripts. Features: - creating and destroying S3 buckets - uploading and downloading files - listing remote files - removing remote files - synchronizing local directories to S3 buckets - getting various information about buckets and disk usage . s3cmd supports both (US and EU) S3 datacentres. -- Make input easy to proofread. - The Elements of Programming Style (Kernighan & Plauger) signature.asc Description: PGP signature
Bug#856139: certspotter: long description advertises commercial service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Aug 05, 2017 at 09:38:45AM -0400, Paul Wise wrote: > > No, at worst this is misuse of Debian resources for commercial gain - > > i.e. using long description field for advertising a non-free service. > > I got the impression that Faidon is not involved with SSLMate so this > and the relevant DMUP clause does not seem to apply in this case. While perhaps not strictly against the letter of any of our rules, that doesn't make it any less an advertisement for a non-free service and that certainly is against the spirit. Similarly to not adding a Recommends: from a package in main to one in non-free, we should not recommend non-free services either IMO. I don't think that is controversial? I would make an exception for source files from upstream. If they want to advertise a non-free service, they can do that. For Debian, IMO we should remove such advertisements as part of packaging the software. That means it should not be in the binary package at all. > In this case, the advertisement is also present on the upstream github > page, via the README, which is also in the Debian package, so removing > it from the Debian package description will not remove the > advertisement entirely. Personally I'd prefer to not have it present > in any of the locations, but leaving it in the README in Debian and > upstream seems like a reasonable compromise. Agreed; I would remove it from the program itself or its upstream-written manpage if it would have been there (and of course it should definitely not be in a manpage created by a maintainer), and while removing it from the source (or its documentation) would be nice, I think it's acceptable to leave it there. Then again, it's similar to having non-free software in a release tarball, and we do repackage the source for that. So perhaps that would be the preferred way to handle it. Thanks, Bas -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJZhr4gAAoJEJzRfVgHwHE6jTwQAJGgJL0vKRlcGj70YhjoDDrR /pQiDALVRq0wiQqx+9MNy0px2OeA89TgTtfvm6fh+ibSI+9cC/+FO8GruqGPrxjK NKgyUVUvVNqvSupIzEpbnLQE1QVzi31dvYVzir+lLjJB8sN4oUbNOtTjUWlO4rhT XH8ixzLADqT3VWC30TPUoE8UJ+Nf82eHF67h/4sEwrZWMZgfVfqPR3qTAF0AZsnS ezOtkHl8a3E/QlxOGeMZJ/g2zLVlcRnXU7svEAWdhuSZUT7D9t9I3m5KGwwE1ZLj Kzmlly59DdhyWkqsvWdpifo97avQXlIna4MJeGZW9U8JRdw0V0taWxv1oZ1auprA Cm3hWi/X8DTtvUwOVqEW4aarvvC26dk1uyIz7Z+qHqKF5amir7HxfG81cGNiryyz bBjp6MJAYnnfUeYnn1ZM4qlnJFPNqYSUgoZ/S0uLtOwZGTjaBQsqwewPWKr5pON9 hlG+at1u6wcxTfYJ3guzhB04bp4cISL5Ze3WZwXH3nmTPJi5Rnd7dXaQvkwdzziJ DVcGjZqb3G1LQKABpWmwCxGEXiEgfjki/DmlSDaonX0SUN1lvtfsQ9COcp7kczU1 gb+jcJCR3uerLHvNnmKT8RowQe7j4AHpFGDJuPKid1B+fdYqpNO8/yqE7kScpI97 82ed9JaRCIbFYfXoL+YT =YnvG -END PGP SIGNATURE-
Bug#856139: certspotter: long description advertises commercial service
On Fri, Aug 4, 2017 at 2:03 PM, Jonas Smedegaard wrote: > Am I alone in finding it wrong to promote commercial services in long > descriptions of packages n Debian main? In general, I think we should avoid doing that. In this case, the advertisement is also present on the upstream github page, via the README, which is also in the Debian package, so removing it from the Debian package description will not remove the advertisement entirely. Personally I'd prefer to not have it present in any of the locations, but leaving it in the README in Debian and upstream seems like a reasonable compromise. > No, at worst this is misuse of Debian resources for commercial gain - > i.e. using long description field for advertising a non-free service. I got the impression that Faidon is not involved with SSLMate so this and the relevant DMUP clause does not seem to apply in this case. -- bye, pabs https://wiki.debian.org/PaulWise
Bug#856139: certspotter: long description advertises commercial service
Dear fellow Debian developers, Am I alone in finding it wrong to promote commercial services in long descriptions of packages n Debian main? Quoting Faidon Liambotis (2017-08-04 13:57:10) > On Sat, Feb 25, 2017 at 03:53:13PM +0100, Jonas Smedegaard wrote: > > Long description includes a paragraph starting with the following: > > > > > Cert Spotter is also available as a hosted service by SSLMate that > > > requires zero setup [...] > > > > That paragraph is irrelevant for this package - please drop it. [...] > At worst, this is "irrelevant" as you put it, No, at worst this is misuse of Debian ressources for commercial gain - i.e. using long description field for advertising a non-free service. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#856139: certspotter: long description advertises commercial service
Quoting Faidon Liambotis (2017-08-04 13:57:10) > On Sat, Feb 25, 2017 at 03:53:13PM +0100, Jonas Smedegaard wrote: >> Long description includes a paragraph starting with the following: >> >>> Cert Spotter is also available as a hosted service by SSLMate that >>> requires zero setup [...] >> >> That paragraph is irrelevant for this package - please drop it. > > This is a tricky case indeed and I can see both sides of this. > > I lean towards keeping it though, for the following reasons: > > - It is somewhat relevant to the package: it's useful to know that one > can instead use a hosted version of the software, which by the way > is free for up to 5 domains, without going through the trouble of > setting it up. > > - If one has more domains than that, they can either switch to > certspotter, or they can pay for the commercial service, and in > doing so, pay the bills for the author of this software. The author > essentially open-sourced the software that powers his small > business, and I see nothing wrong with him profiting from it. > > - It is part of the original description of the author. Me explicitly > going against their wishes and removing that harmless sentence could > be seen as offensive and antagonizing them. > > At worst, this is "irrelevant" as you put it, but it's just an extra > sentence. At best, it's somewhat helpful to users, and potentially > helpful to us maintaining a good relationship with our upstream and > them profiting a tiny bit from producing free software. I agree the sentence helps upstream get food on the table. I understand how someon in need of computing tools might go elsewhere than Debian for satisfying their needs. But I fail to recognize how any of above is helpful for *our* users - whom by definition use Debian! Package descriptions is not a billboard for advertisements. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#856139: certspotter: long description advertises commercial service
On Sat, Feb 25, 2017 at 03:53:13PM +0100, Jonas Smedegaard wrote: > Long description includes a paragraph starting with the following: > > > Cert Spotter is also available as a hosted service by SSLMate that > > requires zero setup [...] > > That paragraph is irrelevant for this package - please drop it. This is a tricky case indeed and I can see both sides of this. I lean towards keeping it though, for the following reasons: - It is somewhat relevant to the package: it's useful to know that one can instead use a hosted version of the software, which by the way is free for up to 5 domains, without going through the trouble of setting it up. - If one has more domains than that, they can either switch to certspotter, or they can pay for the commercial service, and in doing so, pay the bills for the author of this software. The author essentially open-sourced the software that powers his small business, and I see nothing wrong with him profiting from it. - It is part of the original description of the author. Me explicitly going against their wishes and removing that harmless sentence could be seen as offensive and antagonizing them. At worst, this is "irrelevant" as you put it, but it's just an extra sentence. At best, it's somewhat helpful to users, and potentially helpful to us maintaining a good relationship with our upstream and them profiting a tiny bit from producing free software. Regards, Faidon
Bug#856139: certspotter: long description advertises commercial service
Package: certspotter Version: 0.3-1 Severity: normal Long description includes a paragraph starting with the following: > Cert Spotter is also available as a hosted service by SSLMate that > requires zero setup [...] That paragraph is irrelevant for this package - please drop it. - Jonas