[pkg-go] Bug#856139: Bug#856139: certspotter: long description advertises commercial service

2017-08-07 Thread Dr. Bas Wijnen 
On Sun, Aug 06, 2017 at 02:15:17PM +0200, Vincent Bernat wrote:
>  ❦  4 août 2017 20:03 +0200, Jonas Smedegaard  :
> > No, at worst this is misuse of Debian ressources for commercial gain - 
> > i.e. using long description field for advertising a non-free service.
> 
> We have all kind of software advertising non-free services. Search for
> "Google" or "Amazon". The comparison is even unfair as the service
> advertised here is available as free software (not the case for most
> services from Amazon and Google we advertise).

If other packages are worse, that means they should be fixed, not that this
should be allowed.

> Example: [s3cmd]

How is this not in contrib?  This software is useless without the non-free
service (which is also software, and it is not in main) from Amazon.  Policy
even mentions as an example for things in contrib: wrapper packages or other
sorts of free accessories for non-free programs.  That's exactly what this is.

I didn't know that this was in main, and I expect most others to not know
either.  But I don't think they should be.  I wouldn't expect this to be
controversial, but it seems that it is, given that you suggest they obviously
belong in main?

To be clear: the sort of software (of this type) I expect in main is like
mumble: it connects to a server, and you can connect to a commercially hosted
server if you want to, but you can also run your own server, because it's free
software.  If the mumble server would not be free, and the only way to use the
client was to connect to a commercial server, mumble should not be in main.

As I wrote, I expected there to be consensus on this.  Am I incorrect about
that?

Thanks,
Bas


signature.asc
Description: PGP signature
___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers

[pkg-go] Bug#856139: certspotter: long description advertises commercial service

2017-08-06 Thread Dr. Bas Wijnen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Aug 05, 2017 at 09:38:45AM -0400, Paul Wise wrote:
> > No, at worst this is misuse of Debian resources for commercial gain -
> > i.e. using long description field for advertising a non-free service.
> 
> I got the impression that Faidon is not involved with SSLMate so this
> and the relevant DMUP clause does not seem to apply in this case.

While perhaps not strictly against the letter of any of our rules, that doesn't
make it any less an advertisement for a non-free service and that certainly is
against the spirit.  Similarly to not adding a Recommends: from a package in
main to one in non-free, we should not recommend non-free services either IMO.
I don't think that is controversial?

I would make an exception for source files from upstream.  If they want to
advertise a non-free service, they can do that.  For Debian, IMO we should
remove such advertisements as part of packaging the software.  That means it
should not be in the binary package at all.

> In this case, the advertisement is also present on the upstream github
> page, via the README, which is also in the Debian package, so removing
> it from the Debian package description will not remove the
> advertisement entirely. Personally I'd prefer to not have it present
> in any of the locations, but leaving it in the README in Debian and
> upstream seems like a reasonable compromise.

Agreed; I would remove it from the program itself or its upstream-written
manpage if it would have been there (and of course it should definitely not be
in a manpage created by a maintainer), and while removing it from the source
(or its documentation) would be nice, I think it's acceptable to leave it
there.

Then again, it's similar to having non-free software in a release tarball, and
we do repackage the source for that.  So perhaps that would be the preferred
way to handle it.

Thanks,
Bas
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJZhr4gAAoJEJzRfVgHwHE6jTwQAJGgJL0vKRlcGj70YhjoDDrR
/pQiDALVRq0wiQqx+9MNy0px2OeA89TgTtfvm6fh+ibSI+9cC/+FO8GruqGPrxjK
NKgyUVUvVNqvSupIzEpbnLQE1QVzi31dvYVzir+lLjJB8sN4oUbNOtTjUWlO4rhT
XH8ixzLADqT3VWC30TPUoE8UJ+Nf82eHF67h/4sEwrZWMZgfVfqPR3qTAF0AZsnS
ezOtkHl8a3E/QlxOGeMZJ/g2zLVlcRnXU7svEAWdhuSZUT7D9t9I3m5KGwwE1ZLj
Kzmlly59DdhyWkqsvWdpifo97avQXlIna4MJeGZW9U8JRdw0V0taWxv1oZ1auprA
Cm3hWi/X8DTtvUwOVqEW4aarvvC26dk1uyIz7Z+qHqKF5amir7HxfG81cGNiryyz
bBjp6MJAYnnfUeYnn1ZM4qlnJFPNqYSUgoZ/S0uLtOwZGTjaBQsqwewPWKr5pON9
hlG+at1u6wcxTfYJ3guzhB04bp4cISL5Ze3WZwXH3nmTPJi5Rnd7dXaQvkwdzziJ
DVcGjZqb3G1LQKABpWmwCxGEXiEgfjki/DmlSDaonX0SUN1lvtfsQ9COcp7kczU1
gb+jcJCR3uerLHvNnmKT8RowQe7j4AHpFGDJuPKid1B+fdYqpNO8/yqE7kScpI97
82ed9JaRCIbFYfXoL+YT
=YnvG
-END PGP SIGNATURE-

___
Pkg-go-maintainers mailing list
Pkg-go-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers