Bug#874295: Not a bug

2017-11-30 Thread Ben Finney 
Control: notfound -1 clementine/1.3.1+git276-g3485bbe43+dfsg-1

On 30-Nov-2017, Ben Finney wrote:
> Thomas Pierson  writes:
> > So unless someone point me a clear justification I will close this
> > bug as invalid for now.
> 
> I agree that, despite the problems remarked on of downloading and
> executing unpackaged code to execute on the user's computer, this is
> not a dependency for the program performing its normal function. So
> this does not appear to be a Policy §2.2.1 violation.

I'm recording the effects of this resolution on the metadata of this
report.

-- 
 \“If you continue running Windows, your system may become |
  `\unstable.” —Microsoft, Windows 95 bluescreen error message |
_o__)  |
Ben Finney 


signature.asc
Description: PGP signature

Bug#874295: Not a bug

2017-11-30 Thread Ben Finney 
Ian Jackson <ijack...@chiark.greenend.org.uk> writes:

> Ben Finney writes ("Re: Bug#874295: Not a bug"):
> > (Yes, I think a web browser should not download and execute
> > arbitrary JavaScript either. That one problem remains unaddressed is
> > not a justification for the same problem elsewhere.)
>
> This is obviously out of scope for the discussion of this bug.

Certainly. I was responding parenthetically to a point that, I agree
with you, was out of scope.

-- 
 \  “I would rather be exposed to the inconveniences attending too |
  `\  much liberty than those attending too small a degree of it.” |
_o__)—Thomas Jefferson, 1791-12-23 |
Ben Finney <bign...@debian.org>

Bug#874295: Not a bug

2017-11-30 Thread Thomas Pierson 
Hi Ben,

Le 30 novembre 2017 07:47:41 GMT+01:00, Ben Finney  a écrit 
:
>That is still a problem, IMO. It would be best if the program did not
>do
>that, and instead prompted the user to install the non-free package
>providing that plug-in.

Actually the program prompt a dialog asking the user if he want to install the 
extra plugin.
But yes maybe it should be more explicit about the non-free nature of the 
plugin. I will open a new bug about that.

Regards,
Thomas

Bug#874295: Not a bug

2017-11-30 Thread Ian Jackson 
Ben Finney writes ("Re: Bug#874295: Not a bug"):
> Thomas Pierson <cont...@thomaspierson.fr> writes:
> > It's only if a user want to connect to a particular external service
> > that a plugin file is downloaded and used.
> 
> That is still a problem, IMO. It would be best if the program did not do
> that, and instead prompted the user to install the non-free package
> providing that plug-in.

I agree with Ben that it would be better if the program used a
non-free package from Debian instead.  Maybe we could clone this bug
into a wishlist bug for that.

> (Yes, I think a web browser should not download and execute arbitrary
> JavaScript either. That one problem remains unaddressed is not a
> justification for the same problem elsewhere.)

This is obviously out of scope for the discussion of this bug.

If you want to change Debian's stance about this, you will need to
agitate with ftpmaster, on -project, or -devel, or pass a GR, or
something.

Ian.

Bug#874295: Not a bug

2017-11-29 Thread Ben Finney 
Thomas Pierson  writes:

> Clementine does not require or depend on a external software to run
> properly. So for me the policy 2.2.1 is respected.

I agree that, as described, Clementine's normal function as a
general-purpose music player is available without any non-free music
services. So this does not infringe Policy §2.2.1.

> It's only if a user want to connect to a particular external service
> that a plugin file is downloaded and used.

That is still a problem, IMO. It would be best if the program did not do
that, and instead prompted the user to install the non-free package
providing that plug-in.

> But it's the same case for many software like web browser which
> download and run proprietary javascripts without any warning.

(Yes, I think a web browser should not download and execute arbitrary
JavaScript either. That one problem remains unaddressed is not a
justification for the same problem elsewhere.)

> So unless someone point me a clear justification I will close this bug
> as invalid for now.

I agree that, despite the problems remarked on of downloading and
executing unpackaged code to execute on the user's computer, this is not
a dependency for the program performing its normal function. So this
does not appear to be a Policy §2.2.1 violation.

-- 
 \  “If we could change ourselves, the tendencies in the world |
  `\  would also change.” —Mohandas K. Gandhi, _Collected Works_, 1913 |
_o__)  |
Ben Finney